Skip to main content
Back to MyTradeDeskMyTradeDesk

Privacy Policy

Last updated: 24 June 2026

Prodigi AI ("we") operates MyTradeDesk. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have under the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Data we collect

  • Account data: email address, display name, hashed password (or OAuth identifier), timezone.
  • Trading data you enter: trades, journal entries, strategies, tags, attachments and screenshots.
  • Payment data: name, email, GST state and (optional) GSTIN supplied at checkout. Card / UPI details are processed by Razorpay; we never see or store them.
  • Technical data: IP address, user agent, audit-log timestamps for security events.

2. Purpose of processing

  • To deliver the Service, authenticate you, and prevent fraud or abuse.
  • To issue GST-compliant invoices and comply with Indian tax and accounting laws.
  • To provide AI-generated insights you explicitly request.
  • To send transactional emails (verification, payment receipts, security alerts).

3. Legal basis

We process data on the basis of (a) your consent at sign-up; (b) the performance of our contract with you (these Terms); and (c) our legitimate interest in operating and securing the Service.

4. Sharing and processors

We share data only with the following processors, under contract:

  • Cloud hosting & database — for application data and backups.
  • Razorpay — to process payments and issue refunds.
  • Email provider — to deliver transactional emails.
  • Lovable AI Gateway — for AI insight generation you trigger.

We do not sell your personal data. We do not share it for advertising.

5. Retention

Your data is retained for as long as your account is active. Payment and invoice records are retained for 8 years to comply with Indian tax law. When you delete your account, all personal data and trading data is permanently erased within 7 days, except payment records, which are retained in anonymised form as required by law.

6. Your rights under the DPDP Act

You have the right to:

  • Access a copy of your personal data (Settings → Data safety → Export everything).
  • Correct inaccurate data (editable from Settings).
  • Erase your data (Settings → Security → Delete account).
  • Withdraw consent and opt out of optional processing.
  • Grievance redressal — contact our Data Protection Officer (see DPDP notice).

7. Security

Data is encrypted in transit (TLS) and at rest. Access is gated by row-level security so each user can only access their own data. Passwords are checked against the Have-I-Been-Pwned database. Optional two-factor authentication is available.

8. Cookies

We use essential cookies and browser localStorage to keep you signed in and remember UI preferences. We do not use third-party advertising cookies.

9. Children

The Service is not intended for users under 18.

10. Contact

Privacy questions: support@mytradedesk.in