Privacy Policy
Version 1.0 | Effective Date: April 1, 2026 | Last Updated: March 2026
1. Who We Are
KnitTrace (“we”, “us”, “our”) is a B2B SaaS platform for the global textile industry operated by Time In Software, registered in India. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform at knittrace.com.
Contact: timeinsoftware@gmail.com
2. Data We Collect
2.1 Data You Provide
| Data | When Collected | Purpose |
|---|---|---|
| Full name, email, password | Signup | Account creation and authentication |
| Company name, GST/Tax ID, address, phone, contact email | Onboarding | Company verification, tax compliance |
| Production mode selections, knitting types, business type | Onboarding | Service configuration |
| Order details, quantities, stage logs, timestamps | Platform usage | Core traceability service |
| Chat messages, RFQ content, support tickets | Platform usage | Messaging, marketplace, support |
| Company logos, gallery photos, garment images | Platform usage | Product showcasing, document verification |
| Billing period preference, plan selection | Onboarding/Billing | Subscription management |
2.2 Data We Collect Automatically
| Data | Purpose |
|---|---|
| IP address, device info, browser type | Security monitoring, anomaly detection |
| Login timestamps, activity logs | Audit trail, fraud prevention |
| Factory lat/lng (if provided) | Factory mapping on platform |
| Driver GPS pings (transport mode only) | Live transport tracking |
2.3 Data We Do NOT Collect
- Credit card or bank account numbers (handled entirely by Razorpay/Stripe)
- Biometric data
- Personal health data
- Political or religious affiliation
- Data from individuals under 18 (B2B platform only)
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide traceability, production logging, and marketplace services | Contract performance |
| Authenticate users and manage sessions | Contract performance |
| Process payments via Razorpay/Stripe | Contract performance |
| Validate GST numbers via GSTZen | Legal obligation |
| Send transactional emails (invoices, alerts, password resets) | Contract performance |
| Detect anomalous logins, bulk exports, suspicious activity | Legitimate interest |
| Generate Textile Passports (aggregated, public) | Contract performance + Consent |
| Live transport tracking (GPS) | Consent |
| Improve platform performance with aggregated analytics | Legitimate interest |
We do not use your data for advertising, profiling, or automated decision-making that produces legal effects.
4. Data Sharing
4.1 Service Providers (Sub-Processors)
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase (AWS Mumbai) | All platform data | Database, auth, file storage |
| Vercel | Request logs, IP addresses | Hosting, CDN |
| Cloudflare | IP addresses, request headers | DDoS protection, DNS |
| Upstash | Cached query results (no PII) | Redis caching |
| Razorpay | Transaction IDs, company names | India payment processing |
| Stripe | Transaction IDs, company names | International payment processing |
| Resend (AWS SES) | Email addresses, email content | Transactional emails |
| GSTZen | GST numbers | GSTIN validation (India) |
| Google Maps | Coordinates, addresses | Places Autocomplete, Directions |
All sub-processors have Data Processing Agreements (DPAs) in place.
4.2 What We Never Do
- Sell personal data to third parties
- Share production data between competing companies
- Provide bulk data access to advertisers
- Share individual user behaviour with analytics platforms
5. Data Storage & Security
| Aspect | Detail |
|---|---|
| Primary storage | Supabase (AWS Mumbai, ap-south-1) |
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.3 on all connections |
| Field-level encryption | pgcrypto on GST numbers, phone numbers, emails |
| Password hashing | bcrypt via Supabase Auth |
| Access control | Row Level Security (RLS) on all database tables |
| Two-Factor Auth | TOTP (mandatory for Admin, optional for Exporter/VI) |
| Session management | Single active session per user |
| Rate limiting | 100 requests/min per IP via Vercel Edge Middleware |
| File uploads | Magic byte validation on all uploads |
| Audit trail | Immutable append-only activity logs |
| Webhook verification | Cryptographic signature validation (Razorpay/Stripe) |
| Backups | Daily automated backups, 7-day retention |
6. Data Retention
| Data Type | Retained For | Deletion Method |
|---|---|---|
| Account data | Duration of account | Hard delete on account deletion |
| Production logs | 7 years after order completion | Auto-delete (tax/legal compliance) |
| Transport GPS pings | 90 days | Auto-purge |
| Activity/audit logs | 1 year | Auto-archive, then delete |
| Chat messages | Duration of account | Hard delete on account deletion |
| Financial/billing records | 7 years | Auto-delete (tax compliance) |
| Textile Passports | Indefinite | Company names anonymised on account deletion |
| Support tickets | Duration of account + 1 year | Hard delete |
| Uploaded media/files | Duration of account | Hard delete from storage |
7. Your Rights
| Right | How to Exercise |
|---|---|
| Access your data | Settings > Privacy > Download My Data |
| Correct inaccurate data | Edit Profile / Company Settings |
| Delete your account and data | Settings > Privacy > Delete Account (30-day cooling-off) |
| Export data in JSON/CSV | Settings > Privacy > Export Data |
| Restrict processing | Email timeinsoftware@gmail.com |
| Object to processing | Email timeinsoftware@gmail.com |
| Withdraw consent (e.g., GPS tracking) | Settings > Privacy > Manage Consent |
All requests are fulfilled within 30 days.
Account deletion process: 30-day cooling-off period during which you can cancel deletion. After 30 days, personal data is permanently deleted, production/order data is anonymised (for traceability integrity), and all media files are removed. Account deletion is blocked if you are the sole owner of a company with active subscriptions or pending orders until ownership is transferred or orders are completed.
8. Cookies
| Cookie | Purpose | Duration | Consent Required |
|---|---|---|---|
| sb-access-token | Auth session | Session | No (essential) |
| sb-refresh-token | Auth refresh | 7 days | No (essential) |
| theme | Light/Dark mode | 1 year | No (functional) |
| cf_clearance | Cloudflare bot check | 30 min | No (security) |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
9. Cross-Border Transfers
Primary data storage is in Mumbai, India. Where data is transferred internationally (e.g., email delivery via Resend in the US, Stripe payment processing), we rely on Standard Contractual Clauses (SCCs) and explicit user consent as applicable under GDPR, KVKK, PIPL, and DPDPA.
10. Children's Privacy
KnitTrace is a B2B platform for business use only. We do not knowingly collect data from anyone under 18. If we discover a minor has created an account, we will delete it immediately.
11. Changes to This Policy
Material changes are communicated via email 30 days before taking effect. Continued use after the effective date constitutes acceptance. Previous versions are available upon request.
12. Contact
For all privacy-related inquiries, data requests (access, deletion, export), and security incidents:
Email: timeinsoftware@gmail.com
Phone: +91 88708 72911
Registered Address:Time In Software
B2, 4F1, Parsn Antara, Nanjundapuram Road,
Ramanthapuram, Coimbatore, Tamil Nadu, 641036
India
Website: timeinsoftware.com