1. Scope
This Privacy Policy explains how Taracod collects, uses, shares, stores, and protects personal data across taracod.com and Taracod apps. It is intended to support compliance with the EU/UK GDPR, India's Digital Personal Data Protection Act, 2023 (DPDP), and applicable payment and platform requirements.
2. Data we collect
- Account data: email address, login timestamps, subscription state, user IDs, and profile information you provide.
- Payment data: plan, amount, currency, Razorpay customer/payment/subscription/order identifiers, payment status, tax and invoice metadata where applicable. Taracod does not store full card numbers.
- Product data: links, files, prompts, URLs, generated content, analytics events, settings, custom domains, and usage counters.
- Technical data: IP-derived region, device/browser class, referrer, logs, cookies/session tokens, security events, and performance data.
- Support data: messages sent to shiva@taracod.com or through product contact forms.
3. Why we process data
We process data to provide and secure services, authenticate users, process payments, deliver transactional email, prevent abuse, provide analytics, respond to support requests, improve products, comply with law, and enforce terms. Under GDPR this may rely on contract performance, legitimate interests, consent where required, and legal obligations. Under DPDP, processing is limited to lawful purposes connected with providing requested services, user consent, legitimate uses, or legal compliance.
4. Processors and infrastructure
Taracod uses selected service providers that process data only for operational purposes:
- Razorpay for payments, subscriptions, checkout, payment verification, refunds, and webhook events.
- Resend for magic links, transactional email, payment lifecycle email, and service notices.
- Cloudflare for hosting, edge delivery, Pages Functions, Workers, D1 databases, KV storage, R2 object storage, security, DNS, and logs.
5. Cookies and sessions
Taracod uses essential cookies and tokens for login sessions, security, and app operation. Some products use lightweight analytics or event tracking to count views, clicks, usage, quota, and conversions. You can block cookies in your browser, but authenticated features may stop working.
6. International transfers
Taracod and its processors may store or process data in India, the United States, the European Union, or other regions where infrastructure is available. Where GDPR applies, Taracod relies on appropriate safeguards such as processor terms, standard contractual clauses, and security controls provided by infrastructure vendors.
7. Retention
Account and billing records are retained while your account is active and as needed for tax, audit, dispute, fraud prevention, and legal obligations. Product data is retained until deletion, account closure, expiry, or operational cleanup. Security logs and analytics may be retained in aggregated or limited form.
8. Your rights
Depending on your location, you may request access, correction, deletion, export, restriction, objection, withdrawal of consent, or grievance review. To exercise rights, email shiva@taracod.com. We may verify your identity before acting. DPDP requests and grievances can be sent to the same contact.
9. Security
Taracod uses HTTPS, Cloudflare edge security, scoped secrets, signed sessions, provider access controls, and operational logging. No internet service can guarantee absolute security; report suspected issues to shiva@taracod.com.
10. Children
Taracod products are not directed to children. Do not use Taracod if you are under the age required to consent to digital services in your jurisdiction without appropriate parental or guardian consent.