Privacy Policy

TRAQDEALS (“TRAQDEALS”, “we”, “us”) is responsible for the personal data we process in connection with the Service, except for personal data of your brand contacts and other third parties contained in content you upload — for that data you are the controlling party and we act on your instructions (see §6 of our Terms of Service).

This policy explains what personal data we collect, why and how we process it, who we share it with, how long we keep it, and the rights you have. It applies to traqdeals.com, app.traqdeals.com, the TRAQDEALS mobile and web applications, and our APIs.

We collect the following categories of personal data:

• Account data — your name, email, password hash, profile photo (if you add one), phone number (optional), and the workspace settings you create.
• Business data you enter — brand contacts, deals, deliverables, invoices, payments, GST and bank details you save for invoicing, and any notes you add.
• Capture Inputs — screenshots of brand chats, forwarded emails, message exports and similar content you upload for AI extraction. These may contain personal data of your brand contacts and other third parties (names, phone numbers, email addresses, message content).
• Connected-account data — when you connect a third-party account (e.g. Google/Gmail) we receive the OAuth tokens and the specific scopes you authorise. The information we read from those scopes is described in §5.
• Usage and device data — IP address, browser and device type, pages and screens viewed, actions taken, and approximate location derived from IP (city level).
• Communications — messages you send to support, survey responses and feedback.
• Cookies & similar technologies — see §11.

We do not knowingly collect any of the categories of data classified as “sensitive personal data” under the DPDP Act unless you choose to upload them in a Capture Input. We ask you not to upload such data unless it is necessary for the deal.

The most sensitive thing TRAQDEALS does is process your Capture Inputs — the screenshots, message exports and emails you upload — to extract structured deal information. This section explains what happens to that content end-to-end.

• Upload. Your Capture Input is sent over a TLS connection to our servers and stored encrypted-at-rest in Supabase Storage (see §5).
• Extraction. We send the content to one or more vetted third-party AI providers over an encrypted connection. The provider returns structured deal fields (brand, deliverables, amounts, dates, etc.) which we save against your account.
• No model training. We use enterprise/API modes that contractually prohibit the provider from using your data to train, fine-tune or improve their general-purpose models. We do not train any TRAQDEALS model on your Capture Inputs that is shared across customers.
• Provider retention. Capture Inputs are processed transiently by the AI provider; they retain processing logs only for the abuse-monitoring period stipulated in their enterprise terms (commonly up to 30 days) and then delete them.
• Human review.No human at TRAQDEALS reads your Capture Inputs except (i) with your explicit consent (e.g. to debug a support ticket you file), (ii) where required by law, or (iii) to investigate a Trust & Safety incident. Such access is logged.
• Your control. You can delete a capture or deal at any time, which removes it from our primary storage (see §8). You can also disable AI extraction in your account settings.

We process your personal data for the purposes below. Under the DPDP Act we rely on your consent at sign-up and for AI extraction; certain processing is also based on the specified legitimate use of providing a service you request and on compliance with law.

• providing the Service to you — creating your account, authenticating you, storing your business data and rendering it back to you;
• AI extraction of Capture Inputs (only with your consent — you can withdraw consent at any time by disabling the feature or deleting the input);
• generating, sending and tracking invoices to your brand contacts;
• detecting, investigating and preventing fraud, abuse and security incidents;
• product analytics, debugging and improving the Service (using aggregated and de-identified data wherever possible);
• customer support;
• sending operational emails (account, billing, security) — we do not send marketing emails without separate consent;
• complying with legal obligations under Indian law (including GST, the Information Technology Act, the DPDP Act, and lawful requests from authorities).

We use a small number of vetted third-party service providers to run the Service. They are contractually bound to protect your data, to process it only on our instructions, and to apply security measures consistent with this policy. We use providers in the following categories:

• Cloud hosting and infrastructure — to run our application servers, databases and file storage.
• Authentication providers — to let you sign in securely.
• AI providers — to perform extraction on your Capture Inputs as described in §3.
• Email delivery providers — to send invoices and operational email on your behalf.
• Optional integrations you choose to connect (for example, Gmail) — only with the scopes you authorise.

Some of these providers are located outside India. We will update the list of categories above if it changes materially. You can request a current list of named sub-processors by writing to support@traqdeals.com.

We may also disclose personal data: (i) to comply with applicable law or a valid legal request, (ii) to enforce our Terms or protect the rights, safety or property of TRAQDEALS, our users or the public, and (iii) in connection with a merger, acquisition or sale of assets, in which case we will require the successor to honour this Privacy Policy.

Google API services. If you choose to connect a Google account, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Gmail data to serve advertisements, do not sell or transfer it for advertising or to develop unrelated AI models, and do not allow humans to read it except as described in §3.

We do not sell your personal data and we do not share it with third parties for their independent marketing or advertising purposes.

Some of our sub-processors are located outside India (notably the United States and the European Union). When personal data is transferred outside India for processing, we rely on the transfer mechanisms permitted under the DPDP Act and on contractual safeguards with the receiving sub-processor (including data-processing addenda and, where applicable, standard contractual clauses).

We take reasonable security measures appropriate to the sensitivity of the data we hold:

• encryption in transit using TLS 1.2+ for all traffic;
• encryption at rest for the database, file storage and third-party API tokens;
• role-based access control inside TRAQDEALS, with access to customer data limited to a small set of authorised personnel and logged;
• principle of least privilege between services (the AI worker, for example, can read a Capture Input only for the duration of the job);
• regular software updates, dependency monitoring and vendor security review.

No system is perfectly secure. If we ever become aware of a personal-data breach affecting you, we will notify you and the Data Protection Board of India in accordance with the DPDP Act.

We retain personal data only for as long as needed for the purposes described in this policy, or as required by law. Concretely:

• Active account data — for the lifetime of your account.
• Capture Inputs and AI outputs — until you delete them or your account, subject to a short backup-tail window described below.
• Account deletion — when you delete your account, your content is removed from our primary databases and storage within 30 days. Encrypted backups roll off within a further 60 days.
• Connected-account tokens (e.g. Gmail) — deleted within a reasonable period after you disconnect, and in any case within 30 days.
• Invoicing and tax records — retained for the period required by Indian tax law (currently up to 8 years for GST records), even after account deletion. These records are kept in restricted storage and used only for legal compliance.
• Security & abuse logs — up to 12 months.

Subject to applicable law (including the DPDP Act, 2023) you have the right to:

• access a summary of the personal data we process about you and confirmation that we are processing it;
• correct inaccurate or incomplete data, or update it (most fields are editable directly in the Service);
• erase your data, including by deleting your account from settings, subject to records we are required to retain by law;
• withdraw consent at any time — for example, by disabling AI extraction or disconnecting Gmail. Withdrawal does not affect processing carried out before withdrawal;
• nominate another individual to exercise your rights in the event of your death or incapacity;
• portability — request an export of your deals, contacts and invoices in a machine-readable format;
• complainto the Data Protection Board of India if you believe we have not handled your data lawfully — though we’d ask you to write to us first so we can try to resolve it.

To exercise these rights, write to support@traqdeals.com from the email address associated with your account, or use the in-app controls. We will respond within the timelines required by law and in any case within 30 days.

The Service is not directed to and is not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We use cookies and similar local-storage technologies that are strictly necessary to keep you signed in and to remember your preferences. We do not use advertising cookies. You can control cookies through your browser settings; disabling strictly-necessary cookies will break sign-in.

We may update this Privacy Policy from time to time. When we make material changes we will revise the “Last updated” date and notify you in-app or by email at least seven (7) days before the change takes effect. We encourage you to review this page periodically.

For any privacy question, request to exercise your rights, or concern about how we handle your data, write to us at support@traqdeals.com. We will acknowledge your message within a reasonable period and respond within the timelines required by law.