Skip to content

Privacy Policy

Last updated: 6 May 2026

1. What we collect

When you sign in with Google we receive your email address and name from the OAuth provider. Once you start using the helper we also store your credit balance, transactions (payment records), coupon redemptions, reservations (in-flight batches), and audit-log entries that record administrative actions on your account.

2. Why we collect it

We collect this data to provide the SaaS service (gating credits per row of automation), to process payments via Razorpay, and to meet RBI / regulatory financial-records retention requirements for transaction history.

3. Excel privacy

We do NOT store the contents of Excel templates you upload to the extension. The extension parses Excel client-side via SheetJS; only row counts and asset values pass through DOM automation; nothing is uploaded to backend.

4. Razorpay payments

Payments are processed by Razorpay. When you buy credits, your payment details (card number, UPI ID, bank credentials) are handled by Razorpay directly — we never see them. Razorpay's privacy policy is available at https://razorpay.com/privacy/.

5. Cookies

We set strictly-necessary authentication cookies through the Supabase SSR client (@supabase/ssr) to keep you signed in. We do NOT use analytics cookies, advertising trackers, or third-party profiling cookies.

6. DPDP rights

Under the Digital Personal Data Protection Act, 2023 (DPDP) you have the right to access your data (download a JSON export from your /account page), correct inaccurate data (contact admin support), and delete your data (self-serve deletion via /account, with a 30-day grace period before permanent anonymization).

7. Retention

Transactions are retained for regulatory audit. Audit-log entries are retained indefinitely under our HARD-13 invariant so administrative actions remain accountable. After account deletion, your name and email are zeroed 30 days later; transactions and audit entries are kept for compliance, with personal identifiers removed.

8. Contact DPO

For data-protection questions or to exercise your DPDP rights, contact our Data Protection Officer at the contact page or email [DPO_EMAIL]. We respond within 30 days as required by the DPDP Act, 2023.