Privacy Policy

NexForge Services LLP (“we”, “us”, or “our”) operates the website https://indbase.cloud(the “Site”) and provides managed database workloads, authentication APIs, object storage buckets, and AI agent runtimes (the “Service”). This Privacy Policy describes our practices regarding the processing, custody, and collection of personal information under national and international data protection frameworks, including the Digital Personal Data Protection (DPDP) Act of 2023 (India), the General Data Protection Regulation (GDPR) (Europe), and the Health Insurance Portability and Accountability Act (HIPAA) (United States).

1. Personal Information We Collect

We collect information necessary to provide and secure our Services, compile analytics, and verify waitlists:

• Account and Registration Info: Names, company affiliations, usernames, passwords, and email addresses.
• Billing Information: Account numbers, tax identifiers (GST/VAT), billing addresses, and payment transaction metadata. Actual credit card processing is handled securely by our payment gateways (Stripe/Razorpay).
• Developer Metadata & Logs: API request headers, telemetry logs, console commands, database configuration settings, and network access pings.

2. Regional Data Residency & Sovereignty

As a core tenet of our sovereign database design, we do not force data migration across borders.

• User Choice: You determine the destination region for your Postgres clusters, file directories, and auth tokens. You can choose to deploy in India (Mumbai/Bangalore), the European Union (Frankfurt/Ireland), or the United States (Oregon/Virginia).
• Local Data Boundary: Once configured, user database records remain isolated inside the selected regional boundaries. We do not transfer database contents without your explicit configuration or API directives.

3. Compliance under India's DPDP Act 2023

For users and businesses processing data within the Republic of India:

• Consent Basis: We collect and process data strictly upon receiving explicit, clear, and revocable consent.
• Right to Erase: You have the right to request deletion of all personal identifiers associated with your account.
• Data Principal Rights: You possess the right to nominate other individuals, access processed records, and seek grievance redressal by contacting us at hello@indbase.cloud.

4. European Union Rights (GDPR)

For residents of the European Economic Area (EEA), we process personal data under lawful bases (Contractual performance, Legitimate interests, and Legal compliance). Your rights include:

• Right to Restrict Processing: Request a pause on data processing.
• Data Portability: Obtain your data in structured, machine-readable formats.
• Right to File a Complaint: Appeal directly to your local European Supervisory Authority.

5. Health Insurance Portability and Accountability Act (HIPAA)

For enterprise clients hosting Protected Health Information (PHI) under United States regulation:

• VPC Isolation: PHI must be hosted inside isolated Bring Your Own Cloud (BYOC) virtual private clouds.
• BAA Agreements: We sign standard Business Associate Agreements (BAAs) defining operational liabilities.
• Encryption: Data is encrypted end-to-end (AES-256 at rest, TLS 1.3 in transit) with strict auditing.

6. Third-Party Subprocessors

We share essential metadata with trusted subprocessors for specific operational services:

• Cloud Infrastructure: AWS (Asia-South1, US-East1, EU-West1) and Google Cloud.
• Billing Gateways: Stripe and Razorpay (secure billing tokens).
• Transactional Email: Zoho Mail API.

7. Security Measures & Contact

We implement industry-standard technical measures (strict database port isolation, secure VPC gateways, and firewalls) to protect customer data. For questions regarding this policy or to submit a data erasure request, please contact our Data Protection Officer at hello@indbase.cloud.