Who We Are
SmartTradersIndia ("we", "us", "Platform") is a SaaS technology platform registered in Gujarat, India (GSTIN: 24AFUPP7744K1ZM). This Privacy Policy applies to all users of the SmartTradersIndia Telegram Mini App, admin panel, and any associated services.
For privacy-related queries, contact: support@smarttradersindia.com
Data We Collect
2.1 Identity & Profile Data
- โTelegram user ID, first name, last name, and username (received from Telegram on first login).
- โMobile number (submitted during KYC Step 1 โ verified via Telegram).
- โEmail address (submitted during KYC Step 2 โ verified via email confirmation link).
- โFull name as per KYC documents.
2.2 Financial & KYC Data
- โBank account number and IFSC code (submitted via cheque image OCR).
- โUPI ID.
- โPAN card number.
- โCitizenship status and GST registration number (optional).
- โBank cheque image uploaded during KYC (stored on Cloudinary).
2.3 Exchange API Credentials
- โDelta Exchange API key and API secret (submitted during Delta Exchange setup).
- โThese are stored encrypted using AES-256-GCM with a key held in Railway environment variables.
- โTemporary login credentials submitted for sub-account creation are deleted immediately after API setup is complete.
2.4 Trading & Subscription Data
- โSubscription details: algo ID, lot size, mode (paper/live), subscription dates.
- โTrade records: all executed and paper trades associated with your account.
- โP&L data: monthly and cumulative profit/loss per algorithm.
- โHigh Water Mark history per algorithm.
2.5 Wallet & Billing Data
- โSTI Wallet balance and transaction history.
- โPayment records: deposit amounts, UTR numbers, approval status.
- โPlatform Service Fee invoices.
- โGST number provided for invoice purposes (optional).
2.6 Technical & Usage Data
- โActivity feed events (subscription actions, alerts, notifications).
- โAudit log entries for significant account actions.
- โIP address of Delta Exchange API validation requests (stored on VPS).
How We Use Your Data
Data Storage & Security
Infrastructure:
Security measures:
- โExchange API keys: AES-256-GCM encryption before database storage.
- โAdmin access: JWT-based authentication with OTP verification.
- โDatabase: Row-Level Security (RLS) on all Supabase tables.
- โPII masking in admin panel: mobile, email, PAN, bank account, IFSC, UPI shown as first 2 chars + *** + last 2 chars.
- โAll data in transit encrypted via HTTPS/TLS.
- โTemporary Delta Exchange login credentials deleted immediately after API setup completion.
Third-Party Services
The Platform uses the following third-party services to deliver its functionality:
We do not sell, rent, or share your personal data with any third party for advertising, marketing, or commercial profiling purposes.
Data Retention
- โActive account data: retained for the duration of your account.
- โTrade and billing records: retained for 7 years for GST compliance under Indian tax law.
- โKYC documents (cheque images): retained for 5 years post account closure.
- โDeleted account data: core PII anonymised within 30 days of deletion request; billing records retained per tax law requirements.
- โTemporary API credentials: deleted immediately upon admin completing Delta Exchange setup.
- โRedis cache data: 60-second TTL for permission data; 1-hour TTL for pre-warmed cache.
Your Rights
As a user of SmartTradersIndia, you have the following rights regarding your personal data:
- โRight to Access: Request a copy of all personal data we hold about you.
- โRight to Correction: Request correction of inaccurate personal data.
- โRight to Deletion: Request deletion of your account and personal data (subject to legal retention obligations).
- โRight to Data Portability: Request your trading history and billing data in a machine-readable format.
- โRight to Withdraw Consent: Withdraw API access at any time by revoking API keys on Delta Exchange.
To exercise any of these rights, email support@smarttradersindia.com with the subject line "Data Rights Request โ [Your Name]". We will respond within 30 days.
Cookies & Tracking
The SmartTradersIndia platform operates primarily as a Telegram Mini App and does not use browser cookies for authentication. The admin panel uses localStorage to store JWT tokens for admin session management. No third-party advertising trackers or analytics pixels are deployed on the Platform.
The public website (www.SmartTradersIndia.com) may use basic analytics (Vercel Analytics) to track page views and performance metrics. No personally identifiable information is collected through website analytics.
Children's Privacy
The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has registered on the Platform, please contact us immediately at support@smarttradersindia.com and we will take prompt action to delete the account and associated data.
Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated to registered users via Telegram notification. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the Platform after the effective date of revised terms constitutes acceptance.