Privacy Policy

Tiqra Technologies ("Tiqra," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Tiqra platform, including our website at tiqra.io, mobile applications, APIs, and all related services (collectively, the "Service"). Please read this policy carefully to understand our practices regarding your personal data.

1. Overview

This Privacy Policy applies to all users of the Service, including account holders, their authorized users, and visitors to our website. We act as a data controller for the personal data we collect directly from you, and as a data processor for the personal data that you process through the Service (such as your customers' data stored in your Tiqra account).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: When you register, we collect your name, email address, phone number, business name, business address, and password.
Billing Information: Payment card details, billing address, and transaction history. Payment card data is processed and stored by our PCI-compliant payment processors and is not stored on our servers.
Business Data: Information you enter into the Service, such as customer records, invoices, products, inventory data, employee information, and financial records.
Communications: Information you provide when you contact our support team, submit feedback, or participate in surveys.
Profile Information: Optional profile details such as a profile photo, job title, and business description.

2.2 Information Collected Automatically

Usage Data: Pages viewed, features used, actions taken, time spent on the Service, click patterns, and navigation paths.
Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
Log Data: IP addresses, access times, referring URLs, error logs, and server request data.
Location Data: Approximate location derived from IP address. We do not collect precise GPS location without your explicit consent.

2.3 Information from Third Parties

Authentication Providers: If you sign in using a third-party provider (e.g., Google), we receive your name, email, and profile picture as authorized by you.
Payment Processors: Transaction confirmation, payment status, and fraud detection signals from our payment partners.
Analytics Partners: Aggregated and anonymized usage data from our analytics providers.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: To operate, maintain, and deliver the features and functionality of the Service, including processing transactions, generating invoices, and managing your business data.
Account Management: To create and manage your account, authenticate your identity, and provide customer support.
Billing & Payments: To process payments, manage subscriptions, send invoices, and handle refunds.
Communication: To send you service-related notices, updates, security alerts, and support messages. With your consent, we may also send promotional communications.
Improvement & Analytics: To analyze usage patterns, diagnose technical issues, and improve the Service's performance, features, and user experience.
Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Personalization: To tailor the Service experience to your preferences, including recommended features and relevant content.

We do not sell your personal data to third parties. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, including cloud hosting (infrastructure providers), payment processing, email delivery, analytics, and customer support tools. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

4.2 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you enable a third-party integration within the Service.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following provisions apply in addition to the rest of this Privacy Policy:

5.1 Legal Basis for Processing

We process your personal data on the following legal bases:

Contract Performance: Processing necessary to perform our contract with you (providing the Service).
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
Consent: Where you have given consent for specific processing activities, such as marketing communications.
Legal Obligation: Processing necessary to comply with applicable laws.

5.2 Your GDPR Rights

Under the GDPR, you have the following rights:

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
Right to Erasure: You may request that we delete your personal data, subject to legal retention requirements.
Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You may request a machine-readable copy of your personal data for transfer to another service.
Right to Object: You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@tiqra.io. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

6. CCPA Compliance (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share data.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You may request that we correct inaccurate personal information.
Right to Opt-Out: You have the right to opt out of the "sale" or "sharing" of your personal information. Tiqra does not sell personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, email us at support@tiqra.io with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days.

In the preceding 12 months, we have collected the following categories of personal information: identifiers, commercial information, internet or electronic network activity, geolocation data, and professional or employment-related information. We have not sold personal information.

7. Sri Lanka PDPA Compliance

Tiqra Technologies is incorporated in Sri Lanka, and we comply with the Personal Data Protection Act No. 9 of 2022 (PDPA) of Sri Lanka. Under the PDPA:

We process personal data only for specified, explicit, and legitimate purposes.
We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and accidental loss, destruction, or damage.
We do not retain personal data for longer than is necessary for the specified purposes.
Sri Lankan data subjects have the right to access, correct, and request deletion of their personal data by contacting us at support@tiqra.io.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period depends on the type of data and the context:

Account Data: Retained for the duration of your account and for 30 days after account deletion to allow for data export.
Billing Records: Retained for 7 years in accordance with financial record-keeping requirements.
Usage & Analytics Data: Retained in anonymized or aggregated form for up to 3 years for product improvement purposes.
Support Communications: Retained for 2 years after the last interaction.
Log Data: Retained for 90 days for security and debugging purposes.

When data is no longer needed, we securely delete or anonymize it so that it can no longer be associated with you.

9. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. For detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

10. Security Measures

We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it, including:

Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
Access Controls: Strict role-based access controls limit who within our organization can access personal data. All access is logged and audited.
Infrastructure: Our Service is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification, redundant systems, and regular security assessments.
Monitoring: We employ continuous monitoring, intrusion detection, and automated alerting to identify and respond to security threats.
Employee Training: All employees with access to personal data receive regular security awareness training.
Incident Response: We maintain a documented incident response plan and will notify affected users and relevant authorities of any data breach within 72 hours as required by applicable law.

While we strive to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us at support@tiqra.io.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Sri Lanka and other jurisdictions where our infrastructure providers operate. These countries may have data protection laws that are different from the laws of your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
Ensuring that our service providers are bound by contractual obligations to protect your data.
Compliance with applicable data transfer frameworks and regulations.

13. Your Rights

Regardless of your location, you have the following rights with respect to your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate data.
Deletion: Request that we delete your data, subject to legal retention requirements.
Export: Request a copy of your data in a portable format.
Opt-Out: Opt out of marketing communications at any time by clicking "unsubscribe" in any email or contacting us.
Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please email us at support@tiqra.io. We will respond within 30 days.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated policy on our website with a new effective date and, where appropriate, by sending you an email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@tiqra.io
Data Protection Inquiries: admin@tiqra.io
Legal Entity: Tiqra Technologies
Website: https://tiqra.io

← Back to Tiqra