Privacy Policy

This Privacy Policy explains how TARK Technologies ("TARK", "we", "us", "our") — operating from Mumbai, India — collects, uses, stores and shares your personal data when you interact with our website, products, APIs and services (collectively, the "Services").

For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), TARK acts as the Data Fiduciary in respect of personal data we determine the purpose and means of processing for. You are the Data Principal.

If you do not agree with this Policy, please do not use the Services. Questions? Email us at vedant@tark.tech.

We only collect the data we need to run the Services and serve you well. The categories are:

Information you give us directly

• Name, work email, phone number and company details (e.g. when you book a demo or sign up);
• Account credentials and role/permissions inside your TARK workspace;
• Billing details — handled by our payment processor; TARK does not store full card numbers;
• Anything you choose to share with us over email, support tickets or sales calls.

Information collected automatically

• Device and browser data — IP address, device type, OS, browser version, language;
• Usage data — pages visited, features used, session timestamps, referring URL;
• Diagnostic data — error reports and performance traces needed to keep the Services running;
• Cookie identifiers (see Section 11).

Information from third parties

• Publicly available business directories and professional networks (e.g. LinkedIn) for B2B outreach;
• Authentication providers if you sign in via Google or similar (only the data you authorise).

We do not knowingly collect sensitive personal data (financial account details beyond payment processing, health data, biometrics, caste, religious or political beliefs) unless you provide it to us voluntarily and with consent.

We process your personal data for the following specified, lawful purposes:

• Provide the Services — create your account, run the autonomous decision engine, surface insights, and deliver features you ask for;
• Communicate with you — respond to enquiries, share product updates, send important notices about changes to terms or security;
• Billing and accounting — process payments, issue GST-compliant invoices, comply with tax law;
• Improve our product — analyse aggregate usage patterns to fix bugs, prioritise features and improve reliability;
• Marketing — send relevant updates and offers, only with your consent and always with a one-click opt-out;
• Security and fraud prevention — detect abuse, prevent unauthorised access, and protect TARK and our users;
• Legal compliance — respond to lawful requests from Indian authorities, courts and regulators.

Under the DPDP Act, we process personal data on one of two grounds:

• Your consent — given freely, specifically and informed. You can withdraw consent at any time by writing to us; withdrawal does not affect processing that has already happened;
• Certain legitimate uses permitted by the DPDP Act — for example, performing a contract you have with us, complying with a legal obligation, responding to a medical emergency, or for employment purposes (where applicable).

Where we rely on consent, we tell you what data we are collecting and why, in clear language. You can review the consent notice and withdraw consent through your account settings or by emailing vedant@tark.tech.

We do not sell your personal data. We share it only with parties who help us run the Services, under contractual obligations to protect it:

• Cloud and hosting providers — for compute, storage and database services;
• Payment processors — to handle subscriptions and transactions securely;
• Analytics and product instrumentation tools — to understand product usage;
• Communication tools — to send transactional and marketing email;
• Professional advisors — legal, accounting and audit firms, under confidentiality;
• Indian authorities, courts and regulators — when we are legally required to disclose data;
• A successor entity — in connection with a merger, acquisition, restructuring or sale of assets, subject to the same protections under this Policy.

Every Data Processor we engage is bound by a written contract that requires them to process your data only on our instructions and to apply reasonable security safeguards.

TARK is an India-first company and our primary data infrastructure sits in Indian cloud regions. Some of our service providers may, however, process data outside India.

Where personal data is transferred outside India, we do so only to countries not restricted by the Central Government under the DPDP Act, and we maintain appropriate contractual safeguards with the recipient. We will update this section if government notifications restrict additional jurisdictions.

We keep personal data only as long as we need it for the purpose it was collected, or as required by law:

• Active account data — for as long as your account is active;
• Billing and tax records — for at least eight (8) years as required under Indian tax law;
• Marketing data — until you withdraw consent or for two (2) years of inactivity, whichever is earlier;
• Support and audit logs — typically up to twelve (12) months.

When the retention period ends and there is no remaining legal basis to keep the data, we either delete it or anonymise it so it can no longer be linked to you.

We maintain reasonable technical and organisational security measures designed to protect your personal data, including:

• Encryption in transit (TLS) and at rest for sensitive data;
• Role-based access controls and principle of least privilege internally;
• Audit logs for access to production systems;
• Regular vulnerability scanning and patching;
• Vendor due diligence and signed data processing agreements.

No system on the public internet is ever 100% secure. We cannot guarantee absolute security, but we treat your data with the seriousness it deserves and will notify you and the Data Protection Board of India of any personal data breach as required under the DPDP Act.

TARK is a B2B platform built for adult business users. The Services are not directed to children under 18 years of age, the threshold defined under the DPDP Act for a "child".

We do not knowingly collect personal data of children, and we do not engage in tracking, behavioural monitoring or targeted advertising directed at children. If you believe a child has provided personal data to us, please contact vedant@tark.tech and we will delete it promptly.

Under the DPDP Act, you have the following rights:

• Right to access — request a summary of the personal data we process about you and the activities we have undertaken with it;
• Right to correction and erasure — ask us to correct inaccurate or out-of-date data, or to delete data that is no longer needed;
• Right of grievance redressal — raise any grievance regarding our processing with our Grievance Officer (see Section 13);
• Right to nominate — nominate another individual to exercise your rights in the event of your death or incapacity;
• Right to withdraw consent — at any time, with the same ease with which it was given.

To exercise any right, email us at vedant@tark.tech from the email address associated with your account. We will respond within the timelines prescribed under the DPDP Act.

We may ask you to verify your identity before acting on a request. We will not discriminate against you for exercising any right.

We use a small number of cookies and similar technologies, categorised as:

• Strictly necessary — required for the site and product to function (e.g. session management, theme preference);
• Analytics — to understand how the Services are used in aggregate;
• Marketing — only set with your consent, to measure campaign effectiveness.

You can disable non-essential cookies in your browser settings without breaking core functionality. We honour Global Privacy Control and Do Not Track signals where they are sent.

TARK is an autonomous decision intelligence platform — by design, parts of the Services produce recommendations and actions using machine-learning models. These models operate on your business and operational data inside your TARK workspace.

We do not use automated decision-making on your personal data (as opposed to business data) in any way that produces legal or similarly significant effects on you as an individual. Final business decisions, and accountability for them, remain with you and your team.

In line with the DPDP Act and the Information Technology Rules, 2011, we have designated a Grievance Officer to address concerns about how we handle personal data:

Grievance Officer — Vedant Thakre
TARK Technologies, Mumbai, Maharashtra, India
Email: vedant@tark.tech

We will acknowledge your grievance within seventy-two (72) hours and aim to resolve it within fifteen (15) days. If you remain dissatisfied, you may approach the Data Protection Board of India under the DPDP Act.

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page, and — where the change is significant — we will give you reasonable notice in advance by email or in-product notification.

Your continued use of the Services after the updated Policy takes effect constitutes acceptance of the changes.

For any privacy-related question, request or concern, please reach out:

TARK Technologies
Mumbai, Maharashtra, India
Email: vedant@tark.tech