Legal

Privacy Policy

Effective 20 May 2026

TL;DRWe collect the info we need to run our services and keep them working. We don't sell your data. You can ask us what we have on you, ask us to correct it, or ask us to delete it. Email tech@bitroot.org.

1. Who we are

Bitroot Powerhouse Pvt Ltd, an Indian company at 149, Avior, Nirmal Galaxy, L B S Marg, Mulund West 400080, Mumbai. We run bitroot.org, bitroot.club, platter.bitroot.org, and related services (together, the "Platform").

This policy is published under the Information Technology Act, 2000, the SPDI Rules, 2011, the IT Rules, 2021, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"). If anything in this policy conflicts with those laws, the law wins.

2. What we collect

Depending on what you do on the Platform, we may collect:

  • Identity — name, username, title, DOB.
  • Contact — postal address, email, phone.
  • Financial— billing details. Cards stay with Razorpay; we don't store them.
  • Transaction — what you bought, when, refunds.
  • Technical — IP address, browser, device, time zone, rough location.
  • Profile — credentials, preferences, feedback.
  • Usage — how you click around the Platform.
  • Marketing — your subscription preferences.

We don't go looking for sensitive data (race, religion, biometrics, health) unless we genuinely need it for a service you've asked for.

3. How we get it

  • You give it to us — when you sign up, buy something, fill a form, or email us.
  • Automatically — cookies, server logs, similar tracking.
  • From others — analytics tools, payment partners, public sources.

4. Why we use it

We use your data to:

  • Run your account and the Platform
  • Deliver what you ordered
  • Talk to you — support, billing, and marketing (only the marketing bit if you've opted in)
  • Personalize your experience
  • Spot and stop fraud or abuse
  • Comply with the law

Legal bases we rely on, depending on the purpose: your consent, performance of a contract with you, our legitimate interests (balanced against your rights), and legal obligations.

5. Children

The Platform is for adults (18+). If we learn we've accidentally collected a kid's data, we'll delete it. Under the DPDP Act, where we ever process a minor's data, we need a parent or guardian's verifiable consent.

6. Cookies

We use cookies for sessions, security, analytics, and — where required — only with your consent for non-essential ones. You can turn them off in your browser, but some parts of the Platform will stop working properly.

7. Who we share with

We don't sell your data.Here's who we do share it with, and why:

  • Service providers— hosting, Razorpay for payments, analytics, customer support. They're contractually bound to handle your data the way we tell them.
  • Group companies — other Bitroot entities, when relevant.
  • Professional advisers — lawyers, accountants, auditors, insurers.
  • Authorities — if a court order or law requires it.
  • A future acquirer— if we ever merge or get acquired, your data may move with the business. We'll let you know.

8. International transfers

Some of our service providers run outside India. When your data crosses borders, we put protections in place — standard contractual clauses, adequacy decisions, or your explicit consent — so it stays protected at a similar level.

9. How long we keep it

Only as long as we need it for the purpose it was collected, plus whatever the law requires us to retain (tax, audit, dispute defence, etc.). After that we delete, anonymize, or de-identify it.

10. How we protect it

Encryption in transit, access controls, employee training, breach playbooks. No system is perfect — please use a strong password and tell us if you suspect something's off. If we ever have a serious breach, we'll report it to the Data Protection Board and tell you, as the law requires.

11. Your rights

Under Indian law you can:

  • Ask what data we hold on you
  • Ask us to fix it if it's wrong
  • Ask us to delete it (subject to retention obligations)
  • Withdraw consent if processing relies on it
  • Ask us to port it to you or another service
  • Object to certain uses (e.g., direct marketing)
  • Nominate someone to act on your behalf if you can't (DPDP)

Email tech@bitroot.organd we'll respond within 30 days. We may verify your identity first. No fee for legitimate requests; we may decline ones that are clearly excessive or repetitive.

12. Links to other sites

We sometimes link out to third-party sites. Their privacy practices are their own. Read their policies before sharing anything with them.

13. Changes to this policy

We may update this policy. Material changes will get a new effective date and, where practical, a heads-up by email or in-app notice.

14. Grievance Officer

For complaints about your data or content, contact our Grievance Officer. We acknowledge within 24 hours and resolve within 15 days.

Email
tech@bitroot.org
Phone
+91 85914 98599
Post
Grievance Officer, Bitroot Powerhouse Pvt Ltd, 149 Avior, Nirmal Galaxy, L B S Marg, Mulund West 400080, Mumbai, MH

15. Reach us

Anything else? Email tech@bitroot.org or call +91 85914 98599.