Last Updated: July 3, 2026

Forem Innovations Private Limited processes your personal data in accordance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 (notified 13 November 2025), acting as a Data Fiduciary under Indian law.

1. Introduction

Forem Software ("we," "our," or "us"), a subsidiary of Forem Innovations Private Limited, is committed to protecting your privacy. In the language of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), we act as a Data Fiduciary and you, the individual whose personal data we process, are a Data Principal. This Privacy Policy, which serves as our notice under Section 5 of the DPDP Act, explains how we collect, use, disclose, and safeguard your personal data when you use our products and services.

This notice is provided separately from our Terms of Service and, on request, can be made available in English and in any of the 22 languages specified in the Eighth Schedule to the Constitution of India.

2. Information We Collect

We collect only the personal data that is necessary for the specified purposes described in this notice:

  • Personal Data: Name, email address, phone number, and other contact information you provide
  • Usage Data: Information about how you use our services, including device information, IP address, and browsing activity
  • Transaction Data: Payment information and purchase history (for applicable services)
  • Communication Data: Your correspondence with us, including support tickets and feedback

3. How We Use Your Information (Purposes of Processing)

In accordance with the DPDP Rules, we process your personal data only for the following specified and itemised purposes:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Comply with legal obligations and enforce our terms

4. Legal Basis and Consent

We process your personal data on the basis of your consent or for the certain legitimate uses permitted under Section 7 of the DPDP Act. Where we rely on consent, it is free, specific, informed, unconditional, and given through a clear affirmative action, and is limited to the personal data necessary for the stated purpose.

Withdrawing consent: You may withdraw your consent at any time, and doing so is as easy as giving it. You can withdraw consent, exercise your rights, or raise a grievance by writing to privacy@foremsoft.com or using our Contact Form. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Where you engage a registered Consent Manager, you may also manage, give, review, and withdraw your consent through that platform.

5. Information Sharing

We do not sell your personal information. We may share your personal data only in the following circumstances:

  • With your consent or at your direction
  • With Data Processors and service providers who process data on our behalf under binding contracts
  • To comply with legal obligations or a lawful request from an authorised authority
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets

6. Data Retention and Erasure

We retain your personal data only for as long as is necessary to fulfil the specified purpose, or as required to comply with applicable law. When the purpose is no longer being served and retention is not required by law, we will erase your personal data and require our Data Processors to do the same.

Where you request erasure or withdraw consent, we will act on your request within a reasonable period. In line with the DPDP Rules, where we are required to erase personal data after a defined period of inactivity, we will give you notice at least 48 hours before such erasure so that you may log in or otherwise contact us to retain your account and data.

7. Data Security

We implement reasonable technical and organisational security safeguards as required under the DPDP Act and Rules — including access controls, encryption or masking where appropriate, logging and monitoring, and measures to maintain the confidentiality, integrity, and availability of personal data — to protect your information against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.

8. Personal Data Breach Notification

In the event of a personal data breach, we will notify each affected Data Principal without undue delay, describing the nature of the breach, its likely consequences, the measures taken to mitigate it, and the steps you can take to protect yourself. We will also intimate the Data Protection Board of India and provide detailed information about the breach within 72 hours (or such longer period as the Board may permit), as required by the DPDP Rules.

9. Your Rights as a Data Principal

Under the DPDP Act, you have the following rights, which you may exercise by contacting us using the details in Section 13:

  • Right to Access: Obtain a summary of the personal data we process and the processing activities undertaken
  • Right to Correction and Updation: Request correction, completion, or updating of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data where it is no longer required
  • Right to Grievance Redressal: A readily available means of registering a grievance with us, which we will respond to within the prescribed period
  • Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity
  • Right to Withdraw Consent: Withdraw your consent at any time, as described in Section 4

If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India.

10. Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activities. You can control cookies through your browser settings. For more information, please refer to our Cookie Policy.

11. Children's and Persons with Disability Data

Our services are not intended for children under 18 years of age. Before processing the personal data of a child (any individual under 18) or of a person with a disability who has a lawful guardian, we will obtain verifiable consent from the parent or lawful guardian, as required by Section 9 of the DPDP Act and Rule 10 of the DPDP Rules. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children, and we will not process children's data in a manner likely to cause any detrimental effect on their well-being.

12. Regulatory Compliance

Forem Innovations Private Limited, the parent company of Forem Software, is committed to full compliance with:

  • Digital Personal Data Protection Act, 2023 - India's principal law governing the processing of digital personal data
  • Digital Personal Data Protection Rules, 2025 - notified on 13 November 2025, operationalising consent, notice, retention, security, breach reporting, and children's data obligations
  • Information Technology Act, 2000 and the rules made thereunder
  • IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Consumer Protection Act, 2019

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

14. Contact Us and Grievance Officer

If you have questions about this Privacy Policy, wish to exercise your rights, or want to raise a grievance, please contact us:

  • Email: privacy@foremsoft.com
  • Grievance Officer (as required under the DPDP Act & IT Rules): grievance@foremsoft.com
  • Support: Contact Form
  • Escalation: Data Protection Board of India, if your grievance remains unresolved