ipomarket.in

Privacy Policy

Last updated: April 2026

This policy is compliant with the Digital Personal Data Protection Act, 2023 of India.

1. Introduction

This Privacy Policy explains how ipomarket.in ("we", "us", "the Company") collects, uses, discloses, and protects your Personal Data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India and applicable regulations. By using ipomarket.in you consent to the practices described in this policy.

2. Data We Collect

We collect the following categories of data: (a) Account data — name, email, password hash, subscription plan; (b) Usage data — pages viewed, device type, IP address (hashed), referrer, search queries; (c) Watchlist preferences; (d) Contact form submissions; (e) Telemetry from cookies and third-party analytics scripts. We do not store PAN numbers, bank account details, or any other sensitive financial identifiers.

3. Purpose of Processing

Personal data is processed strictly for: delivering the IPO tracking service, personalizing your watchlist, sending transactional emails (account verification, subscription receipts, allotment alerts), measuring aggregate site usage, preventing abuse and fraud, and fulfilling statutory obligations under Indian law.

4. Legal Basis and Consent

Processing is carried out either (a) with your explicit consent obtained at sign-up or at the first interaction requiring data, (b) on the basis of a legitimate use as permitted under Section 7 of the DPDP Act, or (c) to comply with legal obligations. You may withdraw consent at any time by emailing contact@ipomarket.in; withdrawal will not affect the lawfulness of processing done before the withdrawal.

5. Third Parties and Data Processors

We share data with a limited set of sub-processors: Supabase (database and auth, ap-south-1 region), Upstash (Redis cache, ap-south-1), Resend (transactional email), Google Analytics and Google AdSense (site analytics and ad serving), Razorpay (payment processing for Premium subscriptions). These processors are contractually bound to protect your data and use it only for the services they provide to us.

6. Cookies and Similar Technologies

ipomarket.in uses first-party cookies for session management and preferences, and third-party cookies from Google Analytics (to measure site usage) and Google AdSense (to serve relevant ads). You can block or delete cookies through your browser settings; this may disable certain features. A cookie consent banner is displayed on first visit and your choice is remembered for 12 months.

7. Data Retention

Account data is retained for as long as your account is active and for up to 180 days after account deletion to comply with audit and dispute-resolution obligations. Aggregate analytics data retained by Google Analytics is kept for 14 months. Contact form submissions are retained for 12 months unless required longer for legal reasons.

8. Your Rights under the DPDP Act

You have the right to: (a) access the personal data we hold about you, (b) request correction or updating of inaccurate data, (c) request erasure of your account and associated data, (d) withdraw consent at any time, (e) nominate another individual to exercise rights in the event of death or incapacity, and (f) raise a grievance with our Grievance Officer. Requests can be sent to contact@ipomarket.in and will be actioned within 30 days.

9. Security

We use industry-standard technical and organizational safeguards including TLS 1.2+ for all data in transit, bcrypt for password hashing, row-level security on user data, and least-privilege access controls on our database. Despite these safeguards, no online service can guarantee absolute security — we encourage you to use a strong, unique password for your ipomarket.in account.

10. Children

ipomarket.in is not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete the information.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law or our service. Material changes will be notified via email to registered users and displayed prominently on the homepage. The "Last updated" date at the top of this page reflects the most recent revision.

12. Grievance Officer

Grievance Officer: ipomarket.in Data Protection Officer. Email: contact@ipomarket.in. All grievances will be acknowledged within 48 hours and resolved within 30 days as required under the DPDP Act.