← Back to Bharat Trade

Privacy Policy

Last updated: 2026-04-29

1. Who we are

Bharat Trade is operated as a technology platform for Indian retail traders. We provide AI-curated trading signals, market analysis, and a journal — we are not a SEBI-registered investment advisor or broker. Use of the platform is governed by our Terms & Conditions.

2. What we collect

  • Account data: email address, hashed password, and a profile row in our database.
  • Broker tokens: when you connect Zerodha Kite, we store the encrypted access token and request token issued by Zerodha. We never see or store your Kite password.
  • Trading data: the orders you place via the platform, fills returned by your broker, paper-trade history, journal entries, and any screenshots you upload.
  • Product analytics: page views and click events via PostHog, error reports via Sentry. These are tied to your user ID for support, not sold to third parties.
  • Billing data: if you subscribe, Razorpay processes the payment. We store the Razorpay subscription ID and the resolved plan tier — not your card details.

3. How we use it

  • Generate AI-curated signals tailored to your risk profile.
  • Maintain your trade journal and compute net-of-cost performance metrics.
  • Bill you (if on a paid plan) and reconcile failed payments.
  • Improve product reliability by triaging Sentry errors and PostHog funnels in aggregate.
  • Send transactional emails (login alerts, billing receipts, critical risk events). We do not send marketing email without opt-in.

We do not sell your data, share it with advertisers, or use your trades to train third-party models.

4. Where we store it

  • Primary database: Supabase (PostgreSQL), hosted in the region(s) selected for the project (currently India and EU fallback).
  • Frontend: Vercel (global edge) — the application bundle, no user data at rest.
  • Backend: Railway (region pinned closest to Supabase).
  • Backups: Supabase point-in-time restore, retained 7 days.
  • Broker tokens are encrypted at rest using a key held in the backend environment.

5. Your rights

Under India's Digital Personal Data Protection Act, 2023 (DPDPA) you have the right to:

  • Access the data we hold about you.
  • Correct anything inaccurate.
  • Delete your account — when you do, we wipe your profile, broker tokens, journal, paper trades, and chat history within 30 days. Razorpay records may be retained for the period required by tax law.
  • Withdraw consent for analytics tracking.
  • Lodge a complaint with the Data Protection Board of India.

To exercise any of these rights, email support@bharat-trade.in from the address on your account.

6. Cookies and similar tech

We use a single first-party session cookie issued by Supabase Auth and a PostHog analytics cookie. We do not use third-party advertising cookies. You can disable analytics by emailing the support address above.

7. Security

We follow industry-standard practice: TLS in transit, encrypted secrets at rest, row-level security on every Supabase table, append-only audit log for sensitive events. No system is unbreakable — if you spot a vulnerability, please report it responsibly to the support address.

8. Children

Bharat Trade is intended for users 18 years or older who are eligible to trade Indian securities. We do not knowingly collect data from minors.

9. Changes to this policy

We'll post material changes on this page and notify you by email at least 14 days before they take effect.

10. Contact

Questions, concerns, or DPDPA requests: support@bharat-trade.in.