Sammati

Legal

Terms of Service

Last updated: 1 July 2026

DRAFT — for review. This is a starting template. Finalise with your legal counsel before publishing. Sammati supports your DPDPA obligations; it does not guarantee compliance.

1. Acceptance

By accessing or using the Sammati platform (“Service”), you agree to these Terms. If you are using the Service on behalf of an organisation, you confirm that you have authority to bind it. If you do not agree, do not use the Service.

2. Description of service

Sammati provides a DPDPA-aligned consent management platform, including a cryptographically verifiable, hash-chained consent ledger, data subject request (DSR) workflows, and an embeddable consent SDK. The Service supports your obligations as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (“DPDPA”).

Use of the Service does not guarantee legal compliance. You remain responsible for your own compliance posture, including appropriate notice, purpose limitation, and grievance mechanisms.

3. Your responsibilities

  • Maintain accurate account information and safeguard your credentials
  • Ensure any personal data you process through the Service has a valid lawful basis under DPDPA
  • Not use the Service for unlawful purposes, or to process sensitive categories of data without appropriate safeguards
  • Promptly notify us of any security breach or unauthorised access

4. Data ownership

You retain ownership of all personal data and consent records you store in the Service. We process this data only as your data processor, under our Data Processing Addendum (“DPA”). The consent ledger is append-only and tamper-evident by design; erasure is performed by cryptographic shredding of the encryption key, consistent with DPDPA’s right to erasure.

5. Intellectual property

The Service, its technology, and content (excluding your data) are the property of Sammati and are protected by intellectual property laws. You receive a limited, non-exclusive licence to use the Service in accordance with these Terms.

6. Limitation of liability

To the fullest extent permitted by law, Sammati’s aggregate liability for claims arising under these Terms is limited to the fees paid by you in the preceding 12 months. We are not liable for indirect, incidental, or consequential losses.

7. Termination

Either party may terminate on 30 days’ notice. We may suspend or terminate immediately for material breach, including unlawful use. On termination, we will provide an export of your data for 30 days before deletion.

8. Governing law

These Terms are governed by the laws of India. Disputes shall be subject to the exclusive jurisdiction of the courts of [City, India]. [Placeholder — update before publishing.]

9. Contact

For questions about these Terms, email dpdpa.sammati@gmail.com.