LEGAL · POLICY

PRIVACY POLICY

EFFECTIVE · 01 MAY 2026VERSION · 3.2JURISDICTION · INDIA
TL;DRWe collect what's needed to keep your account working and your searches saved — nothing for resale. We don't sell data, ever. We use one analytics provider, anonymised, and you can opt out below.

01 Who we are

Trakinfo is operated by Trakinfo Technologies Pvt. Ltd., registered in Mumbai, Maharashtra, India (CIN U72900MH2024PTC0481xx). For the purposes of the Digital Personal Data Protection Act, 2023, we are the Data Fiduciary for personal data collected through this service.

This policy applies to trakinfo.in and any subdomains operated by us. It does not cover third-party services (PPL, Novex, IPRS, ISAMRA portals) we link out to.

02 What we collect

CategoryExamplesWhy
AccountEmail, name, hashed passwordSign-in, billing
UsageSearches, saved tracks, compilationsCore product
BillingGSTIN (optional), invoice addressTax compliance
TechnicalIP (truncated), browser, OSSecurity, fraud

We do not collect government IDs, biometric data, financial-account numbers, location beyond city-level, or sensitive personal data as defined under the DPDP Act.

03 How we use it

  • Run the service. Show you search results, save compilations, generate compliance reports.
  • Billing. Charge your subscription and issue GST-compliant invoices.
  • Improve search. Aggregate, de-identified query data tells us which catalogues to prioritise.
  • Communicate. Send transactional emails (receipts, password resets). Marketing only with opt-in.

We do not profile users, run automated decisions with legal effect, or use your data to train external AI models.

04 Cookies & tracking

We use a small number of first-party cookies for session state and one privacy-respecting analytics tool (Plausible, EU-hosted, no fingerprinting). No third-party advertising cookies are set by Trakinfo.

You can clear cookies at any time. Disabling them won't break the public catalogue — only signed-in features.

05 Sharing & third parties

Personal data is shared only with processors we contract directly:

  • Razorpay — payments (PCI-DSS compliant, India-hosted).
  • Postmark — transactional email delivery.
  • AWS Mumbai (ap-south-1) — hosting, backups.

We do not sell personal data. We respond to lawful requests from Indian authorities under the Code of Criminal Procedure and applicable orders.

06 Retention

Active accounts: retained until deletion. Deleted accounts: purged within 30 days, except invoice records retained for 8 years under GST law. Application logs: 90 days rolling.

07 Your rights (DPDP Act, 2023)

You have the right to: access a copy of your data, correct it, request erasure, withdraw consent, and nominate a person to exercise these rights on your behalf if you can't. Submit requests to privacy@trakinfo.in — we respond within 30 days.

Grievance Officer: Rishi Sharma, reachable at grievance@trakinfo.in. If unresolved, escalate to the Data Protection Board of India.

08 Security

TLS 1.3 in transit, AES-256 at rest, scrypt for password hashing, MFA available on every account. Annual penetration tests by a CERT-In empanelled auditor. Breach notification within 72 hours as required under the DPDP Act.

09 Contact

Questions: privacy@trakinfo.in
Postal: Trakinfo Technologies Pvt. Ltd., 4th Floor, Empire Estate, Andheri East, Mumbai 400069, India.

Changes to this policyWe'll notify you by email at least 14 days before any material change. Version history is available on request.