DPDPA Compliance for Logistics & Delivery Companies in Raipur

Logistics firms process recipient names, phone numbers, delivery addresses and live location — shared across drivers, partners and tracking apps.

Raipur context: A central trading and education hub where new digital businesses need foundational consent and notice. The obligations below apply to logistics and delivery companies operating in Raipur, Chhattisgarh — there is no local exemption and no turnover threshold under the DPDP Act.

DPDPA applies. You typically act as a Processor for e-commerce clients' customer data and a Fiduciary for your own staff and direct customers.

• Recipient name, phone, address
• Delivery & route data
• Driver/rider personal data
• Proof-of-delivery (photos, signatures)

• Customer data on driver personal phones
• No contract with e-commerce clients
• POD photos stored without limits
• Address data retained indefinitely

• Processor contracts with client businesses
• Security controls on driver apps
• Retention limits for delivery & POD data
• Breach workflow for lost/leaked manifests

• Manifests shared over WhatsApp groups
• No DPA with e-commerce clients
• POD images kept forever

• Sign DPAs with client businesses
• Mask customer phone numbers for drivers
• Set POD/manifest retention limits
• Control app access by role

Whose responsibility is the customer data we deliver to?

Shared. The e-commerce client is the Fiduciary; you are the Processor and need a contract defining responsibilities.

Can drivers see full customer numbers?

Number-masking is the safer, demonstrable practice and reduces breach exposure.