Compliance

Last updated: 28 February 2026

Adaptmate is committed to operating in full compliance with all applicable laws, regulations, and industry standards across every jurisdiction we serve. This page provides a comprehensive overview of the regulatory frameworks we adhere to and the certifications we pursue.

1. Indian Regulatory Compliance

Digital Personal Data Protection Act (DPDPA), 2023

  • Registered as a Data Fiduciary with the Data Protection Board of India
  • Lawful purpose limitation for all data processing
  • Consent-based processing with clear notice to data principals
  • Data Principal rights (access, correction, erasure, grievance redressal) fully implemented
  • Cross-border data transfer restricted to permitted jurisdictions
  • Children's data processed only with verifiable parental consent through institutions

Information Technology Act, 2000

  • Compliance with Section 43A (data protection for sensitive personal data)
  • Compliance with SPDI Rules, 2011 (Reasonable Security Practices and Procedures)
  • Designated Grievance Officer as required under IT (Intermediary Guidelines) Rules

Protection of Children from Sexual Offences (POCSO) Act, 2012

  • Zero tolerance for any content or conduct harmful to children
  • Mandatory reporting protocols for any identified risk
  • Regular training for all employees on child safety obligations

Right to Education (RTE) Act, 2009

  • Platform design supports inclusive education principles
  • Analytics features help schools identify and support struggling learners
  • No discriminatory profiling or labelling of students

Consumer Protection Act, 2019

  • Transparent pricing and service descriptions
  • Fair dispute resolution mechanisms
  • No unfair trade practices or misleading claims

Indian Contract Act, 1872

  • All agreements executed with valid consideration and lawful purpose
  • Clear Terms of Service governing platform usage

2. International Regulatory Compliance

General Data Protection Regulation (GDPR) — EU/EEA

  • Lawful basis established for all processing activities
  • Data Protection Impact Assessments (DPIAs) conducted for high-risk processing
  • Data subject rights (access, rectification, erasure, portability, restriction) fully supported
  • Standard Contractual Clauses (SCCs) for cross-border transfers
  • Records of Processing Activities (ROPA) maintained

Children's Online Privacy Protection Act (COPPA) — United States

  • No direct collection of data from children under 13
  • Verifiable parental consent obtained through school institutions
  • No behavioural advertising or data monetisation involving children

California Consumer Privacy Act (CCPA) — California, US

  • Right to know, delete, and opt-out fully supported
  • We do not sell personal information
  • Non-discrimination for exercising privacy rights

3. Industry Standards & Certifications

StandardStatusDescription
ISO 27001In ProgressInformation Security Management System
SOC 2 Type IIIn ProgressSecurity, Availability, Confidentiality
NEP 2020 AlignmentActiveCurriculum mapped to National Education Policy competency framework
OWASP Top 10ActiveSecurity vulnerabilities addressed in all releases

4. Data Processing & Sub-Processor Governance

  • All sub-processors are contractually bound to equivalent security and privacy standards
  • Sub-processor list is available upon request to institutional clients
  • Changes to sub-processors are communicated to clients with 30 days' notice
  • Regular audits of sub-processor compliance

5. Audit & Accountability

  • Annual internal compliance audits across all policy areas
  • External penetration testing and security audits conducted annually
  • Compliance dashboard available to institutional administrators showing data handling practices
  • Whistleblower mechanism for reporting compliance concerns

6. Training & Awareness

  • All employees complete mandatory data protection training upon joining
  • Annual refresher training on privacy, security, and child safety
  • Role-specific training for engineering, product, and support teams
  • Simulated phishing exercises conducted quarterly

7. Regulatory Relationships

Adaptmate maintains open channels with:

  • Data Protection Board of India (DPDPA compliance)
  • Ministry of Electronics and Information Technology (MeitY)
  • National Commission for Protection of Child Rights (NCPCR)
  • Relevant EU Data Protection Authorities (where applicable)

8. Contact for Compliance Inquiries

For compliance-related questions, audit requests, or regulatory inquiries:

  • Compliance Officer: compliance@adaptmate.com
  • Data Protection Officer: dpo@adaptmate.com
  • Legal Team: legal@adaptmate.com
  • Registered Office: Hyggex Digital Services Pvt Ltd, India

© 2026 Adaptmate by Hyggex Digital Services Pvt Ltd. All rights reserved.