Legal
How GlobeMeet aligns with India's data-protection law
Because GlobeMeet runs entirely on your servers, you are the Data Fiduciary under the DPDP Act 2023. We provide the contractual and technical scaffolding to back that up.
You are the Data Fiduciary โ you decide why and how to process customer data. Singh Software is a Data Processor only when you use our managed cloud; for self-hosted deployments, we don't process your customers' data at all. The DPA we provide spells out this division precisely.
All customer data โ audio, video, recordings, transcripts, chat logs, queue metadata โ stays within your infrastructure (or our Mumbai region for managed cloud). Verified by your security team during deployment. We cannot access it.
GlobeMeet's widget supports the DPDP-compliant consent flow: notice in plain language, explicit opt-in, granular purpose enumeration, and easy withdrawal. Default presets meet DPDP requirements; you can customise per-tenant.
DPDP gives Data Principals (individuals) rights to access, correct, and erase their data. GlobeMeet ships with admin workflows and APIs to fulfil these requests within the 30-day statutory window.
Under DPDP, you must notify the Data Protection Board within a prescribed window for material breaches. We provide a runbook covering detection, containment, notification triggers, and template communications.
Specific consent requirements apply for processing children's personal data. The widget supports an age-gating pre-call form for use cases that involve minors (ed-tech, certain healthcare).
We are not. GlobeMeet (the platform) doesn't process Indian Data Principals' personal data on Singh Software's infrastructure for self-hosted customers. For managed-cloud customers, processing volume is below the threshold; if your deployment grows beyond it, the relevant flag in our DPA triggers SDF-grade controls.
Yes. Many customers' legal teams want the DPA reviewed first. Email legal@globemeet.in for the latest pre-signed DPA template.