Privacy Policy
Last updated: 15 June 2026
This Privacy Policy explains how IntradayNinja ("we", "us", "our"), operating at intradayninja.trade, collects, uses, stores, and protects your personal data. This policy is designed in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000.
1. Data We Collect
1.1 Account Information
- Email address — used for authentication, billing communications, and service notifications.
- Full name — used for account identification and billing records.
- Password — stored as a salted bcrypt hash. We never store or have access to your plaintext password.
1.2 Broker Credentials
- API keys and access tokens — provided by you when connecting broker accounts (Zerodha, Dhan, Angel One, Upstox).
- Client IDs — your broker-assigned identifiers.
Broker credentials are encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 authentication). Tokens are decrypted only at the moment of API interaction and are never logged, cached in plaintext, or exposed via our APIs.
1.3 Trading Data
- Order history — records of orders placed through the Platform, including instrument, quantity, price, order type, and execution status.
- Position and P&L data — fetched from broker APIs for analytics and dashboard display.
- Webhook payloads — signal data received from TradingView or Telegram, stored for execution audit trails.
1.4 Technical Data
- IP address and approximate geolocation (country-level).
- Browser type, operating system, and device information.
- Pages visited, feature usage patterns, and session duration.
2. How We Use Your Data
We process your personal data for the following purposes:
- Service delivery — authenticating you, connecting to broker APIs, executing trades, and displaying analytics.
- Billing — processing subscription payments via Cashfree, issuing invoices, and managing plan changes.
- Communications — sending transactional emails (order confirmations, billing receipts, security alerts) and, with your consent, product updates.
- Security — detecting unauthorised access, abuse, or anomalous activity on your account.
- Improvement — analysing aggregated, anonymised usage data to improve Platform reliability and features.
3. Data Sharing
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
- Broker APIs — your encrypted credentials are decrypted and transmitted to the respective broker's API endpoints solely to execute your trading instructions. This is essential for the core functioning of the Service.
- Payment processor (Cashfree) — your email and payment details are shared with Cashfree Payments for subscription billing. Cashfree is PCI-DSS compliant and processes payments under its own
- Legal obligations — we may disclose data if required by Indian law, court order, or regulatory directive from SEBI or other competent authorities.
We do not use any third-party advertising networks or share data with data brokers.
4. Data Security
- Broker tokens encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256).
- All data transmitted over TLS 1.2+ (HTTPS only).
- Passwords hashed with bcrypt (cost factor 12).
- Database access restricted to application-layer services with role-based credentials.
- JWT-based session tokens with configurable expiry and refresh rotation.
- Infrastructure hosted in India-region data centres to minimise data residency concerns.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Broker credentials | Deleted immediately on broker disconnect or account deletion |
| Trade & order history | 12 months from creation, then anonymised |
| Webhook / signal logs | 90 days, then purged |
| Billing records | As required by Indian tax law (8 years) |
| Technical / analytics data | 6 months, aggregated thereafter |
6. Your Rights Under DPDPA 2023
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to Access — request a summary of the personal data we hold about you and how it is being processed.
- Right to Correction — request correction of inaccurate or incomplete personal data.
- Right to Erasure — request deletion of your personal data. Upon receiving a valid request, we will delete your data within 30 days, subject to legal retention obligations (e.g., tax records).
- Right to Nominate — nominate another individual to exercise your rights in the event of your death or incapacity, as provided under DPDPA.
- Right to Grievance Redressal — lodge a complaint with our Data Protection Officer or escalate to the Data Protection Board of India.
To exercise any of these rights, email us at privacy@intradayninja.trade. We will respond within 30 days.
7. Data Export
You may export your data at any time from your account settings. The export includes your profile information, connected broker accounts (excluding encrypted tokens), trade history, and webhook logs in JSON format.
8. Cookies & Local Storage
- Essential cookies — JWT session tokens stored in secure, httpOnly cookies for authentication. These are strictly necessary and cannot be disabled.
- Preferences — theme settings and UI state stored in browser localStorage. No personal data is stored in localStorage.
- Analytics — we may use privacy-respecting, cookieless analytics (no third-party tracking cookies). We do not use Google Analytics or any advertising-linked tracker.
9. Children's Data
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor's data has been collected, we will delete it promptly.
10. Cross-Border Data Transfer
Your data is processed and stored within India. In the event that any processing occurs outside India (e.g., via cloud infrastructure sub-processors), it will only be to jurisdictions notified by the Central Government under DPDPA Section 16, and appropriate safeguards will be in place.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email at least 15 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
12. Data Protection Officer
Data Protection Officer
IntradayNinja
Email: privacy@intradayninja.trade
Response time: Within 30 days of receipt
13. Contact
For any privacy-related questions or concerns, contact us at privacy@intradayninja.trade.