Privacy Policy

Effective date: May 5, 2026  ·  Version 2.0

This policy is provided in English. In the event of any conflict between a translation and the English version, the English version shall prevail.

Taroo Technologies Private Limited, a company incorporated under the Companies Act, 2013 and having its registered place of business in India ("Taroo", "we", "us" or "our"), provides users with access to software applications published on the Freshworks Marketplace at https://www.freshworks.com/apps (each an "Application").

This Privacy Policy ("Policy") explains what personal data we collect, why we collect it, how we use and protect it, and the rights available to you. It applies to all visitors to https://www.taroo.in ("Website"), all users who install or use our Applications, and anyone who contacts us.

We act as the Data Controller / Data Fiduciary in respect of the personal data described in this Policy. Where we process personal data on behalf of a customer (for example, ticket data accessed while the Application performs its function), we act as a Data Processor / Data Processor and our obligations are governed by that customer's privacy framework and any applicable data processing agreement.

Questions? Contact us at support@taroo.in before using any Application.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • "Data Principal / Data Subject" means the individual whose Personal Data is being processed — that is, you.
  • "Data Processor" means a third party that processes Personal Data on our behalf under a written contract.
  • "DPDP Act" means India's Digital Personal Data Protection Act, 2023 and rules made thereunder.
  • "GDPR" means the EU General Data Protection Regulation 2016/679 and the UK GDPR where applicable.
  • "Sensitive Personal Data" has the meaning given to it under applicable law, including passwords, financial information, health data, and biometric data.

2. Data We Collect

We collect only the minimum data necessary for the purposes described below (data minimisation principle). The categories of Personal Data we may collect are:

2.1 Data you provide directly

  • Account & purchase data: name, business email address, company name, billing details, and Freshworks domain when you purchase or trial an Application.
  • Support communications: the content of emails and messages you send to support@taroo.in, including any attachments.
  • Form submissions: any data you voluntarily enter through forms on our Website.

2.2 Data collected automatically

  • Log & technical data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and crash/error reports.
  • Usage data: feature interactions, session duration, and in-app events — collected in aggregated or pseudonymised form to improve the Application.
  • Cookies and similar technologies: see Section 7 below.

2.3 Data we do NOT collect

We do not passively or automatically read your Freshdesk or Freshservice ticket data. We access only the specific fields that you explicitly configure the Application to read or write, and only to the extent necessary to provide the Application's functionality. We never collect Sensitive Personal Data unless you deliberately submit it to us (e.g., in a support email), in which case we use it only to resolve your query.

3. Legal Basis for Processing

Where the GDPR or equivalent legislation applies, we rely on the following lawful bases:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Application you purchased.
  • Legitimate interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, improving the Application, and responding to support requests — where our interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c) GDPR): Compliance with applicable law, court orders, or government authority requests.
  • Consent (Art. 6(1)(a) GDPR / DPDP Act s.6): Marketing communications and any processing not covered by the bases above. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Under the DPDP Act, we process your Personal Data on the basis of consent and/or legitimate uses as defined under the Act (e.g., compliance with applicable law, employment-related processing, or performance of a contract).

4. How We Use Your Data

  • (a) Application delivery: To install, operate, and support the Application you have purchased.
  • (b) Account management: To manage billing, licensing, and your relationship with us.
  • (c) Communications: To respond to your support requests, send service-critical notices (e.g., downtime, security alerts), and — with your consent — product updates and marketing emails. You may opt out of marketing at any time by emailing support@taroo.in or clicking "unsubscribe" in any email.
  • (d) Security & fraud prevention: To detect, investigate, and prevent unauthorised access, abuse, or illegal activity.
  • (e) Legal compliance: To satisfy obligations under applicable law, legal process, or requests from government authorities.
  • (f) Product improvement: To analyse aggregated or pseudonymised usage data to improve features, fix bugs, and develop new functionality.
  • (g) Rights protection: To protect the rights, property, and safety of Taroo, our users, or the public.

If we need to use your Personal Data for a purpose materially different from those listed above, we will obtain your prior consent.

5. Sharing and Disclosure of Personal Data

We do not sell, rent, or trade your Personal Data to any third party. We may share your Personal Data in the following limited circumstances:

  • Data Processors: Trusted vendors who process data on our behalf (e.g., cloud infrastructure, email delivery, analytics) under written contracts that require them to maintain adequate data protection standards consistent with applicable law including the GDPR.
  • Complementary service providers: Third parties whose services are directly complementary to the Application, and only with your prior consent or on your explicit instruction.
  • Legal requirements: Where disclosure is required by law, court order, or a competent government authority, or where we believe disclosure is necessary to protect the safety of any person.
  • Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, provided the receiving party agrees to treat your Personal Data in accordance with this Policy.
  • Professional advisers: Lawyers, accountants, and insurers, subject to confidentiality obligations.

6. International Data Transfers

Taroo is headquartered in India. We may process or cause your Personal Data to be processed on servers located in the United States of America and other countries. These countries may have data protection laws that are different from — and in some cases less protective than — the laws of your country.

Where we transfer Personal Data from the European Economic Area (EEA), the United Kingdom, or Switzerland to a country not deemed adequate by the European Commission, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
  • Other legally recognised transfer mechanisms under applicable data protection law.

By using the Application, you acknowledge and consent to the transfer and processing of your Personal Data in these locations.

7. Cookies and Tracking Technologies

Our Website may use cookies, pixel tags, web beacons, and similar technologies. These may be:

  • Strictly necessary cookies: Required for the Website to function; cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the Website (e.g., pages visited, time on site). Collected in aggregated, non-personally identifiable form.
  • Advertising cookies: Used by third parties to measure ad performance and deliver relevant advertisements.

You can control cookies through your browser settings. Disabling certain cookies may affect Website functionality. Third parties that place advertising cookies on our Website are responsible for their own privacy practices; please review their respective privacy policies.

8. Data Retention

We retain Personal Data only for as long as necessary for the purposes set out in this Policy or as required by law. Our standard retention periods are:

  • Account & transaction data: For the duration of the active subscription plus 7 years, to comply with applicable tax and accounting laws.
  • Support communications: 3 years from the date the support request is closed.
  • Server logs: 90 days, after which they are deleted or anonymised.
  • Marketing consent records: Until consent is withdrawn plus 3 years for evidentiary purposes.

When your account is terminated, we will promptly delete or anonymise your Personal Data, except where retention is required to satisfy a legal obligation or to resolve a dispute. You acknowledge that residual copies may take a period of time to be purged from active servers and may remain in encrypted backup systems during the applicable backup retention window before being overwritten.

9. Your Rights

Subject to applicable law, you have the following rights regarding your Personal Data. To exercise any right, email support@taroo.in with sufficient detail to identify yourself and your request. We will respond within 30 days (or a shorter period where required by law). We will not charge a fee unless the request is manifestly unfounded or excessive.

  • Right of access: Obtain a copy of the Personal Data we hold about you, including information on how it is used, in a structured, commonly used, machine-readable format.
  • Right to rectification / correction: Request correction of inaccurate or incomplete Personal Data.
  • Right to erasure / deletion ("right to be forgotten"): Request deletion of your Personal Data where it is no longer necessary for the purpose for which it was collected, where consent has been withdrawn, or where processing is unlawful — subject to our right to retain data required by law or for legitimate business purposes.
  • Right to restriction of processing: Request that we limit processing of your Personal Data in certain circumstances (e.g., while accuracy is contested).
  • Right to data portability: Receive your Personal Data in a structured, machine-readable format and transmit it to another controller.
  • Right to object: Object to processing based on legitimate interests, including profiling for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing. Withdrawal may be effected by ceasing to use the Application and notifying us in writing.
  • Right not to be subject to automated decision-making: We do not make decisions about you solely through automated means that produce legal or similarly significant effects. If this changes, we will notify you and obtain consent.
  • Right to nominate (DPDP Act): Nominate another individual to exercise your rights on your behalf in the event of your death or incapacity, in accordance with the DPDP Act.
  • Right to lodge a complaint: Lodge a complaint with the Data Protection Board of India (under the DPDP Act) or the supervisory authority in your jurisdiction (e.g., the ICO in the UK, or a relevant EU DPA) if you believe we have infringed your rights. We encourage you to contact us first so we can resolve the matter.

We may decline requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, or are not required under applicable law. We will notify you if we decline a request, including the reason and your right to complain to a supervisory authority.

10. Children's Privacy

Our Applications are designed for business use and are not directed at children. We do not knowingly collect Personal Data from individuals under the age of 18 (or under 13 where a lower threshold applies under local law). If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately at support@taroo.in and we will delete such data promptly. To the extent we are required under the DPDP Act to obtain verifiable parental consent before processing the data of a child, we will implement appropriate mechanisms to do so.

11. Information Security

We implement and maintain appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, accidental loss, destruction, or disclosure. These measures include, but are not limited to:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256 or equivalent);
  • Access controls based on the principle of least privilege;
  • Regular internal reviews of data collection, storage, and processing practices;
  • Contractual requirements imposed on all Data Processors to maintain adequate security;
  • Physical security measures at our data centre facilities.

We do not warrant that these measures will prevent every possible security incident. We disclaim all liability for unauthorised access, alteration, disclosure, or destruction of data that is outside our reasonable control.

12. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority (e.g., the Data Protection Board of India, or EU/UK DPA as applicable) without undue delay and, where feasible, within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms;
  • Notify affected individuals directly without undue delay where the breach is likely to result in a high risk to their rights and freedoms; and
  • Maintain an internal record of all breaches, including those not reported to a supervisory authority, along with the facts, effects, and remedial action taken.

Breach notifications to individuals will be sent to the primary email address associated with your account and will describe the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.

13. Third-Party Websites and Services

Our Applications and Website may contain links to third-party websites, including the Freshworks Marketplace. This Policy applies only to Taroo's own Applications and Website. We do not exercise control over third-party sites and are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to this Privacy Policy

We may update this Policy from time to time. When we make material changes, we will:

  • Update the "Effective date" at the top of this page;
  • Post the updated Policy on our Website; and
  • Where required by law or where changes are significant, notify you by email or through a prominent notice in the Application before the changes take effect.

Your continued use of the Application after the effective date of an updated Policy constitutes your acceptance of that Policy. If you do not agree with the changes, you must stop using the Application before the effective date.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 (as amended), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, Taroo Technologies Private Limited has designated a Grievance Officer to address complaints and questions relating to this Policy:

  • Name: Grievance Officer, Taroo Technologies Private Limited
  • Email: support@taroo.in
  • Subject line: "Privacy Grievance – [Your Name]"

The Grievance Officer will acknowledge your complaint within 48 hours and endeavour to resolve it within 30 days of receipt. If you are not satisfied with the resolution, you may escalate your complaint to the Data Protection Board of India or the supervisory authority in your jurisdiction.

16. Governing Law and Jurisdiction

This Policy is governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with this Policy that cannot be resolved through the Grievance Officer process shall be subject to the exclusive jurisdiction of the courts of competent jurisdiction in India, without prejudice to your right to seek relief before a supervisory authority in your jurisdiction.

17. Contact Us

If you have any questions, concerns, or requests relating to this Policy or the processing of your Personal Data, please contact us:

We will always try to resolve your concern. However, if you remain dissatisfied, you have the right to lodge a complaint with the Data Protection Board of India or any other competent supervisory authority.