Data Localization

• Primary data centre: India.
• Backup location: India.
• Application servers: India.
• We do not store user data on servers outside India by default.
• Encryption: AES-256 at rest; TLS in transit.

• Digital Personal Data Protection Act (DPDP), 2023.
• RBI guidelines on data localization for payments.
• IT Act, 2000 and IT Rules, 2021.
• Consumer Protection (E-Commerce) Rules, 2020.
• Sector-specific regulator guidance where applicable.

• We do not transfer personal data outside India without your consent.
• Some third-party processors (e.g. analytics providers) may process anonymized telemetry abroad. Personally identifiable health information is not part of this.
• Standard contractual clauses apply for any limited transfer.
• EU users: GDPR-equivalent protections apply.

• Payment data is processed by Razorpay under RBI data-localization guidelines.
• Card numbers are never stored on Lowpill servers.
• PCI-DSS compliance is maintained via Razorpay.
• Refunds use the same data path.

To know where specific data about you is stored, email help@lowpill.com. We respond within 7 days.

• We may receive legal requests (court orders, government notices).
• We respond only to valid court orders or lawful demands.
• We will notify you of any such request unless legally prohibited.
• We provide the minimum necessary data.
• We challenge unlawful or overbroad requests.
• Our process is transparent and documented.

Contact for legal inquiries: help@lowpill.com (subject: “Legal inquiry”).