Privacy Policy
Your privacy is important to us. This policy explains how IPO Guruji collects, uses, and protects your personal data.
Last updated: February 1, 2026
1. Introduction
IPO Guruji ("we," "us," or "our") operates the website at ipoguruji.com and the associated API platform. This Privacy Policy describes how we collect, use, store, and share information when you use our website, dashboard, API, documentation, and related services (collectively, the "Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register for an account, we collect:
- Email address -- used for authentication, communication, and account recovery
- Name -- used for account identification and correspondence
- Password -- stored as a secure hash; we never store plain-text passwords
2.2 API Usage Data
When you make API requests, we automatically collect:
- API key identifier -- the key prefix used for authentication (we never log full API keys)
- Request metadata -- endpoint, HTTP method, response status code, and response time
- Rate limit counters -- requests per minute and per day for your account
- Timestamps -- when each request was made
2.3 Technical Information
We collect the following technical data for security and service delivery:
- IP addresses -- used for rate limiting, security monitoring, and abuse detection
- User-Agent headers -- used to identify client applications and detect abuse
- Browser and device information -- collected when you access the website or dashboard
2.4 Billing Information
When you subscribe to a paid plan, billing information is collected and processed by our payment processor, Razorpay. We do not directly store your credit card numbers, bank account details, or UPI IDs. We retain:
- Razorpay subscription and customer identifiers
- Plan type and billing cycle dates
- Payment status and transaction history
2.5 Webhook Configuration
If you configure webhooks, we store your webhook endpoint URLs and delivery logs (success/failure status, response codes) for debugging and reliability purposes.
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Service Delivery
- Authenticate your API requests and manage your account
- Enforce rate limits and usage quotas based on your subscription plan
- Deliver webhook notifications to your configured endpoints
- Process subscription payments and manage billing
3.2 Security & Abuse Prevention
- Detect and prevent unauthorized access, fraud, and API abuse
- Monitor for multi-IP key sharing and unusual usage spikes
- Validate API key integrity and enforce IP allowlists
- Block requests from browsers when server-side-only enforcement is enabled
3.3 Analytics & Improvement
- Analyze aggregated usage patterns to improve the Service
- Monitor API performance, error rates, and latency
- Identify popular endpoints and features to prioritize development
3.4 Communication
- Send transactional emails (account verification, password reset, billing receipts)
- Notify you of service changes, maintenance windows, or security incidents
- Respond to support inquiries and feedback
4. Data Storage & Security
4.1 Infrastructure
Your data is stored using the following services:
- Firebase / Google Cloud Platform -- account data, API keys (stored as SHA-256 hashes), and application data are stored in Firebase Firestore on Google Cloud infrastructure
- Redis (Upstash) -- temporary rate limit counters and cached API responses (automatically expire)
- Firebase Authentication -- user authentication credentials are managed by Firebase Auth with Google's security infrastructure
4.2 Security Measures
We implement the following security measures to protect your data:
- API keys are stored as SHA-256 hashes, never in plain text
- All data in transit is encrypted using TLS/HTTPS
- Data at rest is encrypted using Google Cloud's default encryption
- Access to production systems is restricted and audited
- Regular security reviews of our codebase and infrastructure
4.3 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of discovery and take immediate steps to mitigate the breach.
5. Data Sharing & Third Parties
We do not sell, rent, or trade your personal information to third parties. We may share limited data with the following service providers who assist in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google / Firebase | Hosting, database, authentication | Account data, usage data |
| Razorpay | Payment processing | Email, name, billing details |
| Upstash | Redis caching and rate limiting | API key prefixes, rate counters |
We may also disclose your information if required to:
- Comply with applicable law, regulation, or legal process
- Enforce our Terms of Service
- Protect our rights, property, or safety, or that of our users
- Detect, prevent, or address fraud or security issues
7. Data Retention
- Account data -- retained as long as your account is active; deleted within 30 days of account deletion
- API usage logs -- retained for 90 days for analytics and debugging, then automatically purged
- Rate limit data -- automatically expires in Redis (typically within minutes to hours)
- Billing records -- retained for 7 years as required by Indian tax and accounting regulations
- Webhook delivery logs -- retained for 30 days
8. Your Rights
You have the following rights regarding your personal data:
8.1 Access
You can access your account information, API usage data, and billing history at any time through the dashboard.
8.2 Correction
You can update your account information (name, email) through the dashboard settings page.
8.3 Deletion
You can request deletion of your account and all associated data by contacting us at privacy@ipoguruji.com. Upon receiving a deletion request, we will:
- Revoke all your API keys immediately
- Cancel any active subscriptions
- Delete your account data within 30 days
- Retain only billing records required by law (anonymized where possible)
8.4 Data Export
You can request an export of your personal data in a machine-readable format by contacting privacy@ipoguruji.com. We will provide the export within 30 days of the request.
8.5 Objection
You can object to certain data processing activities by contacting us. We will cease processing unless we have compelling legitimate grounds.
9. Children's Privacy
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us at privacy@ipoguruji.com and we will delete the information promptly.
10. International Data Transfers
Our Service is primarily hosted on Google Cloud infrastructure. Your data may be processed in data centers located outside India. By using the Service, you consent to the transfer of your data to these locations. We ensure that any such transfers are protected by appropriate safeguards consistent with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 15 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
Your continued use of the Service after any changes to this policy constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
- Privacy inquiries: privacy@ipoguruji.com
- General support: support@ipoguruji.com
- Website: Contact Page