Back to NightPrime
DPDP Act 2023 • Data Fiduciary Disclosure

Your data. Our promise.

Full disclosure of how NightPrime processes your personal data under the Digital Personal Data Protection Act, 2023 and, where applicable, the GDPR.

Last updated: 9 July 2026

Data Fiduciary

Bej Digital Private Limited (operating NightPrime) is the Data Fiduciary under §2(i) of the DPDP Act 2023. We determine the purpose and means of processing your personal data. If you are in the European Economic Area, we act as a Data Controller under GDPR Article 4(7).

Data Protection Officer

Name

Mr. Kabir Malhotra

Data Protection Officer, Bej Digital Pvt Ltd

Contact

📧 dpo@nightprime.in

📞 +91 94777 10256

The DPO is responsible for data protection queries, DPDP Act complaints, and coordination with the Data Protection Board of India.

What we collect (and why)

CategoryPurposeLegal BasisRetention
Email, nameAccount creation, service deliveryContractLife of account + 30 days
Watch historyContinue Watching, recommendationsConsent24 months
Playback preferencesLanguage, subtitles, qualityConsentLife of account
Payment metadataSubscription billing (via processor)Contract / Legal obligation7 years (tax)
Cookies, IP, deviceSecurity, fraud preventionLegitimate interest90 days
Analytics (anon.)Improve productConsent14 months
Age confirmationRated content accessLegal obligationLife of account
Marketing consentNewsletter, offersConsentUntil withdrawn

Your rights under DPDP Act §11–14

Right to information

Ask what we hold on you and why we process it.

Right to access & portability

Download a copy of your data in machine-readable form.

Right to correction

Correct inaccurate or outdated personal data.

Right to erasure

Delete your account and associated data.

Right to withdraw consent

Withdraw consent for optional processing at any time.

Right to nominate

Nominate another individual to exercise your rights.

To exercise a right, email dpo@nightprime.in or visit /profilePrivacy for self-service export & deletion. We respond within 30 days as mandated by the DPDP Act.

International Data Transfers

Your data is primarily stored within India. Where necessary for service delivery (e.g., email via Resend, CDN via Cloudflare), data may be transferred to jurisdictions notified by the Central Government under DPDP Act §16. All transfers are protected by Standard Contractual Clauses (GDPR) or equivalent contractual safeguards.

Security Measures

  • • TLS 1.3 encryption for all data in transit
  • • AES-256 encryption for sensitive fields at rest
  • • Role-based access control (RBAC) for internal systems
  • • Regular security audits and vulnerability scans
  • • 24-hour breach notification to affected users and Data Protection Board

Data Grievance

If you have a data-protection concern, contact our Data Protection Officer first. If unresolved within 30 days, you may complain to the Data Protection Board of India: