Free Refund Policy Generator for WordPress Site — DPDPA Compliant

🇮🇳 Key DPDPA Requirements

India's Digital Personal Data Protection Act (DPDPA) 2023 is India's first comprehensive data protection law. It applies to processing of digital personal data within India and to processing outside India if it involves offering goods or services to individuals in India. Significant Data Fiduciaries face enhanced obligations, and the Data Protection Board can impose fines up to ₹250 crore.

• Obtain free, specific, informed, and unconditional consent before processing personal data
• Provide a clear and plain-language privacy notice before collecting data
• Process personal data only for specified lawful purposes
• Implement security safeguards and notify the Data Protection Board of breaches
• Honor data principal rights: access, correction, erasure, and grievance redressal
• Significant Data Fiduciaries must appoint a Data Protection Officer and conduct audits
• Parental consent required for processing data of children under 18

WordPress Site — Specific Considerations

WordPress sites collect data through comments, contact forms, analytics plugins, and e-commerce plugins like WooCommerce. WordPress itself stores commenter IP addresses by default. The vast plugin ecosystem means data collection can vary dramatically — each plugin may set cookies, collect user data, or send data to third-party services. Your privacy policy must reflect the actual plugins installed on your site.

Data typically collected by WordPress Site businesses: commenter name, email and IP address, contact form submissions, analytics data, WooCommerce customer and order data, login account data, plugin-specific collected data

• WordPress comment system IP address collection
• Contact form plugin data retention (WPForms, Contact Form 7)
• WooCommerce customer and order data
• Analytics plugin disclosure (MonsterInsights, Site Kit)
• Caching and CDN data processing disclosure