Privacy Policy
Last updated: 16 July 2026
This Privacy Policy explains how AgencyTrack ("we", "us", "our") collects, uses, shares, and protects your information when you visit our website (agencytrack.site), contact us, or use the AgencyTrack application. We respect your privacy and only collect what we genuinely need to run the service.
1. Who we are
AgencyTrack is operated by Md Sohail Ansari, an individual operating as a sole proprietor based in India. For the purposes of India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”), we act as the Data Fiduciary for the personal data described in this policy. You can reach us about privacy at any time at sohailatwork10@gmail.com, or contact our Grievance Officer (see section 13).
This policy covers both the public marketing website and the AgencyTrack application at app.agencytrack.site. Where we act on behalf of a customer’s own account — for example, the client and project records a freelancer stores about their own customers — that customer is the Data Fiduciary for those records and we process them as their service provider (Data Processor) under our Terms of Service.
2. Information we collect
We collect the following categories of information:
- Contact / support messages: when you use our contact form or email us, we collect your name, email address, subject, and the contents of your message so we can respond. Messages are delivered to our support inbox by email.
- Account information: when you create an account in the app, we collect your name, email address, and a password (stored only as a secure cryptographic hash — never in plain text).
- Business data you enter: details you choose to store about your clients, projects, invoices, payments, meetings, files, and team members. This data belongs to you; you control what you put in.
- Payment information: when you subscribe to a paid plan, your payment is processed by our payment partner, Razorpay. We receive limited details such as a transaction ID, plan, amount, and payment status — we do not receive or store your full card number, CVV, UPI PIN, or net-banking credentials.
- Technical & usage information: standard log data such as your IP address, browser type, device and operating system, referring page, and the pages or actions you take. We use your IP address for security and rate-limiting (to deter spam and abuse of our public forms).
- Cookies and similar technologies: small files and storage used to keep the service working and remember preferences — see section 6 and our full Cookie Policy.
We do not intentionally collect special-category or sensitive personal data (such as health, religion, or biometric data) and ask that you not store such data in free-text fields.
3. How we use your information
We use your information to:
- Provide, operate, maintain, and improve the AgencyTrack service.
- Create and manage your account and process your subscription and renewals.
- Send transactional and service messages — login details, billing receipts, security notices, and replies to your enquiries.
- Provide customer support and respond to your requests.
- Detect, prevent, and address fraud, spam, abuse, and security incidents.
- Understand, in aggregate, how the product is used so we can make it better.
- Comply with our legal, tax, and accounting obligations.
We do not sell your personal data or your clients’ data, and we do not use it for third-party advertising. We do not send marketing emails unless you separately opt in.
4. Legal bases and consent
Under the DPDP Act and other applicable laws, we process your personal data on the following bases:
- Your consent — for example, when you submit the contact form or create an account. You can withdraw consent for non-essential processing at any time (see section 9), though this may limit your ability to use parts of the service.
- Performance of a contract — to deliver the service you’ve signed up for and to process your payments.
- Legitimate uses and legal obligations — to keep the service secure, prevent abuse, and meet legal, tax, and accounting requirements.
5. Service providers and sub-processors
We rely on a small number of trusted, reputable providers to run AgencyTrack:
- Supabase — secure database hosting and authentication for your account and data.
- Razorpay — payment processing for paid subscriptions (a PCI-DSS compliant provider).
- Resend — delivery of transactional and contact emails.
- Vercel — application hosting and content delivery.
Each provider only receives the data necessary to perform its function, acts on our instructions, and is bound by its own privacy and security obligations. We do not authorize them to use your data for their own purposes.
6. Cookies and similar technologies
We use cookies and similar browser storage to keep you signed in, keep the service secure, and remember your preferences. We currently use only strictly necessary cookies — we do not use advertising or cross-site tracking cookies. If we introduce analytics in the future, we will update our policy and, where the law requires, ask for your consent first. For the full list of cookies, what they do, and how to control them, see our Cookie Policy.
7. Data storage, international transfers, and security
Your data is isolated per account using row-level security at the database layer and is encrypted in transit (HTTPS/TLS). We apply industry-standard safeguards to protect against unauthorized access, loss, or misuse, and we restrict access to personal data to those who need it to operate the service.
Some of our providers (such as Supabase, Vercel, and Resend) may store or process data on servers located outside India. Where data is transferred internationally, we rely on providers that offer appropriate contractual and technical safeguards, and we only transfer data to countries not restricted under applicable Indian law. No method of transmission or storage is 100% secure, but we work continuously to protect your information. Learn more on our security page.
8. Data retention
We keep personal data only for as long as we need it:
- Account & business data — for as long as your account is active. If you delete your account, we delete or anonymize the associated personal data within a reasonable period (typically within 90 days), except where we must retain it for legal, tax, or accounting reasons.
- Contact / support messages — for as long as needed to handle your request and keep a reasonable record of support history.
- Billing records — retained as required by Indian tax and accounting law.
- Security & rate-limit logs — kept only briefly and pruned automatically.
9. Your rights
Consistent with applicable law, including the DPDP Act, you have the right to:
- Access and obtain a copy of the personal data we hold about you, and export the data in your account at any time.
- Correct or update inaccurate or incomplete personal information.
- Request erasure of your account and associated personal data.
- Withdraw consent for non-essential processing.
- Nominate another individual to exercise your rights in the event of death or incapacity.
- Raise a grievance and have it addressed (see section 13).
To exercise any of these rights, email us at sohailatwork10@gmail.com. We may need to verify your identity before acting on a request, and we will respond within the timeframe required by law.
10. Data breach notification
We maintain safeguards to prevent personal data breaches. In the unlikely event of a breach that affects your personal data, we will notify the Data Protection Board of India and affected users as required by the DPDP Act and applicable law, and take prompt steps to contain and remediate the incident.
11. Children
AgencyTrack is intended for use by professionals and is not directed at anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email or an in-app notice. Your continued use of the service after an update means you accept the revised policy.
13. Grievance Officer & contact
In line with the DPDP Act and the Information Technology Act and rules, you can contact our Grievance Officer for any questions, concerns, or complaints about your personal data or this policy:
- Grievance Officer: Md Sohail Ansari
- Email: sohailatwork10@gmail.com
We aim to acknowledge grievances promptly and resolve them within the timeframe required by law. For general privacy questions you can also reach us at sohailatwork10@gmail.com or through our contact page.