Privacy Policy
Last updated: 2 July 2026
This Privacy Policy explains how NicheRecon collects, uses, shares, and protects your personal data when you use our market-intelligence platform. We act as the Data Fiduciary for the personal data we process, and we handle it in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian law. The Data Fiduciary is Vishal Kundar, Bangalore, Karnataka, India.
1. Personal data we collect
We keep data collection to the minimum needed to run the Service:
- Account & identity: your email address, used for passwordless OTP sign-in and account management.
- Profile details (optional): a name, business/company name, and city that you may choose to add on the Account & Settings page. These are optional, editable by you at any time, and used only to tailor the product and our communications with you.
- Authentication metadata: one-time passcodes (stored only in hashed form), timestamps, verification status, and the date you first accepted our Terms of Service and this policy.
- Plan & billing status: your current plan, query/credit balances, and payment confirmations. Payments are processed by Cashfree Payments. We do not collect or store your full card or banking details.
- Chat logs: the questions you ask "Chat With Your Market" and the answers generated, linked to your account. These are retained to provide conversation history (on paid plans), to operate and improve the feature, and as a record in case of disputes.
- Preferences & activity: your watched zones, purchased reports, and research requests, used to provide those features (including the weekly digest email you can turn off in the app).
- Feedback: anything you submit through the in-app "Leave feedback" form (your message, an optional rating and category), linked to your account so we can follow up, and used to improve the Service.
- Support requests: if you use the contact form on our Contact Us page (available without an account), we collect the name, email address, and message you provide, and use them solely to respond to and resolve your request. Submissions are also forwarded to our support mailbox.
- Usage & technical data: log data such as requests made, feature usage, approximate device/browser information, and security events, used to operate and secure the Service.
- Session storage: a sign-in token stored in your browser's local storage to keep you logged in.
The market data shown in the Service (such as business listings, ratings, and locality signals) is about places and markets, not about you, and is sourced as described on our Data Sources & Credits page.
2. How we use your data and our legal basis
We process your personal data, with your consent or for legitimate uses permitted under the DPDP Act, to:
- authenticate you and manage your account;
- provide, maintain, and improve the Service and its features;
- process payments, manage plans, and prevent abuse and fraud;
- communicate with you about your account, security, and service updates; and
- comply with legal obligations and enforce our Terms.
When you sign up, we obtain your consent to process your email for authentication and account management. You may withdraw your consent at any time (see "Your rights" below); withdrawal does not affect processing carried out before withdrawal.
3. Service providers (Data Processors)
We share personal data only with service providers who process it on our behalf and under contract:
- MongoDB Atlas: database infrastructure, hosted in the Mumbai region.
- Azure Communication Services: delivery of authentication (OTP), digest, and account emails.
- Cashfree Payments: payment processing.
- Anthropic (accessed via our infrastructure provider, Emergent): processing of your chat questions, together with relevant market data, to generate AI answers. Chat inputs are not used to train third-party models under the applicable API terms.
- Emergent: application hosting, deployment, and AI-model routing.
We do not sell your personal data, and we do not share it for third-party advertising. We may disclose data where required by law or to protect our rights, users, or the Service.
4. Where your data is stored
Your personal data is stored on MongoDB Atlas in the Mumbai (India) region. Some of our processors (for example, email delivery) may process limited data outside India in accordance with their own safeguards and applicable law.
5. Data retention
We retain your personal data only for as long as needed to provide the Service. Chat logs, watched zones, feedback, and purchase records are retained while your account is active. If you delete your account yourself from the Account & Settings page in the app, your account and personal data โ including your profile, chat logs, watched zones, feedback, and research/report records โ are deleted immediately. If you instead ask us by email to close your account, we will delete your personal data within 30 days of the verified request. In both cases, payment records are retained in anonymised form (with your email removed) where we are required to keep them under applicable tax or financial law.
6. Your rights
Subject to applicable law, including the DPDP Act, you have the right to:
- access a summary of the personal data we process about you;
- request correction or updating of inaccurate or incomplete data;
- request erasure of your personal data;
- withdraw consent at any time;
- nominate another individual to exercise your rights in the event of death or incapacity; and
- raise a grievance with us and, where unresolved, with the Data Protection Board of India.
7. How to exercise your rights or withdraw consent
Correction: you can view and edit your profile details at any time on the Account & Settings page in the app.
Deletion: the fastest way to delete your account and personal data is self-serve, in the app: Account & Settings โ Delete account. Deletion is immediate and permanent, and covers your account, profile, chat logs, watched zones, feedback, and research/report records; payment records may be retained in anonymised form where the law requires.
You can also withdraw consent, or request access, correction, or deletion, by emailing our Grievance Officer at nicherecon.help@outlook.com from your registered email address. Email requests are acknowledged within 48 hours and actioned within one month.
8. Security
We use reasonable technical and organisational measures to protect your personal data, including encryption in transit (TLS), hashing of one-time passcodes (which also auto-expire within minutes), signed session tokens, and access controls. No method of transmission or storage is completely secure, but we work to protect your data and to address risks promptly.
Breach commitment: if a personal-data breach affecting you occurs, we will notify you and the Data Protection Board of India as required under the DPDP Act, and take prompt steps to contain and remediate it.
9. Children
The Service is intended for users aged 18 and above and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.
10. Cookies and local storage
We use browser local storage to keep you signed in. We do not use third-party advertising or tracking cookies. Clearing your browser storage will sign you out.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, where appropriate, notify you of material changes. Your continued use of the Service after changes take effect indicates your acknowledgement of the updated policy.
12. Grievance Officer and contact
For privacy questions, requests, or grievances, contact our Data Protection / Grievance Officer:
Grievances are acknowledged within 48 hours and resolved within one month. See also our Terms of Service.