Privacy policy
Privacy Policy
Last updated: June 17, 2026
1. Introduction & Scope
Trijal Vitality (referred to as “we”, “our”, “us”, or “Company”) operates the website https://trijalvitality.com/, an informational blog covering health, fitness, and nutrition topics.
This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data when you visit our website. It applies to all visitors and users of the website. We are committed to protecting your privacy in full compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025.
Data Fiduciary: Trijal Vitality is the Data Fiduciary responsible for your personal data under the DPDP Act.
By using our website, you acknowledge the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website.
2. Personal Data We Collect
We collect only the minimum personal data necessary for the operation and security of our website. We do not collect names, email addresses, phone numbers, postal addresses, or any payment information through this website.
| Category | Data Collected | How Collected | Required or Optional |
|---|---|---|---|
| Server Log Data | IP address, browser type and version, operating system, referring URL, pages visited, date and time of access | Automatically collected by our web server on every visit | Required — collected automatically, cannot opt out while visiting |
| Essential Cookies | Cookie identifiers necessary for session management and basic website functionality | Set automatically by the website platform | Required — necessary for website operation; no consent required under Section 7 of DPDP Act |
| Affiliate Link Clicks | Click timestamp and referral URL (anonymized; no personal data stored by us) | Generated when you click an affiliate link; you are redirected to the merchant site | Optional — no personal data collected by us |
Sensitive Personal Data: We do not collect any sensitive personal data (such as health information, genetic data, biometric data, financial information, caste, or religious beliefs) through this website.
3. Purpose of Data Processing & Legal Basis
We process your personal data only for the following specified purposes, each with a corresponding legal basis under the DPDP Act:
| Purpose | Data Used | Legal Basis (DPDP Act) |
|---|---|---|
| Website operation, security, and troubleshooting | Server log data | Legitimate Use — Section 7(d): compliance with law (CERT-In directions); Section 7(a): necessary for the functioning of the website |
| Compliance with legal obligations (CERT-In directions, cyber security requirements) | Server log data | Legitimate Use — Section 7(d): compliance with applicable law |
| Analysis of anonymized/aggregated traffic patterns | Anonymized server log data | Legitimate Use — Section 7(a): purpose for which data is reasonably expected to be used |
| Affiliate commission tracking | No personal data processed by us | Not applicable — no personal data collected |
All processing purposes listed above are required for the operation of the website or compliance with law. We do not use your data for any optional or marketing purposes without separate consent.
4. Data Sharing & Third Parties
We share your personal data only in the limited circumstances described below. We do not sell, rent, or trade your personal data to any third party.
| Recipient | Data Shared | Purpose | Safeguards | Data Location |
|---|---|---|---|---|
| Website Hosting Provider | Server log data (IP address, browser info, timestamps) | Server infrastructure, security, and maintenance | Contractual data processing agreement (DPA) in place; access limited to authorized personnel | India |
| Affiliate Networks (Amazon Associates, ClickBank, DigiStore24, WarriorPlus, JVZoo) | None — referral is anonymous; no personal data shared by us | Affiliate commission tracking | Referral occurs via anonymized link; no data transfer | Not applicable |
| Government / Law Enforcement (CERT-In, etc.) | Server log data (if required by law) | Compliance with cybersecurity directions and legal obligations | Disclosure only as required by applicable law | India |
All third parties who process personal data on our behalf are contractually bound by Data Processing Agreements that require them to protect your data to the standards required by the DPDP Act.
5. Data Retention & Deletion
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data Type | Retention Period | Justification |
|---|---|---|
| Server log data | Minimum 1 year from the date of collection, as required by Rule 8 of the DPDP Rules, 2025 | Compliance with CERT-In directions and cyber security requirements |
| Essential cookie data | Duration of the browser session or up to 1 year for persistent essential cookies | Necessary for website functionality |
After the applicable retention period expires, personal data is securely deleted or irreversibly anonymized. To request earlier deletion of your personal data, please contact our Grievance Officer (see Section 13). We will process your request within the timelines specified under the DPDP Rules.
6. Your Rights as a Data Principal
Under the DPDP Act, you have the following rights regarding your personal data:
- Right to Access (Section 11(1)): Request confirmation of whether we process your personal data and request a copy of such data in a reasonable format.
- Right to Correction (Section 11(2)): Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Section 11(3)): Request deletion of your personal data, subject to legal obligations requiring retention.
- Right to Data Portability (Section 12(1)): Request your personal data in a structured, commonly used, machine-readable format.
- Right to Object / Opt-Out (Section 12(2)): Object to the processing of your personal data for any purpose for which consent was given, and withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
- Right to Grievance Redressal (Section 13): Lodge a complaint with our Grievance Officer regarding the processing of your personal data.
- Right to Nominate (Section 14): Nominate a person who may exercise your rights in the event of your death or incapacity.
How to Exercise Your Rights: To exercise any of the above rights, please contact our Grievance Officer at reachout@trijalvitality.com. We will respond within 7 working days for rights-related requests, as per the DPDP Rules, 2025. We may request proof of identity before processing your request.
7. Security Safeguards
We implement reasonable security safeguards as required under Section 8(9) of the DPDP Act and Rule 5 of the DPDP Rules, 2025 to protect your personal data from unauthorized access, loss, destruction, or damage:
- Encryption in Transit: Our website uses HTTPS/SSL encryption for all data transmitted between your browser and our servers.
- Access Controls: Access to server log data is restricted to authorized personnel only, on a need-to-know basis.
- Secure Hosting: Our servers are maintained in secure data center environments with physical and network security measures.
- Regular Updates: Our website platform and server software are kept up to date with security patches.
Data Residency: Your personal data is stored on servers located within India. We do not transfer your personal data to servers outside India.
8. Automated Decision-Making & Profiling
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects concerning you. We do not create behavior profiles, score users, or make automated decisions about users based on their personal data.
If this practice changes in the future, we will update this policy and obtain any required consent.
9. Children’s Data
Our website is not intended for, and does not knowingly collect personal data from, individuals under the age of 18. We do not target children through our content, advertising, or features.
If we become aware that we have inadvertently collected personal data from a child under 18 without verified parental consent, we will delete such data promptly. If you believe a child has provided us with personal data, please contact our Grievance Officer immediately.
10. Cookie Policy & Tracking Technologies
Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device by your web browser.
| Cookie Type | Purpose | Duration | Requires Consent? |
|---|---|---|---|
| Essential / Necessary Cookies | Session management, basic website functionality, security | Session to 1 year | No — necessary for website operation (Section 7, DPDP Act) |
We do not currently use advertising, analytics, or tracking cookies from third parties. Only essential cookies are in use, which do not require prior consent under the DPDP Act.
If we introduce non-essential cookies in the future, we will deploy a cookie consent banner requesting your prior consent before any such cookies are set. You will be able to accept or reject non-essential cookies and change your preferences at any time.
You may also control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please refer to your browser’s help documentation for instructions.
11. International Data Transfers
We do not transfer your personal data to any jurisdiction outside India. All personal data collected through our website is stored and processed on servers located within India.
If, in the future, we engage service providers that process personal data outside India, we will:
- Ensure adequate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms as required under the DPDP Rules;
- Obtain your consent before such transfer, where required by law;
- Update this Privacy Policy to reflect such transfers.
12. Data Breach Notification
In the event of a personal data breach that is likely to result in harm to data principals, we will comply with our obligations under the DPDP Act and DPDP Rules, 2025, including:
- Notifying the Data Protection Board of India (DPBI) without unreasonable delay, and in any case within the timeline prescribed under the DPDP Rules;
- Notifying affected data principals (you) of the breach, including: the nature of the breach, categories of data affected, likely consequences, measures taken or proposed to mitigate the breach, and steps you can take to protect yourself;
- Co-operating with the DPBI in its investigation and response to the breach.
We take data security seriously and have implemented safeguards (as described in Section 7) to minimize the risk of a data breach.
13. Grievance Redressal & Contact
If you have any questions, concerns, or complaints regarding this Privacy Policy or the processing of your personal data, please contact our designated Grievance Officer:
Grievance Officer: Trijal Vitality (Designated Representative)
Email: reachout@trijalvitality.com
Acknowledgment: We acknowledge all grievances within 48 hours of receipt.
Resolution Timeline: We aim to resolve grievances within 30 days. Requests to exercise data principal rights under Section 6 above will be processed within 7 working days.
Internal Appeal: If you are not satisfied with our response, you may request an internal review by emailing us with the reference number provided at acknowledgment.
Escalation to Data Protection Board: If you remain unsatisfied after exhausting our internal grievance process, you have the right to lodge a complaint with the Data Protection Board of India (DPBI) through its official portal at the Ministry of Electronics and Information Technology (MeitY) website.
Privacy Inquiries: For general privacy inquiries, you may also contact us at the same email address above.
Changes to This Policy: We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically. Material changes will be notified via a notice on our website.