Skip to content
MapMyShops
How it worksFeatures
  • Win local searchYour Google profile, run as marketing
  • Content at boutique scaleA month of on-brand posts
  • Reviews, answered in hoursEvery review, replied
  • WhatsApp campaignsThe right message, the right customer
  • Boss ModeApprove it all from WhatsApp
  • Competitive intelligenceKnow what your rival ships
What MMS doesSee all solutionsEverything MMS runs for your shop, in one place.Explore
  • Hospitality & StayHotels, resorts, homestays
  • Healthcare (Clinical)Dental & clinical specialties
  • Wellness & SpaSpas, wellness studios
  • Beauty & GroomingSalons, nail bars
  • Food & BeverageBakeries, cafés, fine-dine
  • Fitness & MovementGyms, yoga, studios
  • PetsPet care, grooming, boarding
  • Education & Early YearsPreschools & early years
  • Specialty RetailBoutiques, lifestyle, gifting
  • Lifestyle ServicesWeddings, photo, bridal
Built around your tradeNot sure where you fit?Thirty minutes on WhatsApp gets a straight answer.Explore
About
Plans & pricingTwo plans, one early-adopter offerFAQAnswers before you sign up
Early Adopter
Talk on WhatsAppWhatsApp
How it worksFeatures
Solutions
  • Win local search
  • Content at boutique scale
  • Reviews, answered in hours
  • WhatsApp campaigns
  • Boss Mode
  • Competitive intelligence
  • See all solutions
Verticals
  • Hospitality & Stay
  • Healthcare (Clinical)
  • Wellness & Spa
  • Beauty & Grooming
  • Food & Beverage
  • Fitness & Movement
  • Pets
  • Education & Early Years
  • Specialty Retail
  • Lifestyle Services
  • Not sure where you fit?
About
Pricing
  • Plans & pricing
  • FAQ
Early Adopter
Talk on WhatsApp

DPDPA Compliance

DPDPA Compliance

The Digital Personal Data Protection Act, 2023 (DPDPA) is India's primary data-protection law. Many businesses are working out compliance for the first time. This page explains what we do under DPDPA and how it affects you. In short: MMS is DPDPA-compliant by architecture — consent, timestamps, erasure, and breach handling are built into how the system works, not bolted on as policy.

Our role

Data Fiduciary for the business data you give us directly (your name, business details, brand assets).

Data Processor for the customer data you upload via the Customer Data Gateway — you remain the Data Fiduciary for your customers.

Consent architecture

We require explicit, granular, informed consent at every collection point. We don't assume consent from continued use or pre-checked boxes. Section 5 notices are built into every consent flow, with the specific purpose, data categories, and retention period stated clearly.

Your customer data — your responsibility

When you upload customer contact data to the Customer Data Gateway, you confirm you have explicit consent from each customer for the specific use (marketing messages, birthday wishes, win-backs). MMS doesn't pre-validate that consent — under DPDPA, that's the Data Fiduciary's obligation.

Data Principal rights

Your customers exercise their rights through you (their Data Fiduciary). We propagate erasure requests across our systems within 72 hours of your relayed request.

Breach notification

If we detect a personal-data breach affecting your data, we notify you within 72 hours and follow our runbook to inform the Data Protection Board of India as required.

Cross-border transfers

Our infrastructure runs primarily in Indian data regions. Some third-party APIs (fal.ai, Google, Meta) may process data outside India per their own published policies — these are listed in our Privacy Policy.

Sub-processors (named for transparency)

For service delivery and DPDPA transparency, our processors include: Google Business Profile API, Meta (WhatsApp Business API), GoHighLevel, fal.ai, Razorpay, Cloudflare, and our database systems. Named deliberately — DPDPA transparency requires disclosure.

The Empowerment Principle

No third-party passwords stored. Ever. We act through official APIs only — so your accounts, and your customers' trust, stay yours.

Data Processing Agreement

A DPA template is available on request for customers who need formal execution.

Grievance officer

Legally required under DPDPA. A grievance officer will be appointed before go-live, with name and contact details published here.

Pending counsel (binding text)

Final DPDPA-binding language — Data Protection Board engagement, consent-withdrawal mechanics, and the formal grievance-officer appointment — to be drafted by counsel before go-live.

Registered office

ITS Infra India · GSTIN 29KZQPS9533FIZA
No. A407, SY No. 3/1, Navanrami Platina, Opp. Thanisandra Main Road, Thirumenahalli Village, Bengaluru Urban, Karnataka — 560064.
(ITS Infra India is a proprietorship — no CIN.)
MapMyShops

Your shop’s superpower.

MapMyShopsis your WhatsApp-first marketing partner for India’s boutique businesses.

#29, First Floor -1A, Nandi Tower, 2nd Cross, Manjunatha Layout, opposite Lumbini Kidzee, Bagalur Road, Kattigenahalli Bus Stop, Yelahanka, Bengaluru 560064, Karnataka.

Product

  • How it works
  • Features
  • Solutions
  • Verticals
  • Pricing
  • Early Adopter

Company

  • About
  • Contact
  • Why consistency wins
  • Talk on WhatsApp

Resources

  • FAQ
  • Feature reference
  • Payment terms
  • Privacy
  • Terms
  • DPDPA

© 2026 MapMyShops · A product of ITS Infra India · GSTIN 29KZQPS9533FIZA · Yelahanka, Bengaluru 560064, Karnataka