Privacy Policy

Our Commitment

Odelya Management Pvt. Ltd. ("Odelya", "we", "our", "us") respects your privacy and is committed to protecting your personal and confidential data. We implement industry-leading security measures to ensure your information remains private and secure at all times. Our privacy-first approach means we design our services with your privacy as the foundational principle.

This Privacy Policy applies to all services offered by Odelya, including our Cloud Digital Locker, secure storage solutions, and any related services. By using our services, you agree to the collection and use of information in accordance with this policy. We periodically review and update this policy to reflect changes in our services and legal requirements.

Our commitment extends beyond legal compliance—we aim to set the standard for privacy and data protection in the cloud storage industry. We believe that true privacy means you control your data completely.

Information We Collect & Our Zero-Knowledge Approach

We adhere to a strict minimal data collection policy and implement true zero-knowledge architecture. Your privacy is not an afterthought—it's built into our foundation from the ground up.

What We Collect:

• Account Profile: Name, email, and contact information for account management and communication
• Authentication Data: Encrypted login credentials and security tokens to protect your account
• Service Metadata: Account status, subscription type, storage usage, and service settings
• Encrypted Indicators: Only encrypted file identifiers (not contents) for storage management and organization
• Payment Information: Processed securely through PCI-compliant payment gateways (we never store full payment details)
• Communication Data: Correspondence with our support team to improve service quality and resolve issues

What We Never Access:

Data Retention & Deletion Policy

When you delete files from your Odelya Digital Locker, they are immediately removed from your accessible storage. The encrypted data remnants are permanently erased from our servers within 24 hrs through secure deletion protocols that meet NIST 800-88 standards for media sanitization.

We implement cryptographic erasure techniques that make data recovery impossible. Once deleted, your data cannot be recovered by anyone—including Odelya staff. This ensures true data deletion, not just "soft deletion" or archiving.

How We Use Your Information

Your information is used exclusively to enhance and provide our services with the highest standards of privacy and security. We never use your data for purposes unrelated to delivering and improving our services.

• Service Delivery: To deliver secure cloud storage and digital locker services with maximum reliability and performance
• Payment Processing: To process payments and manage your service subscription through secure, PCI-compliant channels
• Communication: To communicate important service updates, security notices, and maintenance schedules
• Legal Compliance: To comply with legal obligations and regulatory requirements while protecting your privacy
• Service Improvement: To improve our services and develop new security features based on aggregated, anonymized usage patterns
• Customer Support: To provide customer support and respond to your inquiries with personalized, helpful assistance
• Security Protection: To detect and prevent fraud, abuse, and security incidents through automated monitoring systems

We never use your personal data for advertising purposes or sell it to third-party advertisers. Any analytics we perform are done on aggregated, anonymized data that cannot be traced back to individual users. Our business model is simple: you pay for a premium service, and we provide it without compromising your privacy.

Data Security

All data stored with Odelya is protected using military-grade, end-to-end encryption. This means your files are encrypted before they leave your device and remain encrypted until accessed by you with your unique decryption key. Our security architecture is designed so that we never have access to your unencrypted data.

We employ multiple layers of security that work together to protect your information:

• 256-bit AES Encryption: Military-grade encryption for data at rest, using the same standard adopted by governments worldwide
• TLS 1.3 Encryption: State-of-the-art encryption for data in transit, protecting your data as it moves between devices and our servers
• Zero-Knowledge Architecture: Fundamental design principle that ensures we cannot access your files, even if we wanted to
• Regular Security Audits: Independent third-party security audits and penetration testing conducted annually
• Multi-Factor Authentication: Optional but recommended additional security layer for account access
• Secure Key Derivation: Using PBKDF2 with high iteration counts to protect against brute-force attacks
• Geographically Distributed Data Centers: Enterprise-grade facilities with physical security, redundancy, and environmental controls
• Continuous Monitoring: 24/7 security monitoring for suspicious activities and potential threats

Our security team continuously monitors for vulnerabilities and implements patches promptly. We undergo independent security audits annually to verify our security claims and maintain compliance with industry best practices. Security is not a feature—it's our foundation.

Third-Party Sharing

We do not sell, rent, or trade your personal data to third parties. Your privacy is our priority and we maintain strict control over your information. We believe your data should remain yours, not become a commodity.

Data may be shared only in the following specific, limited circumstances:

• Legal Requirements: When required by law or legal process, and only to the extent specifically required
• Essential Service Providers: With carefully vetted service providers who assist in delivering our services, under strict confidentiality agreements that match or exceed our privacy standards
• Safety & Security: To protect the rights, property, or safety of Odelya, our users, or the public from imminent harm
• With Your Consent: With your explicit, informed consent for specific, limited purposes that you authorize

Our service providers (such as payment processors, infrastructure providers, and support tools) are carefully vetted and bound by contractual obligations to protect your data. They are only provided with the minimum information necessary to perform their specific functions, and they are prohibited from using your information for any other purpose.

International Data Transfers & Compliance

Odelya operates primarily from data centers located within India, ensuring that your data remains subject to Indian privacy laws including the Digital Personal Data Protection Act (DPDPA), 2023. We maintain the highest standards of data protection regardless of where you access our services from.

Cross-Border Data Protection:

• Primary Storage: All user data is stored within Indian borders in secure, certified data centers
• Backup Locations: Encrypted backups may be stored in secure locations with adequate data protection laws equivalent to or stronger than Indian standards
• EU Users: We comply with GDPR requirements for European users, including data subject rights and lawful transfer mechanisms
• Data Processing Agreements: We maintain DPAs with all international service providers that include strict data protection obligations
• Transfer Mechanisms: We use approved data transfer mechanisms (such as Standard Contractual Clauses) when cross-border transfers occur
• Jurisdictional Protections: We assess the legal environment of any country where data might be processed to ensure adequate protections

Regardless of where your data is processed, it remains encrypted with your keys. We ensure that all data transfers comply with applicable data protection laws and maintain the same level of protection described in this policy. The encryption ensures that even if data crosses borders, it remains inaccessible without your decryption key.

Your Rights

You have comprehensive control over your personal data. Under applicable privacy laws, you have the right to:

• Access Right: Access the personal information we hold about you in a clear, readable format
• Correction Right: Request correction of inaccurate or incomplete information to ensure data accuracy
• Deletion Right: Request deletion of your personal data (subject to legal obligations and our zero-knowledge architecture limitations)
• Objection Right: Object to or restrict certain processing of your information for specific purposes
• Portability Right: Receive your data in a portable, structured format that you can transfer to another service
• Consent Withdrawal: Withdraw consent for data processing where applicable, without affecting prior lawful processing
• Complaint Right: Lodge a complaint with relevant data protection authorities if you believe your rights have been violated

To exercise any of these rights, please contact us at care.ompl@gmail.com. We will respond to your request within 30 days. For security purposes, we may need to verify your identity before processing certain requests to prevent unauthorized access to your account.