Privacy Policy

Last updated: January 1, 2024 | Effective Date: January 1, 2024

This Privacy Policy describes how IdeaNax (“we,” “us,” or “our”), operated by IdeaNax Technologies Private Limited, a company incorporated under the laws of India, collects, uses, stores, shares, and protects the personal information of users (“you” or “User”) who access or use our platform at ideanax.com (the “Platform”).

By creating an account or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you register, we collect your full name, email address and/or mobile number, date of birth, and password (stored as a hashed value).
  • Idea Submissions: Problem descriptions, solution descriptions, supporting documents (PDFs, presentations, DOCX files), prototype files, and URLs you provide during idea submission.
  • Payment Information: When purchasing coins, payment is processed by Razorpay. We do not store your card numbers or banking credentials. We receive and store only transaction IDs, order IDs, payment amounts, and timestamps from Razorpay.
  • Withdrawal Information: For fund withdrawals, we collect bank account holder name, bank account number, IFSC code, or UPI ID as provided by you.
  • Communication: Messages, feedback, and support requests you send to us.
  • Verification Data: OTP codes are used for account verification but are not permanently stored after verification is complete.

1.2 Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referral URL, pages visited, date/time of visit, and time spent on pages.
  • Device Information: Device type, unique device identifiers, mobile network information.
  • Usage Data: Features used, ideas submitted, pages viewed, and interaction patterns within the Platform.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies. See Section 8 for details.

1.3 Information from Third Parties

  • Payment verification and fraud detection signals from Razorpay.
  • If you use social login (if offered), basic profile information from that social platform.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management: To create and manage your user account, authenticate your identity, and provide access to Platform features.
  • Service Delivery: To process idea submissions, conduct reviews, send status notifications, and credit earnings to your wallet.
  • Payment Processing: To process coin purchases via Razorpay and execute fund withdrawals to your bank account or UPI.
  • Communications: To send you transactional messages (OTPs, payment confirmations, idea status updates), platform announcements, and support responses.
  • Security: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
  • Analytics and Improvement: To analyze usage patterns and improve our Platform's features and user experience.
  • Legal Compliance: To comply with applicable Indian laws, regulations, court orders, and governmental requests.
  • Dispute Resolution: To resolve disputes and enforce our Terms & Conditions.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contractual Necessity: Processing necessary to perform our contract with you (account creation, idea submission, payments).
  • Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, platform security, service improvement).
  • Consent: Where you have provided explicit consent (marketing communications, optional analytics).
  • Legal Obligation: Where processing is required to comply with applicable Indian laws.

4. Data Storage and Security

4.1 Storage Infrastructure

All user data is stored on Supabase, a secure database platform with PostgreSQL backends. Supabase provides enterprise-grade Row Level Security (RLS), encryption at rest using AES-256, and SSL/TLS encryption in transit for all data. Files uploaded by users (documents, prototypes) are stored in Supabase Storage with private bucket configurations.

4.2 Security Measures

  • Passwords are hashed using bcrypt with a minimum work factor of 12.
  • Authentication tokens (JWTs) use RS256 signing and have short expiration periods.
  • OTP codes are time-limited (10 minutes) and single-use.
  • API endpoints are rate-limited to prevent brute-force attacks.
  • Database access is restricted through Row Level Security policies.
  • Regular security audits and penetration testing are conducted.

4.3 Data Location

Primary data is stored in Supabase's infrastructure. Data may be stored in servers located outside India. By using our Platform, you consent to the transfer, processing, and storage of your data in these locations, subject to the protections described in this Policy.

5. Third-Party Services

5.1 Razorpay

We use Razorpay for payment processing. When you make a payment, you are subject to Razorpay's Privacy Policy (available at razorpay.com/privacy) in addition to this Policy. We share only the minimum required information with Razorpay to process your transactions. Razorpay is PCI-DSS Level 1 compliant. We receive payment status notifications and transaction IDs from Razorpay; we do not receive or store your full card details.

5.2 Supabase

Our database, authentication, and file storage infrastructure is powered by Supabase. Supabase processes data as our data processor. Supabase's Privacy Policy is available at supabase.com/privacy. Data stored in Supabase is subject to their security and compliance standards.

5.3 Communication Services

We may use third-party email or SMS service providers to deliver OTPs and transactional notifications. These providers process only the contact information (email/mobile) necessary to deliver the message.

5.4 Analytics

We may use analytics tools to understand Platform usage. Where such tools are used, they are configured to anonymize or pseudonymize data wherever possible.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating the Platform (Razorpay, Supabase, email/SMS providers), bound by confidentiality agreements.
  • Legal Requirements: When required by Indian law, court order, government directive, or regulatory authority (including SEBI, RBI, or law enforcement).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where your information may be transferred as a business asset (with notice to you).
  • Protection of Rights: To protect the rights, property, or safety of IdeaNax, our users, or the public.
  • With Your Consent: With other parties when you give explicit consent.

We never share your submitted idea content with third parties except as required for the review process or by law.

7. Data Retention

We retain your personal information for the following periods:

  • Account Data: Retained for the duration of your account plus 3 years after deletion, to comply with legal obligations.
  • Transaction Records: Financial transaction data (payments, withdrawals) is retained for 7 years as required by Indian tax and accounting laws.
  • Idea Submissions: Idea content and associated IP transfers permanently to IdeaNax upon submission. We retain this data indefinitely.
  • Support Communications: Retained for 2 years from the last communication.
  • Log Data: Server logs are retained for 90 days for security purposes.
  • OTP Records: OTPs are deleted within 24 hours of generation.

8. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for the Platform to function, including authentication session cookies. Cannot be disabled.
  • Preference Cookies: Store your preferences such as theme (dark/light mode). Can be cleared via browser settings.
  • Analytics Cookies: Used to analyze Platform usage patterns. You may opt out by adjusting browser settings or using browser extensions.

You can control cookies through your browser settings. Disabling essential cookies will prevent access to authenticated features of the Platform.

9. Your Rights

As a user in India, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Deletion: Request deletion of your account and associated personal data, subject to legal retention obligations.
  • Right to Portability: Request your personal data in a structured, machine-readable format.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time (without affecting prior processing).
  • Right to Restrict Processing: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at privacy@ideanax.com. We will respond within 30 days. Note that idea content, once submitted and approved, becomes the intellectual property of IdeaNax and cannot be deleted.

10. Children's Privacy

IdeaNax is not intended for individuals under 13 years of age. Users between 13 and 18 years should have parental consent before registering. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will promptly delete that information. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@ideanax.com.

11. International Users

IdeaNax is designed for Indian users. If you access the Platform from outside India, your data will be transferred to and processed in India and other countries where our service providers operate. By using the Platform, you consent to such transfer.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 30 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the details of the Grievance Officer are provided below:

Name: Rajesh Kumar
Designation: Grievance Officer
Email: grievance@ideanax.com
Address: IdeaNax Technologies Private Limited, Bangalore, Karnataka, India
Response Time: Within 30 days of receipt of complaint

14. Contact Us

For any questions about this Privacy Policy, data requests, or privacy-related concerns, please contact:

  • Email: privacy@ideanax.com
  • Support: support@ideanax.com
  • Website: ideanax.com/contact