Trace
Contact Us

Data Processing Agreement

Between you and Logam Digital Pvt. Ltd.

This DPA governs how Logam Digital Pvt. Ltd. processes personal data on your behalf as part of the Trace CRM service. It forms part of your subscription agreement and is required under DPDP Act 2023 Section 8(2).

Last updated: 9 June 2026 · Law: DPDP Act 2023 Section 8(2) · IT Act 2000 Section 43A

Parties & Definitions

This DPA is entered into between you, the customer (Data Fiduciary), and Logam Digital Pvt. Ltd. (Data Processor), and forms part of your subscription to Trace CRM.

DPDP Act Section 8(2): A Data Fiduciary may engage a Data Processor “only under a valid contract.” This DPA is that contract. Without it, your use of Trace CRM to process your customers' lead data would not have a valid legal basis under Indian law.

Scope of Processing

  • Logam Digital Pvt. Ltd. processes personal data only to provide the Trace CRM service — for no other purpose.
  • Processing is carried out only on documented instructions from you, the Data Fiduciary.
  • We will not use your customer lead data for our own marketing, advertising, or any purpose unrelated to operating your Trace CRM account.
  • Sending data to Meta via CAPI is done only as instructed and configured by you through your Trace CRM settings.

We will notify you 30 days in advance before engaging any new sub-processor.

Security Obligations

  • Encryption at rest: AES-256 on all stored lead data
  • Encryption in transit: TLS 1.2+ (HTTPS) on all data transfers
  • Meta data hashing: SHA-256 hashing before CAPI transmission — raw personal data is never sent to Meta
  • Access controls: Only authorised Trace staff with operational need can access customer data
  • Session security: JWT-based authentication with 24-hour token expiry

Breach Notification

Under the DPDP Act 2023, in the event of a personal data breach, we will:

  • Notify you within 72 hours of becoming aware of a breach
  • Notification includes: nature of breach, records affected, likely consequences, steps being taken
  • Also notify the Data Protection Board of India as required under DPDP Act
  • Provide full cooperation with any investigation

Data Principal Rights Support

  • We provide tools and information to help you respond to access, correction, and erasure requests from your leads
  • We respond to your support requests within 30 days
  • You must respond to Data Principal rights requests within the timelines required under the DPDP Act 2023

Data Deletion on Termination

  • Delete all customer lead data within 30 days of contract end
  • Customer can request a full data export before deletion (fulfilled within 7 business days)
  • Written confirmation of deletion provided within 14 days on request
  • Once deleted, data cannot be recovered

Governing Law

  • Governed by the laws of India
  • Jurisdiction: courts of Surat, Gujarat, India
  • Dispute resolution: Arbitration under Arbitration and Conciliation Act, 1996, seat in Surat

Questions about this DPA?

Email us at info@logamdigital.com

Logam Digital Pvt. Ltd.

Data Processor under the DPDP Act, 2023

Anand Heights S/1, Juna Rasta, Opp. Bhathiji Mandir, Anand, Gujarat — India