Privacy Policy
Effective date: April 17, 2026 · Last updated: April 17, 2026
1. Who we are
UltraIndexer is operated by ARISEO AI Technologies (OPC) Pvt Ltd, a company incorporated in India with its registered office at Noida, Uttar Pradesh, India 201301. GSTIN: 09ABDCA6466D1ZN.
For the purposes of applicable data protection laws, ARISEO AI Technologies (OPC) Pvt Ltd acts as the data fiduciary and controller for personal data collected through UltraIndexer.
If you have any questions about this policy, contact us at support@ultraindexer.com.
2. What this policy covers
This policy explains what personal data we collect when you use ultraindexer.com, why we collect it, how we use it, and what rights you have over it. It applies to all visitors and registered users of UltraIndexer.
3. Data we collect and why
3.1 Account data
When you register, we collect your name, email address, and password (stored as a bcrypt hash — we never store your plain text password). If you register via Google or LinkedIn OAuth, we receive your name and email from those services. We use this data to create and manage your account.
3.2 Payment data
Payments are processed by Razorpay. We do not store your card number, CVV, or bank details — these are handled entirely by Razorpay on their PCI-DSS compliant infrastructure. We store the Razorpay payment reference ID, the amount paid, GST amount, and invoice details for our accounting and GST filing obligations.
For USDT (TRC-20) payments, we collect your transaction ID and the sending wallet address solely to verify and match your payment. We do not store any other blockchain data. Please note that blockchain transactions may be publicly visible on the TRON network and cannot be deleted or modified by us. We only store the transaction details needed to verify and reconcile your payment.
3.3 Submission data
When you use our indexing or index checking services, we store the URLs you submit. This data is used to process your order, generate your report, and display your submission history in your dashboard during the retention period. Indexing reports are retained for 14 days and then permanently deleted. Index checking results are retained for 14 days and then permanently deleted.
3.4 Usage and log data
We collect standard server logs including IP address, browser type, pages visited, and timestamps. This data is used for security monitoring, debugging, and service improvement. Logs are retained for 30 days.
3.5 Support communications
If you contact us via email, we retain that correspondence to respond to your query and improve our support. We do not use support communications for marketing.
3.6 Cookies
We currently use only session and preference cookies. The session cookie keeps you logged in. The preference cookie remembers your dark/light mode setting. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. If this changes, we will update this policy and, where required, request your consent.
4. Legal basis for processing
- Contract performance — to create your account, provide paid services, process submissions, deliver reports, and provide support
- Legal obligation — to comply with Indian GST law, which requires us to retain invoice and payment records
- Consent — where we specifically ask for consent, such as optional communications or future marketing preferences
- Legitimate interests — for security monitoring and fraud prevention
We do not use "legitimate interests" as a basis for marketing or behavioural profiling.
5. Who we share your data with
Our service providers process personal data only on our instructions and only as needed to provide payment processing, hosting, email delivery, login, security, and related services.
| Service provider | Purpose | Data shared |
|---|---|---|
| Razorpay | Payment processing | Name, email, payment amount, payment reference |
| Resend | Transactional emails | Name, email address |
| Google OAuth | Login | Name and email, if you use Google login |
| LinkedIn OAuth | Login | Name and email, if you use LinkedIn login |
| Hetzner (infrastructure and hosting) | Website hosting, database hosting, security, and service delivery | Account data, submitted URLs, logs, and technical usage data |
We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes. We do not use your data to train AI models.
6. Data retention
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account |
| Payment records and invoices | 6 years from the due date of the annual GST return for the relevant financial year, or 1 year after final disposal of any related audit or proceedings, whichever is later |
| Submission data / URLs | 14 days after report delivery, then permanently deleted |
| Server logs | 30 days |
| Support emails | 2 years |
7. Your rights
Subject to applicable law, including the Digital Personal Data Protection Act 2023 (India), you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Erasure — request deletion of your personal data (subject to our legal retention obligations for invoices and tax records)
- Withdrawal of consent — withdraw consent at any time where consent is the basis for processing
- Grievance — raise a complaint with us at support@ultraindexer.com
Account deletion: You may request account deletion by emailing support@ultraindexer.com. We will delete your account data unless we are required to retain certain records for legal, tax, fraud prevention, or dispute-resolution purposes.
We aim to respond to all rights requests within 7 days, and in any case within the timelines required by applicable law. To exercise any right, email support@ultraindexer.com with the subject line "Privacy Request".
If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India through its official complaint portal, once available or as notified by the Government of India.
8. Data security
- All passwords are hashed using bcrypt — never stored in plain text
- All API keys are encrypted at rest using strong symmetric encryption
- HTTPS enforced on all pages via TLS — HTTP connections are redirected
- Admin panel is protected by mandatory two-factor authentication (TOTP)
- Database access is restricted to application processes only — no public database port
No system is completely secure. If we become aware of a personal data breach affecting your personal data, we will notify affected users and the Data Protection Board of India within the timelines required by applicable law. Where the DPDP Act 2023 requires 72-hour notification, we will follow that requirement.
9. Automated decision-making
We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you. We do not use your personal data to train AI models.
10. Marketing
We do not currently send promotional marketing emails without your consent. If we introduce marketing communications in the future, you will be able to opt out at any time.
11. Children
UltraIndexer is a professional tool intended for use by adults (18+). We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact support@ultraindexer.com and we will delete it promptly.
12. International data transfers
UltraIndexer is operated from India. To deliver our services, your data may be processed by our infrastructure and service providers in countries outside India. Where such transfers occur, we ensure appropriate contractual safeguards are in place with our service providers. By using UltraIndexer, you consent to your data being processed in accordance with this policy.
13. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify registered users by email if the changes are material.
14. Contact
ARISEO AI Technologies (OPC) Pvt Ltd
Noida, Uttar Pradesh, India 201301
support@ultraindexer.com
ultraindexer.com