Privacy Policy
Effective Date: 22 Aug 2025
1. Overview
Your privacy is important to us. This policy explains what data we collect, how we use it, and your rights.
2. Data We Collect
- Account Data – Name, email, phone.
- Payment Data – Tokenised card details, UPI/VPA; stored by trusted gateway (Razorpay)
- Usage Data – Endpoint called, timestamp, IP, request parameters, response time, error logs.
- Support Data – Emails, chat transcripts, attachments.
- Cookies – Session cookies (essential) and first-party analytics cookies.
3. Purpose of Processing
- Authenticate users and prevent fraud.
- Calculate usage and generate invoices.
- Provide technical support and service improvements.
- Comply with legal obligations.
4. Legal Basis
Processing is based on contract performance, legitimate interest, and, where required, explicit consent.
5. Data Sharing
We share data only with:
- The information shared includes your username, email, and phone number, and is used solely for creating your subscription account and setting up the e-mandate required to enable autopay.
- Government authorities when legally required.
All third parties are bound by confidentiality agreements.
6. Data Security
- TLS 1.2+ encryption in transit
- AES-256 encryption at rest
- Quarterly penetration testing
7. Retention Schedule
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Life of account + 3 yrs | Tax & audit |
| API logs | 12 months | Troubleshooting/analytics |
| Billing data | 7 yrs | Indian tax law |
| Support tickets | 2 yrs | Service quality |
8. Your Rights
- Access
- Rectification
- Erasure
- Portability
- Restrict processing
- Lodge complaint (India DPDPA or other local authority)
9. International Transfers
Primary storage in India for now.
10. Children's Privacy
Services not directed to children under 18. We do not knowingly collect such data.
11. Policy Updates
Material changes announced via email and dashboard 30 days before taking effect.
12. Contact
Email: info@ssrinnovationlab.com
Phone: +91-9530966789