Free Refund Policy Generator for Next.js Application — DPDPA Compliant

🇮🇳 Key DPDPA Requirements

India's Digital Personal Data Protection Act (DPDPA) 2023 is India's first comprehensive data protection law. It applies to processing of digital personal data within India and to processing outside India if it involves offering goods or services to individuals in India. Significant Data Fiduciaries face enhanced obligations, and the Data Protection Board can impose fines up to ₹250 crore.

• Obtain free, specific, informed, and unconditional consent before processing personal data
• Provide a clear and plain-language privacy notice before collecting data
• Process personal data only for specified lawful purposes
• Implement security safeguards and notify the Data Protection Board of breaches
• Honor data principal rights: access, correction, erasure, and grievance redressal
• Significant Data Fiduciaries must appoint a Data Protection Officer and conduct audits
• Parental consent required for processing data of children under 18

Next.js Application — Specific Considerations

Next.js applications combine server-side rendering with client-side React, meaning data collection happens on both the server (IP addresses, request logs) and the client (analytics, cookies). Next.js apps deployed on Vercel automatically collect performance and analytics data through Vercel's infrastructure. The hybrid nature of Next.js requires disclosing both server-side and client-side data collection practices.

Data typically collected by Next.js Application businesses: server-side request logs and IP addresses, Vercel analytics data, client-side analytics events, authentication data, API route request data, cookie and session data

• Vercel infrastructure data processing disclosure
• Server-side and client-side data collection distinction
• Next.js middleware data processing
• Edge function data handling
• API routes as data collection points