DPDP for e-commerce (India): checkout-to-delivery playbook
- Connect day-to-day workflows to what you collect, disclose, and retain—on real user journeys.
- Review forms, integrations, and vendor access on a real journey.
- Document decisions so sales and product do not contradict support.
- When stakes are high, verify wording against official resources.
- Use the compliance portal to pick the next operational drill.
Customers experience one brand; your stack sees payments, OMS, 3PL, CRM, and ads. DPDP success depends on matching notice language to who actually receives phone numbers and addresses after the order leaves your app. Pair this playbook with the compliance checklist and marketing team guidance.
30-day playbook
- Week 1 — Map flows: Browse → checkout → WMS → 3PL → returns → refunds. Note every phone number and email exit point.
- Week 2 — Marketing truth: Audiences in withdrawal sync with ESP and ads; kill “shadow” lists in sheets.
- Week 3 — CS hygiene: Ticket attachments, refund fraud queues—retention and access roles.
- Week 4 — Artifacts: Subprocessors, RTO partner list, and a one-page “data map for CX leads.”
Lifecycle
- Browse / intent: Cookies, personalization, abandoned carts.
- Order: Address, gifts, device risk, optional GSTIN.
- Fulfillment: Labels, SMS, driver apps—PII leaves your perimeter.
- Post-purchase: Reviews, warranties, loyalty—refreshed profiles until dormancy rules bite.
Systems grid
| Layer | Govern | Questions |
|---|---|---|
| Storefront / OMS | Cart, inventory, splits | Guest checkout data vs accounts; gift message retention |
| Payments / BNPL | Tokens, EMI partners | What appears on receipts? chargeback evidence stores? |
| Logistics | Courier APIs, POD photos | PII in photos? partner retention beyond delivery? |
| Growth stack | Email, SMS, affiliates | Consent proof for promotional messaging; frequency caps |
Disclosure: Categories—not vendor rankings. Future affiliate links will be labeled; see editorial policy.
Consent & notice
- Pre-checked WhatsApp/SMS promos: High friction under scrutiny.
- Marketplace clarity: Platform vs seller responsibilities in plain language.
- Refund fraud vs privacy: Document why certain fields stay longer.
Failure modes
- CS exports to spreadsheets for “quick fixes.”
- Proof-of-delivery photos with faces or IDs.
- Ghost social logins after IdP disconnect.
Illustrative hypothetical (fiction, not factual): “MonsoonMart” launches same-day delivery. Couriers get phone numbers in plain text; marketing hashes poorly and overlaps a logistics audience. A user withdraws promos but still gets SMS from the courier brand. The fix is purpose-limited sharing and a single consent ledger mirrored in campaign tools—not a longer privacy banner.