Full disclosure of how NightPrime processes your personal data under the Digital Personal Data Protection Act, 2023 and, where applicable, the GDPR.
Last updated: 9 July 2026
Bej Digital Private Limited (operating NightPrime) is the Data Fiduciary under §2(i) of the DPDP Act 2023. We determine the purpose and means of processing your personal data. If you are in the European Economic Area, we act as a Data Controller under GDPR Article 4(7).
Name
Mr. Kabir Malhotra
Data Protection Officer, Bej Digital Pvt Ltd
The DPO is responsible for data protection queries, DPDP Act complaints, and coordination with the Data Protection Board of India.
| Category | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Email, name | Account creation, service delivery | Contract | Life of account + 30 days |
| Watch history | Continue Watching, recommendations | Consent | 24 months |
| Playback preferences | Language, subtitles, quality | Consent | Life of account |
| Payment metadata | Subscription billing (via processor) | Contract / Legal obligation | 7 years (tax) |
| Cookies, IP, device | Security, fraud prevention | Legitimate interest | 90 days |
| Analytics (anon.) | Improve product | Consent | 14 months |
| Age confirmation | Rated content access | Legal obligation | Life of account |
| Marketing consent | Newsletter, offers | Consent | Until withdrawn |
Right to information
Ask what we hold on you and why we process it.
Right to access & portability
Download a copy of your data in machine-readable form.
Right to correction
Correct inaccurate or outdated personal data.
Right to erasure
Delete your account and associated data.
Right to withdraw consent
Withdraw consent for optional processing at any time.
Right to nominate
Nominate another individual to exercise your rights.
To exercise a right, email dpo@nightprime.in or visit /profile → Privacy for self-service export & deletion. We respond within 30 days as mandated by the DPDP Act.
Your data is primarily stored within India. Where necessary for service delivery (e.g., email via Resend, CDN via Cloudflare), data may be transferred to jurisdictions notified by the Central Government under DPDP Act §16. All transfers are protected by Standard Contractual Clauses (GDPR) or equivalent contractual safeguards.
If you have a data-protection concern, contact our Data Protection Officer first. If unresolved within 30 days, you may complain to the Data Protection Board of India: