Privacy Policy

Last Updated: 24 Mar 2026

We take your privacy seriously. To help you stay informed, this policy explains how we handle your information and the choices available to you.

This Privacy Policy covers information collected by Taqiro Technologies India (“Taqiro,” “we,” or “us”). This includes your use of our website, apps, browser extensions, and any other way you interact with the Taqiro Service. If you don’t agree with how we process your data as described here, please refrain from using our Services.

Related Policies: This Privacy Policy is part of Taqiro’s overall user agreement and should be read alongside our Terms of Service and Security Policy. Together, these documents govern your use of Taqiro and explain how your data is collected, used, and protected.

Please review each policy carefully. Your use of the Service indicates your acceptance of this Privacy Policy, along with the Terms of Service and Security Policy.

If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these terms and policies. In such cases, "you" refers to the organization. If you do not agree to these terms or any of the related policies, please do not use the Service.

Contacting Us & Our Data Protection Officer

For general privacy inquiries, please reach out to support@taqiro.com. We have appointed a Data Protection Officer who can be reached at dpo@taqiro.com or via postal mail at 34, New Street, Arumbarthapuram, Pondicherry, India 605110. The DPO oversees our compliance with applicable privacy requirements, including the GDPR, UK GDPR, and DPDP.

1. Information We Collect

When you sign up, we collect the following information:

• Your name

• Your email address

• Your profile picture (if you choose to upload one)

• If you sign up using Google, Microsoft, Apple, or Facebook, we also receive your name, email address and profile picture from those services.

We also collect payment-related information during billing events, but Stripe handles payment method details directly on their secure pages and we never store or see your full card or bank account numbers. Usage telemetry—such as device/browser identifiers, IP address, pages viewed, and feature usage—is tracked through Google Analytics and similar tools to help us improve and monitor the Service.

2. How We Use Your Information

We do not sell any data, including your personal data. We use your personal data for the following purposes, relying on different legal bases under applicable data protection laws:

• To Provide and Maintain the Service (Performance of Contract): We process your data (e.g., tasks, notes, account information) to deliver the core Taqiro Service to you, manage your account, and fulfill our contractual obligations. This includes allowing you to create, store, and access your content, and enabling essential features.

• To Improve and Secure the Service (Legitimate Interests): We process certain technical and usage data (which is typically aggregated and anonymized or pseudonymized where feasible) to understand how our Service is used, identify and fix bugs, enhance functionality, develop new features, and ensure the security and stability of our systems. This data does not directly identify you. Our legitimate interests in doing so are to continually improve the user experience, maintain a competitive and functional product, and protect our Service and users from security threats and fraud.

  • Your Right to Object: Where we process your data based on our legitimate interests, you have the right to object to such processing. If you wish to object, please contact us at support@taqiro.com, and we will assess your request.

• To Assist with Customer Support (Performance of Contract & Legitimate Interests): When you contact our support team, we process your information to address your inquiries, resolve technical issues, and provide you with assistance. This processing is necessary to perform our contract with you (for direct support) and is also based on our legitimate interest in providing effective customer service and improving our support processes.

• For Communications (Legitimate Interests & Opt-out):

  • Essential Service-Related Communications: These include important updates about the Service, security alerts, password resets, changes to our terms or policies, and customer support responses. These communications are necessary for the operation and security of the Service and cannot be opted out of.

  • Other Service-Related Communications & Promotional Messages: From time to time, we may send you information about new features, product updates, offers, or other Taqiro-related news, or request your feedback. You can easily opt out of receiving these types of communications at any time by following the unsubscribe link provided in the email.

• Marketing Communications (Consent): For email, SMS, or other marketing that is not strictly service-related, we rely on your explicit consent as the lawful basis in the EU/UK, India, and other consent-based jurisdictions. You can grant, review, or withdraw this consent at any time through your account preferences or by following the opt-out link on every marketing message. Withdrawal of consent will not affect the lawfulness of processing performed before withdrawal.

3. Data Sharing and Third-Party Processors

We do not sell your personal data to third parties. However, to operate, support, and improve the Service, we use trusted third-party service providers who process personal data on our behalf. These providers are contractually obligated to protect your data, use it only as instructed by us, and comply with applicable privacy and security laws.

A complete and up-to-date list of these subprocessors is provided in the Subprocessors section below.

3.1 Subprocessors

We engage the following trusted subprocessors to help us deliver various parts of the Taqiro service. These subprocessors may process personal data solely for the purposes outlined below and are bound by strict privacy and security obligations.

Infrastructure & Hosting

• Cloudflare: Provision of hosting services.
• Vercel: Provision of hosting services.
• Render: Provision of hosting services.
• Supabase: Database and Storage provider (hosted on AWS).

Email Services

• Zoho Mail: Email communication with users for account-related messages, and updates.
• ZeptoMail: Transactional email delivery for account communications.

Customer Support

• Zoho Desk: Helpdesk and customer support ticket management.

Automation & Integrations

• AppConnector: Alerts, notifications, transactional emails, automation engine, and integrations.

Billing & Payments

• Stripe: Payment processing and subscription billing. Stripe processes billing information directly; we do not store or handle payment method details on our servers.

Affiliates & Referrals

• ReferralRocket: Tracks affiliate and referral interactions to calculate payouts and attribute marketing activity.

Our subprocessors operate under their own Data Processing Addenda (DPA), which apply automatically when using their services. Copies of these DPAs are available on the providers’ websites.

We may disclose personal data when required to comply with a legal obligation, enforce our Terms, protect rights or safety, or respond to lawful requests from public authorities (e.g., subpoenas or court orders). Where permitted, we notify you before sharing data with law enforcement and limit the disclosure to the smallest amount of information needed to satisfy the request.

4. Where Your Data Is Stored and International Transfers

Some of our subprocessors, may process or store data on their own infrastructure. All subprocessors operate under contractual obligations to protect your data, and transfers are governed by appropriate safeguards such as Standard Contractual Clauses (SCCs) where applicable.

Your data is securely stored and processed on Amazon Web Services (AWS) infrastructure. We treat all data with the same level of protection, regardless of where it is stored or processed, and implement robust technical and organizational safeguards consistent with international standards.

Currently, your data is stored and synchronized within one of the following AWS regions:

• East US (North Virginia)
• Central EU (Frankfurt)
• Southeast Asia (Singapore)
• South Asia (Mumbai)

Enterprise plan customers may discuss dedicated regional deployments, including private clouds or isolated infrastructure tailored to specific jurisdictions.

Where data is transferred outside your region, we ensure continued protection through Standard Contractual Clauses (SCCs), adequacy decisions, Binding Corporate Rules (BCRs), or other legally recognized data transfer mechanisms under applicable laws, including: EU GDPR, Singapore PDPA, Australia Privacy Act / APPs, Japan APPI, Brazil LGPD, California CCPA / CPRA, Virginia VCDPA

We take privacy seriously and design our products with a privacy- and security-first mindset. All of our plans comply with current global data protection laws, and we implement appropriate measures to protect your data during storage, processing, and transfer.

5. Data Retention

We retain your personal data only for as long as reasonably necessary to provide you with Taqiro services, or as required to comply with legal, regulatory, or contractual obligations. If you delete your account, your data will typically be deleted within 60 days, unless a longer retention period is required by law. If your account remains inactive for an extended period (typically 12 months), we may deactivate it and schedule your data for deletion, after attempting to notify you via your registered email.

Data retention is governed by the principle of proportionality under the GDPR/UK GDPR: we review our retention schedules annually and retain only the minimum data needed for each lawful purpose. Automated cleanup jobs and manual reviews validate that the data we keep aligns with the original purpose and does not exceed the necessary scope.

6. Your Rights

You have the right to access, correct, delete, restrict or object to processing of your personal data, and to receive a portable copy of your data. To exercise these rights, please contact us at support@taqiro.com

We honor Global Privacy Control (GPC) and similar browser signals by applying them as a notice to stop the sale or sharing of personal data where applicable, and by adjusting the categories of data we collect or process for marketing purposes whenever we receive such signals.

To protect your account, we verify data subject requests by confirming the requestor’s email address, account identifier, or other information already in our records. We respond within 30 days, extendable by 30 days with notice, and we use secure channels (email or portal) to deliver the data or update our records after verifying your identity.

We use essential cookies and similar technologies to keep you signed in, load your preferences, and support core service functionality. We also deploy analytics cookies (like Google Analytics) that collect aggregated usage data to improve the Service. These analytics cookies are processed under our legitimate interests, and you can block them through your browser settings.

Consent & Grievance (Indian DPDP)

We currently rely on contractual obligations and legitimate interests for all processing described in this Policy, and we do not collect consent for marketing or optional analytics. If we introduce consent-based processing in the future, we will implement a dedicated consent manager that lets you review, download, and withdraw consents per purpose. In the meantime, you can direct DPDP-related questions or complaints to grievance@taqiro.com; we aim to acknowledge receipt within 8 business hours and resolve complaints within 30 days.

7. Decision-Making and Profiling

Taqiro does not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you without meaningful human oversight. We augment certain workflows with artificial intelligence and machine learning, and those components are disclosed and governed by the EU AI Act principles (see below).

8. Artificial Intelligence Transparency

We do not operate our own AI models. Instead, some automations rely on AppConnector, which lets you connect to AI services such as Gemini, ChatGPT, Claude, or any other provider by supplying your own API key. You remain fully in control of the data that is sent to those providers, and we do not transfer any additional user data to them beyond what you explicitly route through the automation. You also retain the final decision on whether to execute or act on any AI output.

Today, none of our AI features automatically profile you for pricing, eligibility, or any other commercial decision. If in the future we ever introduce profiling that affects those outcomes, we will (a) update this Policy with the specific use case, (b) explain what data feeds the profile, and (c) give you a human review, correction, or deletion option for the profile information.

9. High-Risk Processing and DPIAs

Currently we do not perform high-risk processing as defined under GDPR/DPDP. Should we introduce AI capabilities, analytics clusters, or any processing that triggers those thresholds, we will conduct Data Protection Impact Assessments (DPIAs) beforehand. The DPIAs will be reviewed by the DPO and updated annually or whenever the risk profile evolves.

10. Joint Controller Relationships

Taqiro acts as the sole controller for the data we collect through the Service. Certain integrations (for example, shared tasks or CRM-linked workflows) may involve joint-controller relationships with the integration partner. Where a joint controller exists, we identify that relationship at the point of integration and provide the partner’s contact information so you can exercise your rights with them as well.

11. State Privacy Laws

Taqiro complies with the broad patchwork of U.S. privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and the new 2026 statutes in Indiana and Kentucky, among others—over 20 active state laws in total. Wherever a law provides greater rights, we honor those rights as noted in this Policy.

12. AI Governance (EU AI Act Alignment)

Our platform integrates with third-party AI providers through AppConnector automations. Each automation clearly identifies when an AI action is invoked, and the inputs you supply remain under your control. You can always review or disable those automations yourself, and you may request documentation or human oversight by contacting support@taqiro.com.

13. Children’s Privacy

Taqiro is not designed for or directed to children under the age of 16. We do not knowingly collect personally identifiable information from anyone under 16. If we become aware that we have inadvertently collected such information, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted here with an updated revision date.