Privacy Policy

How TrueTrend handles your personal data

Last Updated: May 2026

This Privacy Policy ("Policy") describes how TrueTrend AI ("TrueTrend", the "Platform", "we", "us", "our") — accessible at https://truetrend.cloud and its sub-domains — collects, uses, stores, discloses, and protects your personal data.

This Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 ("DPDP Act") (as and when its provisions are notified and brought into force).

By creating an account, accessing, or using the Platform, you confirm that you have read and understood this Policy and consent to the processing of your personal data as described herein.

1. Data Fiduciary

For the purposes of the DPDP Act, the Data Fiduciary in respect of personal data collected through the Platform is Dcimal Intelligence Private Limited, the operator of the TrueTrend AI platform. You can reach us at support@truetrend.cloud or, if you are a registered user, through the in-platform Support feature after logging in.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Information you provide directly

  • Account data: email address, username, password (stored as a salted bcrypt hash — never in plain text), optional display name and phone number.
  • Verification data: one-time passwords (OTPs) sent to your email and/or phone during signup, expiring after a short interval.
  • Third-party single sign-on (SSO) data: if you sign in via a supported third-party identity provider, the email address, provider subject identifier, and basic profile information returned by that provider to us under your consent.
  • Payment data: when you subscribe to a paid plan, your payment is processed by one or more third-party payment gateways. We do not store your card number, CVV, UPI PIN, net-banking credentials, or any sensitive payment-instrument data. We only retain a transaction reference, payment status, amount, plan purchased, and gateway identifier for accounting and reconciliation.
  • Support content: messages, screenshots, and attachments you send to our support team or post on the in-platform discussion / journal features.

2.2 Information collected automatically

  • Device & connection data: IP address, user-agent string, browser type, operating system, and approximate timezone, recorded on login attempts and on the maintenance of authenticated sessions.
  • Authentication events: a record of each successful and failed login attempt against your account (timestamp, IP, user-agent, success/failure reason). This is retained for security auditing.
  • Usage data: pages visited, features used, error logs, and aggregate interaction patterns. We use this purely to operate, debug, and improve the Platform.
  • Cookies & local storage: we use browser local storage to keep your authentication tokens and a small number of UI preferences. We do not currently set tracking or advertising cookies. If we add analytics cookies in future, this Policy will be updated and consent will be sought where required.

2.3 Information we do not collect

  • We do not collect your demat account number, trading account credentials, broker login, or PAN.
  • We do not collect your Aadhaar, biometric data, sexual orientation, religious beliefs, or political affiliation.
  • We do not knowingly collect data from any individual under the age of 18 (see Section 9).

3. Why We Process Your Data (Purposes)

We process your personal data only for the following specific, lawful purposes:

  • To create, secure, and operate your account on the Platform.
  • To authenticate you and detect unauthorised access, fraud, or abuse.
  • To deliver the analytics, dashboards, signals, and other educational features you subscribe to.
  • To process payments for subscriptions, issue invoices, and prevent payment fraud.
  • To send transactional communications (OTPs, subscription receipts, important account or service notifications, admin broadcasts).
  • To respond to support requests and grievances.
  • To meet legal, regulatory, accounting, and tax obligations (including under the Companies Act, 2013, the Income Tax Act, 1961, GST law, and SEBI-related disclosures where applicable).
  • To improve the Platform, debug issues, and develop new features. Where used for product improvement, data is reviewed in aggregated and de-identified form wherever practical.
  • To enforce our Terms of Use and protect our legal rights.

We do not sell your personal data. We do not share your personal data with third-party advertisers.

4. Lawful Basis for Processing

We process your personal data on one or more of the following bases:

  • Your consent given at account creation and (where applicable) at the point a specific feature is enabled;
  • Performance of the contract between you and the Company (i.e. delivering the Platform you subscribed to);
  • Compliance with legal obligations in India;
  • Legitimate interests of the Company in operating, securing, and improving the Platform, where such interests are not overridden by your rights and freedoms.

5. Sharing of Personal Data with Third Parties

We share your personal data with the following categories of third parties, and only to the extent necessary:

  • Third-party payment gateways: for processing subscription payments. Their handling of payment-instrument data is governed by their own privacy policies, which are made available to you at the point of payment.
  • Third-party transactional email provider: used to send OTPs, receipts, and important account notifications.
  • Hosting & infrastructure providers: third-party cloud and storage providers used to host the Platform and to maintain backups.
  • Market-data providers: authorised third-party data feeds and APIs used to source publicly available market data. These providers do not receive personal data about you.
  • Third-party SSO provider: only if you choose to sign in via a supported third-party identity provider, in which case that provider will share your basic profile information with us under your consent on its own consent screen.
  • Professional advisers: our auditors, lawyers, chartered accountants, and similar advisers, under duties of confidentiality, where strictly necessary.
  • Government authorities, courts, and law-enforcement agencies: where we are required to disclose data by a valid legal order or applicable law.
  • Successors and acquirers: in the event of a merger, acquisition, restructuring, sale of all or part of our business, or insolvency, your data may be transferred to the successor entity. We will give reasonable notice if this happens.

All such processors are bound, by contract or by law, to use your data only for the specified purpose and to maintain reasonable security safeguards.

6. Cross-Border Transfer

Some of our processors (e.g. cloud hosting, storage, and SSO providers) may store or process data on servers located outside India. We rely on contractual safeguards with these providers and, where applicable, on permissions granted by the Government of India under Section 16 of the DPDP Act, 2023. By using the Platform you consent to such cross-border transfers solely for the purposes set out in this Policy.

7. Retention of Data

We retain personal data only as long as needed for the purposes for which it was collected:

  • Account data — retained for the life of your account, plus a reasonable period thereafter for backups, audit, and legal compliance.
  • Payment / billing records — retained for at least 8 years from the end of the relevant financial year, as required by the Companies Act, 2013 and the Income Tax Act, 1961.
  • Login event records — retained for 18 months for security audit, after which they are aggregated or deleted.
  • Support correspondence — retained for up to 36 months from the date of the last interaction.
  • Backups — encrypted backups are retained on a rolling basis (typically up to 13 months) and overwritten in the ordinary course.

When the retention period expires, we either delete the data or anonymise it irreversibly.

8. Your Rights

Subject to applicable Indian law, you have the following rights in respect of your personal data:

  • Right to access — to obtain a summary of the personal data we process about you.
  • Right to correction — to have inaccurate or incomplete data corrected.
  • Right to erasure — to request deletion of data no longer needed for the purposes for which it was collected, subject to our legal retention obligations.
  • Right to withdraw consent — you may withdraw consent for any consent-based processing at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right of grievance redressal — to lodge a grievance with our Grievance Officer (see Section 12).
  • Right of nomination — to nominate another individual to exercise these rights on your behalf in the event of death or incapacity (under the DPDP Act).

To exercise any of these rights, contact us at support@truetrend.cloud. We will respond within the timelines prescribed by applicable law (and in any event no later than 30 days).

9. Children

The Platform is intended for use only by individuals who are 18 years of age or older and who have the legal capacity to enter into a contract under the Indian Contract Act, 1872. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such data.

10. Security Practices

We follow industry-standard "reasonable security practices and procedures" as required under the SPDI Rules, including:

  • Encryption of data in transit (HTTPS / TLS) between your browser and our servers;
  • Storage of passwords as salted bcrypt hashes;
  • Encrypted backups stored in access-controlled cloud storage;
  • Role-based access controls and audit logging for administrative actions;
  • Network-level rate limiting and basic intrusion-detection measures;
  • Periodic review of our security posture.

No internet-based system is perfectly secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

11. Changes to This Policy

We may update this Policy from time to time to reflect changes in law, our services, or our practices. The "Last Updated" date at the top of this page indicates when this Policy was most recently revised. Material changes will be notified to you by email or by an in-app notice. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

12. Grievance Redressal

In accordance with the IT Act, 2000, the SPDI Rules, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, you may raise any privacy or data-related grievance through either of the following channels:

We endeavour to acknowledge every grievance within 7 (seven) days and to resolve it within 15 days of receipt, as required under applicable law. See the Contact & Grievance page for the complete procedure.

13. Governing Law & Jurisdiction

This Policy is governed by the laws of India. Any dispute arising out of or in connection with this Policy is subject to the exclusive jurisdiction of the courts in Muzaffarpur, Bihar.

Other legal documents:

DisclaimerPrivacy PolicyTerms of UseRefund & CancellationContact & Grievance

© 2026 TrueTrend. All rights reserved. TrueTrend is a brand of Dcimal Intelligence Private Limited.