Data Breach Response Policy
1. Purpose
This policy outlines LinkrCap's procedures in the event of a personal data breach, in compliance with the DPDP Act 2023 and IT Act 2000.
2. Definition of Data Breach
A data breach means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data processed by LinkrCap.
3. Response Timeline
- 0–24 hours: Identify and contain the breach. Initiate internal investigation.
- 24–48 hours: Assess scope, nature of data affected, and number of users impacted.
- 48–72 hours: Notify the Data Protection Board of India (as required by DPDP Act 2023) and notify affected users.
- 72 hours+: Continue investigation, implement remediation, document learnings.
4. User Notification
Where a breach is likely to result in a risk to users' rights or interests, we will notify affected users within 72 hours via:
- Email to registered email address
- In-platform notification on next login
- Public disclosure where a significant number of users are affected
Notification will include: nature of breach, data affected, actions taken, recommended user actions, and contact for queries.
5. User Obligations After Breach Notice
- Change your LinkrCap password immediately
- Change your password on other services if you used the same password
- Monitor your accounts for suspicious activity
- Contact us at legal@linkrcap.com with any concerns