Privacy policy
Last updated: June 2026
This privacy policy explains, in plain language, what personal data CryptoKar collects, why we collect it, who we share it with, and the rights you have over it. We have written it to align with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 and its rules.
1. Who we are
CryptoKar is an independent product built and operated by two developers, Mayur Patil and Yogendra Singh, based in Pune, India. We are not a large company. There is no external team, no investors, and no marketing department. When this policy says "we", "us", or "CryptoKar", it means the two of us as the operators of this service. For DPDP purposes, we act as the Data Fiduciary for the personal data described below, and you are the Data Principal.
2. Scope
This policy applies to the CryptoKar website, web app, and dashboard. It does not apply to third-party websites or services we link to (such as a crypto exchange or a payment provider), which have their own privacy policies.
3. Data we collect
- Account information: your name and email address when you sign up or sign in (including via Google sign-in).
- Crypto transaction data: the trade data you import from exchange CSV files (asset, quantity, price, fees, dates, TDS tags) so we can compute your tax. See section 6 on how CSV files are parsed in your browser.
- Tax and report data: the calculations, summaries, and reports we generate from your transactions.
- Payment metadata: when you pay, our payment processor (Razorpay) handles your card or UPI details. We never see or store your full card number, CVV, or UPI PIN. We only receive a payment status, an order/payment identifier, and the amount.
- Usage and device data: basic analytics such as pages visited, approximate location, browser type, and device information, used to keep the service working and improve it.
4. Why we collect it
We collect personal data only for these specific purposes:
- To create and secure your account and let you sign in.
- To calculate your VDA tax under Section 115BBH and prepare your reports.
- To process payments and activate your plan.
- To send you essential service emails (such as account, payment, and report notifications).
- To diagnose problems, prevent abuse, and improve the product.
- To comply with applicable law.
We do not sell your personal data, and we do not use your transaction data for advertising.
5. Legal basis and consent
We process your personal data based on the consent you give when you create an account and use the service, and where necessary to provide the service you have asked for or to meet a legal obligation. You can withdraw your consent at any time by writing to [email protected]. Withdrawing consent will not affect processing already carried out, and may mean we can no longer provide parts of the service.
6. Your CSV files are parsed in your browser
Privacy is built into how CryptoKar works. When you upload an exchange CSV file, it is read and parsed locally in your browser. We then store the parsed transactions on our servers so we can compute your tax and let you return to your reports. The raw CSV file itself is processed on your device, not uploaded as a file to us.
7. Who we share data with
We share data only with the service providers (Data Processors) we need to run CryptoKar, and only to the extent required:
- Razorpay: to process payments.
- Resend: to send transactional emails.
- Hosting and database providers: to run the app and store your data securely.
- Analytics: to understand aggregate usage.
We may also disclose data if required by law, a court order, or a lawful government request, or to protect our rights and the safety of our users.
8. How long we keep your data
We keep your personal data only for as long as your account is active or as needed to provide the service, and for any period required to comply with legal, tax, or accounting obligations. When data is no longer needed, we delete or anonymise it. You can ask us to delete your account and associated data at any time (see your rights below).
9. Your rights
Under the DPDP Act, you have the right to:
- Access a summary of the personal data we hold about you and how we process it.
- Correct, complete, update, or erase your personal data.
- Withdraw consent and have processing stopped where it relied on that consent.
- Nominate another person to exercise your rights in case of death or incapacity.
- Raise a grievance and have it addressed (see section 13).
To exercise any of these rights, email us at [email protected]. We will respond within a reasonable time.
10. How we protect your data
We use reasonable security practices to protect your data, including encryption in transit (HTTPS), access controls that scope every record to the account that owns it, and least-data collection. No system is perfectly secure, but we take security seriously. You can read more on our security page.
11. Children
CryptoKar is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
12. Data breaches
In the unlikely event of a personal data breach that affects you, we will take prompt steps to contain it and will notify affected users and the Data Protection Board of India as required by law.
13. Grievance redressal
If you have any concern or complaint about how we handle your personal data, please write to us at [email protected]. We will acknowledge your grievance and aim to resolve it within the timelines required under applicable Indian law.
14. Changes to this policy
We may update this policy from time to time. When we do, we will change the "last updated" date above and, for significant changes, notify you. Continuing to use CryptoKar after an update means you accept the revised policy.
15. Contact
Questions about this policy? Email us at [email protected].