Privacy Policy

1. Introduction

Sumtracker Software Private Limited ("Sumtracker," "we," "us," or "our") respects your privacy. This Privacy Policy ("Policy") explains how we collect, use, store, process, transfer, and disclose your information through our website at https://sumtracker.com ("Website") and our software application (together, the "Platform").

By accessing or using our Platform, you agree to be bound by this Policy. If you do not agree, please do not use our Platform. This Policy should be read together with our Terms of Use. Capitalized terms not defined here have the meanings given in the Terms of Use.

We comply with applicable data protection laws including the Digital Personal Data Protection Act (DPDP Act), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations.

2. Who This Policy Applies To

This Policy applies to all users of our Platform ("you" or "User"), regardless of the device used to access it.

Our Platform is intended for users aged 18 and above. We do not knowingly collect personal information from anyone under 18. If you are under 18, please do not register for or use our Services.

We do not collect, store, or process any personally identifiable information (PII) of the end-users or customers of our Users.

3. What Personal Information We Collect

When you create an account on Sumtracker, we may collect the following:

Information you provide directly:

  • Basic information: First name, last name, company name, company location, postal address, and time zone.
  • Contact information: Email address and phone number.
  • Google account information: If you sign in via Google, we collect your Google email address for authentication and communication.
  • Communications: Any messages you send us, including support inquiries, feedback, and payment-related correspondence.
  • Additional information: Information you provide when filling out forms, participating in promotions, or adding details to your account.

Information collected automatically:

  • Cookies: Small text files stored on your device to track preferences, optimize functionality, and personalize your experience. We use three categories:
    • Strictly Necessary Cookies: Required for the Platform to function and to keep your session secure.
    • Functional Cookies: Remember your preferences such as language, region, and accessibility settings.
    • Performance Cookies: Help us understand how users interact with the Platform so we can improve it.
  • Log files: IP address, device information, browser type, and timestamps, collected automatically by our servers.
  • Web beacons and pixel tags: Small tracking elements on pages and in emails that help us measure engagement and improve communications.
  • Session data: Metrics on how you interact with the Platform, including time spent, pages visited, and navigation patterns.
  • Location data: If you grant permission, we may collect geolocation data. You can withdraw this permission at any time through your device settings.

You can manage cookie preferences through your browser settings. We recommend reviewing your browser's documentation for instructions.

4. How We Use Your Personal Information

We use your personal information for the following purposes:

  • Providing our Services: To fulfil our contractual obligations, authenticate your identity, and maintain your account.
  • Communication: To send you service-related notices, account updates, expiration and renewal reminders, and to respond to your inquiries.
  • Fraud prevention and security: To detect and prevent fraud, abuse, and unauthorized access to the Platform.
  • Troubleshooting and debugging: To diagnose issues, fix errors, and improve Platform performance.
  • Service improvement: To analyze usage patterns, record user sessions (for internal analysis only), and enhance the Platform's features and functionality. All recorded sessions are treated confidentially.
  • Personalization: To recommend features and products, tailor your experience, and provide location-specific services.
  • Marketing: To send promotional messages, event invitations, and relevant offers. You can opt out at any time by following the unsubscribe link in any marketing email.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.
  • Critical account notifications: To inform you about errors or important changes related to your Sumtracker account.

5. Who We Share Your Personal Information With

We may share your personal information with the following parties:

  • Payment processors: We use Stripe and Shopify for billing. We share necessary information for transaction processing. Your payments are also subject to Stripe's Terms and Shopify's Terms.
  • Service providers: Third-party vendors who perform functions on our behalf such as hosting, data analysis, customer service, email delivery, and marketing. These providers may only use your information to perform their designated functions and must comply with applicable data protection laws.
  • Analytics providers: We use tools such as Google Analytics and PostHog to understand Platform usage and improve our Services. Data shared with these providers is aggregated and anonymized where possible.
  • Infrastructure providers: We use cloud hosting services including AWS and GCP to store and process data securely. We may also use other tools and services not specifically listed here.
  • Affiliates: Our parent company, subsidiaries, or joint venture partners, all of whom are required to honor this Policy.
  • Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity.
  • Legal requirements: We may disclose your information to comply with legal obligations, respond to valid legal requests (subpoenas, court orders), protect against fraud, enforce our Terms of Use, or protect the rights, property, or safety of Sumtracker, our users, or the public.
  • Partners: Reputable partners for joint initiatives, promotions, or integrated services.

We do not sell or rent your personal information. We are not responsible for the privacy practices of third parties you interact with independently.

6. Third-Party Integrations

Our Platform allows you to connect with third-party services (e.g., Shopify, Amazon, eBay). When you enable these integrations, we collect only the information necessary to maintain the connection (such as authentication tokens). The third-party service's own privacy policy governs how they handle your data. Please review their policies before connecting.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this Policy, or as required by law.

  • Account cancellation: Data is scheduled for deletion within 60 days of account cancellation.
  • Account deletion: If you delete your account, your data is deleted immediately.
  • Exceptions: We may retain data beyond these periods for fraud prevention, legal compliance, tax and audit obligations, defense of legal claims, or analytical purposes.
  • Shared content: Information you have shared publicly (e.g., reviews or forum posts) may remain visible after your account is closed.
  • Backup copies: Residual copies in backup systems may persist for a limited period.

8. Cross-Border Data Transfers

Your personal information may be transferred to and processed in countries outside your country of residence. These countries may have different data protection laws. When transferring data, we implement appropriate safeguards to protect your information in accordance with applicable laws.

9. Data Security

We implement reasonable physical, electronic, and procedural safeguards to protect your personal information. We use encryption during data transmission.

However, no method of transmission over the internet is 100% secure. You are responsible for keeping your login credentials confidential. We are not liable for unauthorized access resulting from your failure to protect your account credentials, or for any data loss during internet transmission.

10. Data Breach Response

In the event of a data breach, we follow a structured incident response process:

  1. Identification: Promptly detect and acknowledge the breach.
  2. Containment: Take immediate action to limit the impact.
  3. Notification: Notify affected users and relevant authorities as required by law.
  4. Collaboration: Work with regulatory bodies and law enforcement as necessary.
  5. Post-incident review: Assess our response and implement improvements.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: View the personal information we hold about you through your Sumtracker dashboard.
  • Correction: Update or correct inaccurate information via your dashboard or by contacting us.
  • Deletion / Erasure: Request deletion of your personal information, subject to legal exceptions.
  • Withdrawal of consent: Withdraw your consent for data processing at any time. This does not affect the lawfulness of processing done before withdrawal.
  • Objection: Request that we stop processing your personal information. We will comply unless we have legitimate grounds to continue.
  • Data portability: Request a copy of your data in a structured, machine-readable format (where applicable under GDPR).
  • Restriction of processing: Limit how we use your data in certain circumstances.
  • Opt-out of sale / targeted advertising: We do not sell your personal information. If you wish to opt out of targeted advertising, contact us.

To exercise any of these rights, email us at support@sumtracker.com with proof of identity.

We may decline a request if it would violate any law, legal requirement, or cause information to become incorrect.

Additional Rights for US Residents

If you reside in California, Colorado, Connecticut, Delaware, Florida, Iowa, Montana, Nevada, Oregon, Texas, Utah, Vermont, Virginia, or Washington, you may have additional rights under state privacy laws, including the right to appeal. To appeal a decision regarding your privacy rights request, contact our Data Protection Officer at ankit@sumtracker.com with the subject line "Appeal of Privacy Rights Request."

Additional Rights for Users Outside the US (GDPR)

If you are located in the European Economic Area or other jurisdictions covered by the GDPR:

  • Controller: Sumtracker Software Private Limited is the data controller.
  • Legal bases: We process your data based on contractual necessity, legitimate interest (improving our Services and user experience), consent, and legal compliance.
  • Data transfers: We implement appropriate safeguards when transferring data outside your jurisdiction.

12. Complaints and Grievances

If you have concerns about how your data is handled, contact our support team at support@sumtracker.com. We are committed to:

  • Treating all users fairly and with courtesy.
  • Responding to grievances in a timely manner.
  • Providing effective resolution within a reasonable timeframe.
  • Informing you of escalation options if you are not satisfied.

Important: We will never ask you for sensitive details such as OTPs, CVVs, PINs, card numbers, or bank account details. If you receive any such request claiming to be from Sumtracker, it is fraudulent. Please report it to support@sumtracker.com.

13. Changes to This Policy

We may update this Policy from time to time. Changes take effect on the date posted unless otherwise stated. Where required by law, we will notify you by email. Your continued use of the Platform after changes are posted constitutes acceptance of the updated Policy.

14. Contact Us

Data Protection Officer: Ankit Goyal

Email: ankit@sumtracker.com

General Support: support@sumtracker.com

Website: https://sumtracker.com