Privacy Policy

For consumers: phone number, name, pickup/dropoff addresses, item description and weight, payment instrument tokens (we never see raw card or UPI credentials), and device location during an active order. For drivers: KYC documents (Aadhaar, PAN, driving licence, RC, insurance) as required by Indian transport regulations, vehicle details, and live location while on duty. For developers: account email, billing details, API key usage logs, and webhook delivery logs.

To run deliveries (matching, tracking, ETAs, support), to settle payments and driver payouts, to detect fraud and abuse, to improve routing and pricing, and to comply with Indian law including the Digital Personal Data Protection Act, 2023. We do not sell personal data, ever.

The driver assigned to your order sees your phone, name, and pickup/drop addresses for the duration of the trip. Payment processors (Razorpay, Cashfree) receive the minimum data needed to process the transaction. Analytics and infrastructure providers (Cloudflare, OVH/Hetzner, Sentry) process logs under data-processor agreements bound by this Policy. We disclose data to law enforcement only on receipt of a legally valid order.

All operational data is stored in data-centres in the European Economic Area and India, with India-resident copies of personal data as required by the DPDP Act. Backups are encrypted at rest. We are working towards full SOC 2 readiness in 2026.

Under the DPDP Act you can request access to, correction of, or erasure of your personal data, and you can withdraw consent at any time. Email hello@tarasvin.app with the subject “DPDP request” and we will respond within the statutory timeline. Some data we are legally required to retain — for example, financial records under the Income Tax Act and driver KYC records under the Motor Vehicles Act.

You can close your Tarasvin account from the in-app profile screen on the rider or driver app, or via the public /delete-account page using a phone-OTP flow. On request we lock the account immediately, sign you out of every device, and stop sending you offers or notifications. There is then a 30-day grace period during which you can cancel the closure from the same screen. After the grace period, we permanently scrub your name, email, profile photo, addresses, KYC document images, and contact info. We are required by Indian law to retain a subset of records for seven years even after closure: wallet ledger entries, order and ride records, payment transactions, settlement and tax records. These records are kept without your name attached — the row stays for the legal audit trail; the personally identifying fields are cleared.

Our website uses essential cookies for session management and a single product-analytics cookie. We do not run advertising or cross-site tracking cookies. You can disable analytics in your browser without losing site functionality.

Tarasvin is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has signed up, contact us and we will delete the account.

We will post material changes to this Policy at least 30 days before they take effect, with the new effective date at the top of the page. Continued use of the Service after that date constitutes acceptance.

Tarasvin Technologies Pvt. Ltd., Bangalore, Karnataka. Email hello@tarasvin.app for any privacy or data-protection request — we will route it to our Data Protection Officer.