Privacy Policy
Last updated: March 2026 | Effective: March 2026
This Privacy Policy is issued in compliance with India's Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000 and rules framed thereunder.
1. Data Fiduciary – Who We Are
Aashita Technosoft Pvt. Ltd. ("Company", "we", "us", or "our") is the Data Fiduciary as defined under the DPDP Act 2023. We operate SCM INSIGHTS at scminsights.ai.
Company: Aashita Technosoft Pvt. Ltd., India
Email: aashita@aashita.ai
Grievance Officer: See Section 14 below
2. Personal Data We Collect
We collect personal data only to the extent necessary for the purposes described in Section 3. Categories we may collect:
- Account data: Full name, email address, mobile number (with country code), company name, GST number (optional)
- Authentication data: Hashed passwords, session tokens, account activation codes
- Payment data: Plan selected, Razorpay order ID and payment ID. We do not store card numbers or UPI PINs — these are handled by Razorpay (PCI-DSS certified).
- Usage data: Pages visited, HS code search queries, IP address, browser type, device type, session timestamps
- Communication data: Messages submitted through our contact form, including name, email, and phone number
- Business data: Company name, trade-related preferences
We do not collect sensitive personal data such as caste, religion, health information, biometric data, or financial credentials beyond payment confirmation IDs.
3. Purpose of Processing & Legal Basis
Under the DPDP Act 2023, we process your personal data only for the following specified purposes:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Consent / Contractual necessity |
| Providing trade intelligence services | Contractual necessity |
| Processing payments and issuing GST invoices | Contractual necessity / Legal obligation |
| Sending transactional emails (activation, password reset) | Contractual necessity |
| Responding to contact form inquiries | Consent (explicit submission) |
| Improving our platform through analytics | Legitimate interest |
| Complying with legal obligations under Indian law | Legal obligation |
| Detecting and preventing fraud and security threats | Legitimate interest / Legal obligation |
We will not use your personal data for any purpose not listed above without obtaining fresh, specific consent from you.
4. Consent & Withdrawal
By registering on SCM INSIGHTS, you provide free, specific, informed, and unambiguous consent for processing your personal data for the purposes listed above.
Withdrawing consent: You may withdraw consent at any time by:
- Emailing our Grievance Officer at aashita@aashita.ai
- Requesting account deletion through your profile page
Withdrawal of consent will not affect the legality of processing carried out before withdrawal. Withdrawal may prevent us from providing certain services.
5. Data Retention
We retain personal data only for as long as necessary for the stated purpose or as required by Indian law:
- Account data: Duration of active account + 3 years after last activity
- Payment/transaction records: 8 years (as required under GST Act, 2017 and Income Tax Act, 1961)
- Session tokens: 30 days from session creation
- Contact form submissions: 2 years from date of inquiry
- Usage/analytics data: 12 months in aggregated, anonymised form
After the retention period, data is securely deleted or anonymised.
6. Sharing of Personal Data
We do not sell your personal data. We may share it only with:
- Razorpay Financial Solutions Pvt. Ltd. — Payment processing (PCI-DSS certified)
- Email service providers — For transactional emails only (e.g., account activation, password reset)
- Cloud infrastructure providers — For hosting the platform (data stored on servers in India wherever possible)
- Legal / regulatory authorities — When required by law, court order, or directive of a competent Indian authority
All processors are contractually bound to protect your data in accordance with applicable law.
7. Cross-Border Data Transfers
We primarily store and process personal data on servers located in India. To the extent any data is transferred outside India (e.g., through certain email or analytics providers), such transfers are carried out in accordance with Section 16 of the DPDP Act 2023 and applicable government notifications, with appropriate contractual safeguards.
8. Data Security
We implement reasonable security practices as required under Rule 3 of the IT (Reasonable Security Practices and Procedures) Rules 2011, including:
- TLS/HTTPS encryption for all data in transit
- bcrypt hashing for all user passwords (never stored in plaintext)
- HTTP-only, Secure, SameSite session cookies
- Rate limiting on authentication and sensitive endpoints
- CORS restrictions limiting API access to authorised origins
- Regular internal security reviews
In the event of a personal data breach, we will notify affected Data Principals and report to the Data Protection Board of India within the timeframe mandated by applicable rules.
9. Your Rights as a Data Principal
Under the DPDP Act 2023, you have the following rights:
- Right to information: Know what personal data we hold and how it is processed
- Right to access: Obtain a summary of your personal data we process
- Right to correction & erasure: Correct inaccurate data or request deletion of your data (subject to lawful retention requirements)
- Right to grievance redressal: File a complaint with our Grievance Officer (see Section 14)
- Right to nominate: Nominate a person to exercise your rights in case of death or incapacity
To exercise any right, contact our Grievance Officer. We will respond within 30 days.
10. Cookies & Tracking
- Essential cookies: HTTP-only session authentication cookies. Required for login functionality.
- Analytics: Aggregated, anonymised usage data to improve our platform. No cross-site tracking or third-party ad targeting.
You may manage cookies through your browser settings. Disabling essential cookies will prevent you from logging in.
11. Children's Data
SCM INSIGHTS is a B2B platform intended solely for business users who are 18 years of age or older. We do not knowingly collect personal data from minors. As required by the DPDP Act 2023, we will not process data of a child without verifiable parental consent. If you believe we have inadvertently collected such data, please contact us immediately for deletion.
12. Third-Party Links
Our platform may contain links to external websites. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies independently.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified by email or a prominent notice on our platform at least 7 days before taking effect. Continued use of our services after the effective date constitutes acceptance of the revised policy.
14. Grievance Officer
In accordance with the DPDP Act 2023 and the IT Act 2000, Aashita Technosoft Pvt. Ltd. has designated the following Grievance Officer:
Name: Grievance Officer, Aashita Technosoft Pvt. Ltd.
Email: aashita@aashita.ai
Response timeframe: Within 30 days of receiving a complaint
If unsatisfied with our response, you may escalate to the Data Protection Board of India once constituted under the DPDP Act 2023.
15. Contact Us
For questions, concerns, or to exercise your rights under this policy:
Email: aashita@aashita.ai
Contact form: scminsights.ai/contact