LEGAL ยท PRIVACY POLICY

Privacy Policy

This policy explains what data we collect, why we collect it, how we store and protect it, and your rights over your personal information.

Effective Date: 1 June 2026Last Updated: 3 June 2026Governing Law: Gujarat, India
๐Ÿ”’
SmartTradersIndia takes data privacy seriously. Exchange API keys are stored using AES-256-GCM encryption. KYC documents are stored on Cloudinary with access-controlled URLs. We do not sell, rent, or share your personal data with third parties for marketing purposes.
1

Who We Are

SmartTradersIndia ("we", "us", "Platform") is a SaaS technology platform registered in Gujarat, India (GSTIN: 24AFUPP7744K1ZM). This Privacy Policy applies to all users of the SmartTradersIndia Telegram Mini App, admin panel, and any associated services.

For privacy-related queries, contact: support@smarttradersindia.com

2

Data We Collect

2.1 Identity & Profile Data

  • โ—Telegram user ID, first name, last name, and username (received from Telegram on first login).
  • โ—Mobile number (submitted during KYC Step 1 โ€” verified via Telegram).
  • โ—Email address (submitted during KYC Step 2 โ€” verified via email confirmation link).
  • โ—Full name as per KYC documents.

2.2 Financial & KYC Data

  • โ—Bank account number and IFSC code (submitted via cheque image OCR).
  • โ—UPI ID.
  • โ—PAN card number.
  • โ—Citizenship status and GST registration number (optional).
  • โ—Bank cheque image uploaded during KYC (stored on Cloudinary).

2.3 Exchange API Credentials

  • โ—Delta Exchange API key and API secret (submitted during Delta Exchange setup).
  • โ—These are stored encrypted using AES-256-GCM with a key held in Railway environment variables.
  • โ—Temporary login credentials submitted for sub-account creation are deleted immediately after API setup is complete.

2.4 Trading & Subscription Data

  • โ—Subscription details: algo ID, lot size, mode (paper/live), subscription dates.
  • โ—Trade records: all executed and paper trades associated with your account.
  • โ—P&L data: monthly and cumulative profit/loss per algorithm.
  • โ—High Water Mark history per algorithm.

2.5 Wallet & Billing Data

  • โ—STI Wallet balance and transaction history.
  • โ—Payment records: deposit amounts, UTR numbers, approval status.
  • โ—Platform Service Fee invoices.
  • โ—GST number provided for invoice purposes (optional).

2.6 Technical & Usage Data

  • โ—Activity feed events (subscription actions, alerts, notifications).
  • โ—Audit log entries for significant account actions.
  • โ—IP address of Delta Exchange API validation requests (stored on VPS).
3

How We Use Your Data

KYC & Identity
To verify your identity, prevent fraud, and comply with applicable regulations.
Exchange API Keys
Solely to place trade orders on your Delta Exchange account. No other operations.
Trading Data
To calculate P&L, HWM, platform fees, and generate performance reports.
Billing & Wallet
To process fee deductions, generate GST invoices, and manage wallet balance.
Email
To send email verification links and critical account notifications via Resend.
Telegram Alerts
To send trade notifications, billing alerts, and low-balance warnings.
KYC Documents
To extract and verify bank details via OCR. Images stored securely on Cloudinary.
4

Data Storage & Security

Infrastructure:

Primary Database
Supabase (PostgreSQL) โ€” hosted on AWS ap-south-1 (Mumbai). Row-Level Security enabled on all tables.
Backend API
Railway โ€” Node.js/Express server. Env vars stored securely in Railway.
Cache Layer
Upstash Redis โ€” used for permission caching and manual trade queue. Data encrypted in transit (HTTPS).
File Storage
Cloudinary โ€” cheque images stored with access-controlled signed URLs.
Copy Trading Engine
Windows VPS (DatabaseMart) โ€” Python service. Env vars in local .env file.
Email Service
Resend โ€” used only for email verification. No marketing emails sent.

Security measures:

  • โ—Exchange API keys: AES-256-GCM encryption before database storage.
  • โ—Admin access: JWT-based authentication with OTP verification.
  • โ—Database: Row-Level Security (RLS) on all Supabase tables.
  • โ—PII masking in admin panel: mobile, email, PAN, bank account, IFSC, UPI shown as first 2 chars + *** + last 2 chars.
  • โ—All data in transit encrypted via HTTPS/TLS.
  • โ—Temporary Delta Exchange login credentials deleted immediately after API setup completion.
5

Third-Party Services

The Platform uses the following third-party services to deliver its functionality:

Telegram
User authentication via Telegram initData. Notifications and Mini App delivery. Subject to Telegram's Privacy Policy.
Delta Exchange India
Trade execution via REST API. Subject to Delta Exchange's own Privacy Policy and Terms.
Supabase
Database hosting (AWS ap-south-1). Subject to Supabase Privacy Policy.
Cloudinary
KYC cheque image storage. Subject to Cloudinary Privacy Policy.
Upstash
Redis cache for user permissions and trade queues. Subject to Upstash Privacy Policy.
Resend
Email verification service. Subject to Resend Privacy Policy.
Railway
Backend API hosting. Subject to Railway Privacy Policy.
Vercel
Frontend website hosting. Subject to Vercel Privacy Policy.

We do not sell, rent, or share your personal data with any third party for advertising, marketing, or commercial profiling purposes.

6

Data Retention

  • โ—Active account data: retained for the duration of your account.
  • โ—Trade and billing records: retained for 7 years for GST compliance under Indian tax law.
  • โ—KYC documents (cheque images): retained for 5 years post account closure.
  • โ—Deleted account data: core PII anonymised within 30 days of deletion request; billing records retained per tax law requirements.
  • โ—Temporary API credentials: deleted immediately upon admin completing Delta Exchange setup.
  • โ—Redis cache data: 60-second TTL for permission data; 1-hour TTL for pre-warmed cache.
7

Your Rights

As a user of SmartTradersIndia, you have the following rights regarding your personal data:

  • โ—Right to Access: Request a copy of all personal data we hold about you.
  • โ—Right to Correction: Request correction of inaccurate personal data.
  • โ—Right to Deletion: Request deletion of your account and personal data (subject to legal retention obligations).
  • โ—Right to Data Portability: Request your trading history and billing data in a machine-readable format.
  • โ—Right to Withdraw Consent: Withdraw API access at any time by revoking API keys on Delta Exchange.

To exercise any of these rights, email support@smarttradersindia.com with the subject line "Data Rights Request โ€” [Your Name]". We will respond within 30 days.

8

Cookies & Tracking

The SmartTradersIndia platform operates primarily as a Telegram Mini App and does not use browser cookies for authentication. The admin panel uses localStorage to store JWT tokens for admin session management. No third-party advertising trackers or analytics pixels are deployed on the Platform.

The public website (www.SmartTradersIndia.com) may use basic analytics (Vercel Analytics) to track page views and performance metrics. No personally identifiable information is collected through website analytics.

9

Children's Privacy

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has registered on the Platform, please contact us immediately at support@smarttradersindia.com and we will take prompt action to delete the account and associated data.

10

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated to registered users via Telegram notification. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the Platform after the effective date of revised terms constitutes acceptance.

11

Contact for Privacy Matters

Email
support@smarttradersindia.com
Subject
"Privacy Request โ€” [Your Name]"
Address
13, Vishwas Bunglows, R.C. Technical Road, Ghatlodia, Ahmedabad โ€“ 380061, Gujarat, India
Response
Within 30 days for all data-related requests