Privacy Policy

Truffaire Private Limited is an Indian private limited company incorporated under the Companies Act, 2013, with its principal place of business in Bengaluru, Karnataka, India. Truffaire Private Limited is the Data Fiduciary as defined under the DPDP Act, 2023 for all personal data processed through the ARCORAplatform.

For all privacy-related enquiries or to exercise your rights, contact us at: one@truffaire.in

We process your personal data for the following purposes:

• Providing the ARCORA diagnostic service — running AI-assisted crop analysis on your uploaded images
• Account creation, authentication, and session management
• Processing payments, allocating credits, and managing your subscription plan
• Generating, storing, and displaying diagnosis reports in your dashboard and history
• Improving the accuracy and reliability of our diagnostic engine using anonymised and aggregated data
• Sending transactional communications (payment confirmation, service alerts) — not marketing without consent
• Complying with applicable laws, resolving disputes, and enforcing our Terms of Service
• Preventing fraud, unauthorised access, and abuse of the platform

We do not use your crop images or personal data to train third-party AI models without your explicit consent. Diagnostic queries are processed by OpenAI via their API under a data processing agreement that prohibits use of API inputs for model training.

Under the DPDP Act, 2023, we process your personal data on the following grounds:

• Consent — you provide consent at account registration and by submitting data for diagnosis
• Contractual necessity — processing required to deliver the Service you have purchased
• Legitimate interests — fraud prevention, service security, and platform analytics (balanced against your rights)
• Legal obligation — compliance with applicable Indian statutes and regulatory requirements

We share data with third-party processors only to the extent necessary to operate the Service. All processors are bound by data processing agreements:

We do not sell, rent, or trade your personal data to any third party for commercial or marketing purposes. We may disclose data to law enforcement or regulatory authorities when required by valid legal process under Indian law.

• Account data — retained for the duration of your account and for 3 years after deletion for legal compliance
• Diagnosis reports and crop images — retained for the duration of your plan's history window (30 days for Scout; full history for Cooperative and Alliance) and deleted upon account deletion
• Payment records — retained for 8 years as required under Indian accounting and tax laws
• Usage logs — retained for 90 days for security and debugging, then deleted
• Communications — retained for 2 years from last contact

You may request deletion of your account and associated personal data at any time by emailing one@truffaire.in. Certain data may be retained longer where required by law or for legitimate dispute resolution purposes.

We implement industry-standard technical and organisational measures to protect your personal data, including:

• TLS/HTTPS encryption for all data in transit
• Encryption at rest for database records and stored files via Convex's infrastructure
• Role-based access controls limiting internal access to personal data
• JWT-based authentication with short-lived tokens issued by Clerk
• Payment data handled exclusively by PCI-DSS compliant Razorpay — we never touch card data

No method of transmission or storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that poses risk to your rights, we will notify affected users and the relevant authority in accordance with applicable law.

Under the DPDP Act, 2023 and applicable Indian law, you have the following rights with respect to your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to correction — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data, subject to legal retention obligations
• Right to withdraw consent — withdraw consent at any time without affecting prior processing
• Right to grievance redressal — lodge a complaint with our grievance officer or the Data Protection Board of India

To exercise any of these rights, email us at one@truffaire.in with the subject line "Data Rights Request". We will respond within 30 days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India once it is operationally constituted.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete such data promptly.

We use strictly necessary cookies and session tokens required for authentication and service functionality. We do not use advertising cookies, cross-site tracking, or third-party analytics that profile individual behaviour. Your browser settings may be used to control cookie acceptance, though disabling cookies may impair platform functionality.

Our service providers (Clerk, Convex, OpenAI, Vercel) may process data in jurisdictions outside India, including the United States. We rely on contractual protections (data processing agreements incorporating standard contractual clauses) to ensure your data receives a level of protection consistent with Indian data protection standards. By using the Service, you acknowledge and consent to these transfers.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify registered users by email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

In accordance with the Information Technology Act, 2000 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the following person is designated as the Grievance Officer for the Service: