1. INTRODUCTION
Kartup AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (the "Service"). We operate under the principles of Data Minimization—meaning we only collect what is strictly necessary to serve you money.
2. DATA WE COLLECT (AND WHAT WE DON'T)
A. Information You Provide to Us:
- Account Information: When you register, we collect your name and email address.
- Financial Profile (Bank Logic): To provide accurate "Gold Buy" verdicts, you may select your banking institutions (e.g., HDFC, SBI) and card networks (e.g., Visa, RuPay). CRITICAL SECURITY NOTE: Kartup AI DOES NOT collect, request, or store Credit/Debit card numbers, CVV codes, Expiry Dates, or PINs. Your "Bank Profile" is a selection of names only, used to trigger our discount algorithms.
B. Information Collected Automatically:
- Device Data: IP address, device type, and operating system (for App Store optimization).
- Search History: We store the product URLs you "Deep Scan" to provide price-tracking updates and to improve the Gemini AI's recommendation accuracy.
- Log Data: Our servers automatically record information created by your use of the Service to help our team to identify and fix bugs.
3. HOW WE USE YOUR DATA
We use the information we collect solely to:
- Generate AI Verdicts: Process product data through Google's Gemini API to determine if you should "Buy" or "Wait."
- Calculate Bank Discounts: Match your "Bank Profile" against our database of active credit card offers.
- Price Alerts: Send push notifications when an item in your wishlist hits a "Gold Buy" price.
- Affiliate Attribution: Ensure that our partnership links (via Cuelinks) function correctly so we can keep the service free.
4. DATA SHARING AND DISCLOSURE
We do not sell your personal data to third-party advertisers. We only share data in the following limited circumstances:
- AI Processing: Your search queries (product names/URLs) are sent to Google Gemini AI for analysis. This data is sent via the "Paid Tier" enterprise channel, which ensures your data is not used to train public AI models.
- Service Providers: We use Supabase (for database hosting) and Vercel (for web hosting). These providers are industry-standard and compliant with global security protocols.
- Legal Requirements: We may disclose data if required by Indian law or in response to valid requests by public authorities.
5. DATA RETENTION & YOUR "RIGHT TO BE FORGOTTEN"
In compliance with the DPDP Act (2023/2026), Kartup AI provides you with full control over your data:
- Retention: We retain your search history only as long as your account is active.
- Deletion: You may click "Delete Account" in the Profile settings at any time. This action will trigger a "Hard Delete" from our servers, removing your email, bank profile, and wishlist within 72 hours.
- Anonymization: We may retain non-identifiable, aggregated data (e.g., "1,000 people searched for iPhone 15 today") for market trend analysis.
6. COOKIES AND TRACKING
The developer team uses minimal cookies to keep you logged into the app. We use Google Analytics and Hotjar to see "heatmaps" of how users interact with the UI, helping Aman and Sahil improve the user experience. You can opt out of tracking via your mobile device settings.
7. SECURITY MEASURES
The developer team has implemented SSL/TLS encryption for all data in transit. Our database is "encrypted at rest," meaning even if the physical servers were accessed, your email and bank preferences remain unreadable.
8. CHILDREN'S PRIVACY
Kartup AI is intended for users aged 18 and above. We do not knowingly collect data from children. If we discover a user is under 18, we will delete their account immediately.
9. CHANGES TO THIS POLICY
As we move from Alpha to Beta, we may update this policy. We will notify you of any significant changes via a push notification or an in-app popup.
10. CONTACT OUR DATA PROTECTION OFFICER (DPO)
If you have questions regarding your data, the DPDP Act, or our security protocols, please contact our team:
Email: [email protected]
Subject: Data Privacy Inquiry
