Privacy Notice

Version 2026-05-08 · Effective 2026-05-08 · ← Back to home

1. Who we are

StocksWatch Cloud is operated by [Legal entity name and address]. We are the Data Fiduciary under DPDPA 2023 for personal data processed via this platform. Reach us at privacy@stockswatch.cloud.

2. What we collect

By source:

Signup: company name, GSTIN, your name, phone, email, city, dealer-count band.
App use: dealer profiles, salesman profiles, bills, collections, returns, expenses, schemes, price tiers.
Mobile devices: selfie photo (for device claim), GPS coordinates while on duty (delivery and salesman apps).
Bank statement uploads: parsed transaction lines including narration text and reference numbers.

3. Why we collect it

Specified legitimate uses under DPDPA §7: providing the StocksWatch service under our agreement with you (the Data Fiduciary's customer); employer-employee relationship for delivery and salesman profiles; compliance with law (GST filings, RBI directives).

We use the following sub-processors. Each is bound by a Data Processing Agreement (DPA).

Name	Country	Data region	Purpose	DPA

5. Where your data lives

Primary application data resides in Mumbai, India (Supabase ap-south-1). API server hosting is in Bengaluru, India (DigitalOcean BLR1). Auth control plane and operational telemetry are processed in the United States by Supabase Inc. AI inference uses Groq Inc. (US). See ADR 0001 in our engineering documentation for the data-residency posture.

We acknowledge that as US-incorporated providers, Supabase Inc. and DigitalOcean LLC are subject to the US CLOUD Act, which permits US courts to compel disclosure regardless of where data is physically stored. Any such disclosure event would be treated as a personal data breach under DPDPA §8(6).

6. How long we keep it

Financial records (bills, invoices)	8 years (Income Tax Act)
Operational data (general app usage)	3 years
Employee PII (delivery boy / salesman profiles)	While employed + 1 year
Mobile GPS coordinates	90 days
Screenshot / audio uploads in support tickets	30 days post-resolution
Biometric data (selfie photo for device claim)	While the device is active

7. Your rights

Right to access — sign in and visit Settings → Privacy to download your data.
Right to correction — request inline from the same screen.
Right to erasure — submit a delete-account request from the same screen; cool-down 30 days.
Right to grievance redressal — contact the grievance officer below; we respond within 30 days.
Right to withdraw consent — equally easy as giving; from the same Settings → Privacy screen.

8. Grievance officer

For privacy concerns, reach our grievance officer at privacy@stockswatch.cloud. We acknowledge receipt within 7 days and respond substantively within 30 days, per DPDPA §13(2).

9. Cookies & tracking

Minimal. We use an authentication JWT cookie. We do not use third-party analytics, advertising trackers, or cross-site tracking.

10. Changes to this notice

We notify users 14 days before a material change takes effect. On login after a version bump, the application prompts for fresh consent before continued use.

11. Version history

2026-05-08 — Initial publication.