Privacy policy
Last updated: 23 May 2026 · XiteNodes Private Limited
This document describes our intent and current practice. It is reviewed by counsel before any binding update; for the binding version applicable to your contract, refer to the latest version delivered via your account dashboard.
We collect and process personal data only where necessary to deliver, bill, and secure the services. This document describes what we collect, why, how long we retain it, and your rights under the DPDP Act 2023.
What we collect
Account data (name, email, phone), billing data (address, GSTIN where provided, Razorpay transaction tokens — not card numbers), authentication data (password hash, TOTP secret hash, session tokens), and operational data (audit log, IP, user-agent, support tickets, KYC documents).
Why we process it
To deliver the services you request, bill correctly, comply with KYC and tax law, secure the panel against abuse, and respond to support requests. We do not sell or rent personal data.
Where it lives
All customer-account databases are hosted within India. Backups and snapshots are also kept in India. We never transfer personal data outside India except where strictly required by law.
Retention
Audit log entries are retained 90 days. Invoices and tax records are retained 8 financial years as required by Indian tax law. Support tickets are retained for up to 3 years after closure. Other personal data is deleted within 30 days of account closure.
Sub-processors
Razorpay (payments + e-mandate), Cashfree (KYC), MaxMind (IP geo-defaults), Cloudflare (DNS), SMTP relays for transactional email. The current list is published on request and updated when it changes materially.
Your rights
You may request access, correction, or erasure of your personal data, and may withdraw consent for non-essential processing, by writing to support@rudracloud.in.
Contact
Privacy queries: support@rudracloud.in. Grievance officer details are published on request.