Built on Trust: ViViDApps is committed to operating with full legal and regulatory compliance across all aspects of our business — from data protection to tax filings and ethical engineering practices.
1. Regulatory Framework
ViViD App Studio (a unit of ViViD Global Services) operates in full compliance with applicable Indian laws and international best practices, including but not limited to:
- Information Technology Act, 2000 (IT Act) — including the IT (Amendment) Act 2008 and associated rules.
- Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
- The Digital Personal Data Protection Act, 2023 (DPDP Act) — India's primary data protection legislation.
- Goods and Services Tax Act, 2017 (GST) — we are a registered GST entity and issue valid GST invoices.
- Indian Contract Act, 1872 — governing all client agreements and service contracts.
- Copyright Act, 1957 — protecting original creative and software works.
- Foreign Exchange Management Act (FEMA) — for international payment transactions.
2. Data Protection Compliance
2.1 Digital Personal Data Protection Act, 2023
ViViDApps aligns its data handling practices with the DPDP Act, including:
- Collecting only data that is necessary for the stated purpose (data minimisation).
- Obtaining valid, informed consent before processing personal data for non-essential purposes.
- Providing mechanisms for data principals (users) to access, correct, and erase their data.
- Implementing appropriate technical and organisational safeguards to prevent data breaches.
- Notifying affected individuals and relevant authorities in the event of a significant data breach.
2.2 GDPR Awareness (International Clients)
For clients or users located in the European Economic Area (EEA), ViViDApps applies GDPR-aligned data handling standards, including lawful basis of processing, data subject rights, and data processing agreements (DPAs) where required.
3. GST & Financial Compliance
- ViViDApps is registered under GST and maintains up-to-date filings (GSTR-1, GSTR-3B).
- All invoices issued by ViViDApps include the company's GSTIN, invoice number, HSN/SAC code for IT services, and applicable GST breakdown.
- TDS (Tax Deducted at Source) deductions by clients are acknowledged and PAN details are provided for Form 16A compliance.
- All financial records are maintained as per Indian accounting standards for a minimum of 8 years.
4. Ethical Engineering Practices
ViViDApps is committed to building software that is ethical, secure, and inclusive:
- Security by Design: We apply OWASP Top 10 security best practices across all web and mobile development.
- Accessibility: We build interfaces that meet WCAG 2.1 Level AA standards wherever applicable.
- No Dark Patterns: We do not design or develop manipulative UX patterns intended to deceive users.
- No Illegal Content: We refuse engagement with projects involving illegal, harmful, or exploitative content.
- Open Source Licensing: All open-source libraries used in our projects are properly attributed and their licences complied with (MIT, Apache 2.0, GPL, etc.).
5. Third-Party & Supply Chain Compliance
ViViDApps requires all third-party contractors, freelancers, and technology partners engaged on client projects to:
- Sign confidentiality/NDA agreements before accessing any client data or code.
- Comply with applicable data protection laws for any personal data they process.
- Use only licensed software and legitimate development tools.
6. Anti-Bribery & Anti-Corruption
ViViDApps has zero tolerance for bribery or corruption in any form. We do not offer, give, request, or accept any improper financial or other advantage in connection with our business. Any violations are to be reported immediately to compliance@vividapps.in.
7. Reporting Non-Compliance
If you believe ViViDApps has acted in a manner inconsistent with this Compliance Policy or applicable law, you are encouraged to report it immediately:
All reports will be treated confidentially and investigated promptly. Whistleblowers acting in good faith are protected from any form of retaliation.
8. Policy Review
This Compliance Policy is reviewed annually and updated to reflect changes in applicable law, regulatory guidance, and business practices. The latest version is always available on this page.