Traceport Privacy Policy
Effective Date: 2025-03-13
Company: Shineport Innovations Pvt. Ltd. (doing business as Traceport)
Website: https://traceport.ai
Grievance / Privacy Contact: legal@traceport.ai
Jurisdiction Focus: India
1. Introduction
Shineport Innovations Pvt. Ltd. ("Traceport," "we," "us," or "our") is committed to protecting the privacy and security of personal data we collect and process in connection with the Traceport platform, website, APIs, dashboards, SDKs, tools, and related services (collectively, the "Services").
This Privacy Policy explains:
- what personal data we collect and why;
- how we use, store, share, and protect it;
- your rights under applicable law; and
- how to contact us with questions or requests.
This Policy applies to all users of the Services, including individuals, businesses, and their authorised representatives. It should be read alongside our Terms and Conditions, which govern your use of the Services.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
2. Definitions
For the purposes of this Policy:
- "Personal data" means any data about an individual who is identifiable by or in relation to such data, as defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable law.
- "Customer Content" means prompts, inputs, outputs, files, datasets, configurations, logs, and other content submitted to or processed through the Services by you or your users.
- "Data Fiduciary" means the entity that determines the purpose and means of processing personal data, as defined under the DPDP Act.
- "Data Principal" means the individual to whom personal data relates.
- "Third-Party Services" means third-party AI model providers, cloud infrastructure providers, analytics tools, payment processors, and other external systems with which the Services interoperate.
3. Who Is the Data Fiduciary?
For personal data collected directly from users and visitors — such as account registration data, billing information, and usage data — Traceport acts as the Data Fiduciary under the DPDP Act.
For personal data contained within Customer Content that you submit through the Services, you (the customer) are the Data Fiduciary. Traceport processes such data only on your instructions, as described in Section 7 below and, where applicable, in a separate Data Processing Addendum.
4. Personal Data We Collect
We collect personal data in the following categories:
4.1 Account and Identity Data
- Name, email address, and password (or equivalent authentication credentials)
- Company or organisation name and job title (for business accounts)
- Country and time zone
4.2 Billing and Payment Data
- Billing address and GST/tax identification number
- Payment method details (processed by our third-party payment processor; we do not store full card numbers)
- Invoice and transaction history
4.3 Usage and Technical Data
- API requests, response metadata, token counts, latency metrics, and error logs
- Dashboard interactions, feature usage, and configuration settings
- IP addresses, browser type, device identifiers, and operating system
- Session data and access timestamps
- Cookies and similar tracking technologies (see Section 11)
4.4 Customer Content
- Prompts, inputs, and outputs processed through the Services
- Files, datasets, and other content you upload or transmit
- Configuration data, system prompts, and workflow definitions
We process Customer Content only to the extent necessary to provide, secure, and maintain the Services, as described in Section 7.
4.5 Communications Data
- Messages you send to our support team
- Feedback, survey responses, and feature requests
- Records of communications between you and Traceport
4.6 Data We Receive from Third Parties
- Authentication data from identity providers (e.g. Google OAuth) if you use single sign-on
- Public business registration data for enterprise onboarding and KYC purposes where required
5. How We Collect Personal Data
We collect personal data:
- Directly from you, when you register for an account, complete forms, make payments, contact support, or otherwise interact with the Services;
- Automatically, through your use of the Services, via logs, cookies, and similar technologies;
- From third-party integrations, where you connect identity providers or other services to your account; and
- From your authorised users, who access the Services under your account.
6. Purposes and Legal Bases for Processing
We process personal data for the following purposes. Where Indian law requires a valid legal basis, we identify it below.
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Performance of contract / legitimate interest |
| Providing, operating, and maintaining the Services | Performance of contract |
| Processing payments and issuing invoices | Performance of contract; legal obligation |
| Sending service-related communications and notices | Performance of contract; legitimate interest |
| Security monitoring, fraud detection, and abuse prevention | Legitimate interest; legal obligation |
| Improving and developing the Services using aggregated and de-identified data | Legitimate interest |
| Complying with legal obligations and responding to lawful authorities | Legal obligation |
| Sending marketing communications about our Services | Consent (where required); legitimate interest |
| Analytics on product usage to inform business decisions | Legitimate interest |
Where we rely on consent as a legal basis, you may withdraw consent at any time without affecting the lawfulness of prior processing.
7. How We Use Customer Content
We use Customer Content solely to:
- provide, secure, and maintain the Services;
- perform technical support and troubleshooting;
- monitor for abuse, security incidents, and policy violations; and
- comply with our legal obligations.
We do not:
- sell Customer Content to any third party;
- use Customer Content to train AI models without your explicit consent; or
- access Customer Content except as necessary for the purposes above, or as required by law.
We may derive aggregated and fully de-identified insights from usage patterns across the Services for analytics, benchmarking, and product improvement, provided such data cannot be used to identify you or any individual.
8. Sharing Personal Data
We share personal data only in the following circumstances:
8.1 Third-Party Service Providers
We share data with service providers who process it on our behalf, including:
- Cloud infrastructure providers (for hosting, storage, and compute)
- Payment processors (for billing and invoicing)
- AI model providers (to route requests through the Services, subject to their own terms)
- Analytics and monitoring tools (for product telemetry and security)
- Customer support platforms (for managing support interactions)
All such providers are required to process data only on our instructions and to maintain appropriate security measures.
8.2 AI Model Providers
When you use the Services to route requests to third-party AI models (such as those offered by OpenAI, Anthropic, Google, or others), your prompts and associated data are transmitted to those providers. Each provider processes that data under its own terms of service and privacy policy. We are not responsible for how third-party AI providers handle data transmitted to them.
8.3 Business Transfers
If Traceport undergoes a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant successor entity, subject to equivalent privacy protections.
8.4 Legal and Regulatory Disclosure
We may disclose personal data to courts, regulators, law enforcement agencies, or other competent authorities where required by applicable law, court order, or binding governmental request. Where legally permitted, we will notify you before making such a disclosure.
8.5 Protection of Rights
We may disclose personal data where reasonably necessary to protect the rights, property, or safety of Traceport, our users, or third parties, or to detect, prevent, or address fraud or security incidents.
We do not sell personal data to third parties for advertising or marketing purposes.
9. International Data Transfers
Traceport is incorporated in India. Some of our service providers and AI model providers may be located outside India. Where personal data is transferred outside India, we take steps to ensure that appropriate safeguards are in place in accordance with applicable law, including the DPDP Act and any rules or regulations made thereunder governing cross-border data transfers.
Where personal data is transferred to a country or territory outside India, we ensure that appropriate safeguards are in place, including binding contractual obligations on recipients to protect the data to a standard equivalent to that required under Indian law. We periodically review such transfers to ensure continued compliance with the DPDP Act and any rules notified thereunder.
10. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.
| Data Category | Typical Retention Period |
|---|---|
| Account and identity data | Duration of account plus 3 years after closure |
| Billing and payment records | 8 years (as required by applicable tax and accounting law) |
| Usage logs and API activity | 90 days rolling |
| Customer Content | As configured by you, or deleted upon account closure |
| Support communications | 3 years from resolution |
| Security and audit logs | 5 years |
You may request deletion of your personal data at any time, subject to our legal obligations and legitimate interests in retaining certain records (e.g. for fraud prevention, dispute resolution, or regulatory compliance).
11. Cookies and Tracking Technologies
We use cookies and similar technologies on our website and dashboard for the following purposes:
- Essential cookies: Required for authentication, session management, and core functionality. These cannot be disabled without affecting service operation.
- Analytics cookies: Used to understand how users interact with the Services, which pages are visited, and how features are used.
- Preference cookies: Used to remember your settings and preferences.
You may manage your cookie preferences through your browser settings. Disabling non-essential cookies may affect certain features of the Services.
When you first visit our website, a cookie consent banner will be displayed allowing you to accept or reject non-essential cookies. Your preference will be stored and can be updated at any time through the cookie settings link in the website footer.
12. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:
- encryption of data in transit (TLS) and at rest;
- access controls and role-based permissions;
- security monitoring and logging;
- regular security assessments; and
- incident response procedures.
No method of transmission or storage is completely secure. If you become aware of any security vulnerability or incident involving the Services, please notify us immediately at legal@traceport.ai.
In the event of a personal data breach that is likely to affect your rights, we will notify you and, where required, the relevant regulatory authority, in accordance with applicable law.
13. Your Rights
Subject to applicable law, you may have the following rights in relation to your personal data:
- Right of access: To obtain confirmation of whether we process your personal data and to receive a copy.
- Right to correction: To request correction of inaccurate or incomplete personal data.
- Right to erasure: To request deletion of your personal data, subject to legal retention obligations.
- Right to withdraw consent: Where processing is based on consent, to withdraw it at any time.
- Right to grievance redressal: To raise a complaint with our Grievance Officer (see Section 15) or with the Data Protection Board of India once it is established.
- Right to nominate: Under the DPDP Act, to nominate another individual to exercise rights on your behalf in the event of death or incapacity.
To exercise any of these rights, please contact us at legal@traceport.ai. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request.
14. Children's Privacy
The Services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data without appropriate consent, please contact us at legal@traceport.ai and we will take steps to delete such data.
15. Grievance Officer
In accordance with applicable Indian law, Traceport has designated a Grievance Officer for privacy-related complaints and queries:
Grievance Officer Shineport Innovations Pvt. Ltd. Traceport Legal Team 472/7, Balaji Arcade, 2-3 Floor, AVS Compound, Egipura, Koramangala VI Block, Bangalore, Karnataka, 560095 legal@traceport.ai
Complaints will be acknowledged within 7 days and resolved within 30 days of receipt, or such timeframe as required by applicable law.
16. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on our website or through the Services, and by updating the "Last Updated" date at the top of this document. Where required by law, we will seek your consent to material changes.
Your continued use of the Services after the effective date of the updated Policy constitutes acceptance of the changes.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Shineport Innovations Pvt. Ltd. 472/7, Balaji Arcade, 2-3 Floor, AVS Compound, Egipura, Koramangala VI Block, Bangalore, Karnataka, 560095 legal@traceport.ai https://traceport.ai
This Privacy Policy is governed by the laws of India. Any disputes arising in connection with this Policy shall be subject to the jurisdiction of the courts in Bengaluru, Karnataka, India.