What this is
Tthya re-presents corporate records that India's Ministry of Corporate Affairs (MCA) publishes through its IDDatabank and MDSMaster services. We are not affiliated with the Ministry. This policy explains the information we collect from you, the visitor — separate from the public-record information we display about Indian companies and directors.
What we collect
- Account info — your email, and (if you sign in with Google) your Google account identifier.
- Purchase records — when you unlock a report, we store which report (CIN, DIN, or LLPIN), the timestamp, and the Stripe Checkout session id. Card data is held by Stripe; we never see it.
- Product analytics — page views, search queries, button clicks, and the user-agent string of your browser. We do not run third-party trackers, ad pixels, or session-replay services.
- Operational logs — request paths and IP addresses for security and abuse mitigation, retained for 30 days.
What we don't surface
Aadhaar number, passport number, driving licence, and voter-ID are regulated under the Aadhaar Act 2016 and analogous statutes. Even though MCA returns these to us, we strip them from every report before it reaches you, paid or otherwise.
Your rights (DPDP Act 2023)
You can request a copy of your personal data, ask us to correct it, or ask us to erase it by emailing support@tthya.com . We will action correction / erasure requests within 30 days.
Where data lives
Application database (Postgres) is hosted on a Hetzner VPS in Germany. Object storage (when used) is on Cloudflare R2. Outbound email goes through Resend. Stripe processes payments and holds card data — see their respective privacy policies for the details we cannot speak to.
Cookies
We set one session cookie (signed, HTTP-only, SameSite=Lax) when you
sign in, and an optional remember-me cookie if you ask to stay
signed in. We do not set advertising or cross-site tracking cookies.