Your data is yours. We hold it carefully.

1. Who we are

TruckBahi (“we”, “us”, “our”) is operated by TruckBahi Technologies Private Limited, a company incorporated under the Companies Act, 2013, with its registered office at To be updated before go-live. Reach us at [email protected] for the current registered address.. For the purposes of the DPDP Act, 2023, we are the Data Fiduciary for the personal data described below.

You can reach us at [email protected] or +91 76849 17959. Our Grievance Officer details are at the end of this policy.

2. What this policy covers

This policy applies to the TruckBahi marketing website (truckbahi.com) and the TruckBahi transport-book web app (app.truckbahi.com) (together, the “Platform”). It also covers any data you send us over WhatsApp, phone, or email in connection with the Platform.

3. The personal data we collect

We collect the following categories of personal data:

a. Account & identity data

• Name, email address, mobile number
• Role within your organisation (owner, admin, dispatcher, accountant, viewer)
• Hashed password (we never see your plain-text password)
• Organisation name, GSTIN, PAN, billing address

b. Transport business data you enter

• Party (consignor / consignee / broker) details: name, address, GSTIN, PAN, phone
• Truck details: registration number, permit, fitness, insurance, PUC documents
• Driver details: name, phone, licence number, licence expiry, Aadhaar reference (we store only the last four digits where needed)
• Trip, Lorry Receipt (LR / builty), invoice, payment, expense and ledger data
• Uploaded documents — builty scans, PODs, compliance certificates

c. Payment data

Subscription payments are processed by Razorpay. We do not store full card numbers, UPI PINs, or net-banking credentials. We retain the payment reference, amount, invoice number, and status returned by the payment gateway for audit and tax purposes.

d. Technical & usage data

• IP address, device type, browser, operating system
• Pages visited, features used, timestamps, error traces
• Cookies and similar storage — see our Cookie Policy

e. Support & communication data

Messages you send us over WhatsApp, email, or phone, including screenshots and documents you attach, so we can resolve your question.

4. Why we collect it (purposes)

• To provide the service — create your organisation, issue LRs, compute ledgers, generate GST invoices, store compliance documents.
• To comply with Indian law — GST invoicing (CGST Act, 2017), e-way bill and e-invoice rules, TDS, Motor Vehicles Act-related document retention.
• To secure the platform — detect fraud, prevent abuse, investigate incidents, keep audit logs.
• To improve the product — understand which features are used, fix bugs, prioritise improvements.
• To contact you — service announcements, outage notices, billing reminders, product updates. We send marketing emails only with your consent, which you can withdraw at any time.

5. Legal basis

Under the DPDP Act, 2023, we rely on:

• Your consent — given when you sign up, accept these terms, or tick a specific opt-in (for example, marketing emails).
• Legitimate use for specified purposes — such as responding to a request you make, performing a contract, or complying with a legal obligation.

6. Multi-tenant isolation

TruckBahi is multi-tenant. Every record belongs to exactly one organisation (org_id) and is isolated at the database level using row-level security. Users in one organisation cannot read or modify data of another organisation. Our platform administrators can access an organisation's data only for support, incident response, and legal-compliance reasons, and such access is logged.

7. Where your data is stored

Your data is hosted on Supabase and other cloud infrastructure providers in data centres located in India and, where applicable, in jurisdictions with adequate safeguards. Data is encrypted at rest and in transit (TLS 1.2+). We do not transfer personal data outside India except to service providers that process data on our behalf under a binding contract.

8. Who we share it with

We share personal data only with:

• Service providers (Data Processors) who help us run the Platform — hosting (Supabase), payments (Razorpay), transactional email and WhatsApp messaging, error monitoring, analytics. Each processor is contractually bound to use your data only on our instructions.
• Users inside your organisation — depending on their role, other members of your org can view and edit your records. You control who you invite.
• Authorities when required by a valid Indian court order, summons, or statute (GST, Income Tax, Motor Vehicles, IT Act, DPDP Act).

We do not sell your personal data. We do not share your transport business records with other transporters, brokers, or any third party for profiling or advertising.

9. How long we keep it

• Tax and financial records — 8 years, as required by the CGST Act, 2017 and the Income Tax Act, 1961.
• LRs, builties, e-way bills — for the period required under applicable laws and for as long as your account is active.
• Account data — while your subscription is active, and for up to 90 days after cancellation to allow re-activation.
• Backups — encrypted backups are retained for up to 30 days on a rolling basis.
• Support logs — 12 months.

When you cancel, we can delete your personal data on written request, except where we are required by law to retain it (for example, tax invoices).

10. Your rights

Under the DPDP Act, 2023, you have the right to:

• Access a summary of your personal data we process
• Correct or update inaccurate or incomplete data
• Erase your personal data, subject to legal retention
• Nominate another person to exercise your rights in the event of your death or incapacity
• Withdraw consent you previously gave
• Grieve with us and escalate to the Data Protection Board of India if you are not satisfied

To exercise any of these rights, email us at [email protected]. We will respond within the timelines set by the DPDP Act.

11. Security

• TLS 1.2+ for all traffic to and from the Platform
• Encryption at rest for databases and backups
• Row-level security enforced at the database layer (no application code can accidentally read another org's data)
• Role-based access for your team members
• Audit logs for privileged operations
• Regular dependency and security reviews

No method of transmission or storage is perfectly secure. If we become aware of a personal data breach that is likely to cause you harm, we will notify you and the Data Protection Board of India as required by law.

12. Children

TruckBahi is a business tool. It is not directed at, or intended for, children under 18. We do not knowingly collect data of minors. If you believe a minor has used the Platform, please contact us so we can delete the data.

13. Third-party links

The Platform may link to third-party sites (for example, the GST portal, the e-way bill portal, or our payment gateway). We are not responsible for the privacy practices of those sites. Please read their policies.

14. Changes to this policy

We may update this policy to reflect changes in our service, our processors, or Indian law. When we do, we will change the “Last updated” date above and, for significant changes, notify you by email or an in-app banner. Your continued use of the Platform after the change means you accept the updated policy.

15. Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, our Grievance Officer is:

• Name: Suraj — Founder, TruckBahi
• Email: [email protected]
• Phone: +91 76849 17959
• Hours: Monday to Saturday, 10:00 — 19:00 IST

We aim to acknowledge every grievance within 24 hours and resolve it within 15 days.