Legal

Privacy Policy

Effective: 25 February 2026 Last updated: 25 February 2026
Summary: TagDrishti collects only what is necessary to provide the service. We do not sell your data. We do not use your data for advertising. All data is processed in compliance with GDPR, CCPA, and DPDP 2023.
Contents
1. Who We Are 2. Data We Collect 3. How We Use Your Data 4. Legal Basis for Processing 5. Data Sharing 6. Data Retention 7. Your Rights 8. Cookies 9. Security 10. Children's Privacy 11. Changes to This Policy 12. Contact Us

1. Who We Are

TagDrishti ("we", "us", "our") is a real-time Google Tag Manager monitoring platform operated by TagDrishti Technologies. Our registered address is India. We can be contacted at contact@tagdrishti.com.

When you use TagDrishti, we act as the Data Controller for your account and billing information. For tag monitoring data collected from your website visitors, you are the Data Controller and we act as your Data Processor under a Data Processing Agreement (DPA).

2. Data We Collect

Account Data

  • Name and email address (provided on signup)
  • Organisation name and billing address
  • Payment information (processed by Razorpay — we never store card numbers)
  • Usage data (number of events processed, domains monitored)

Monitoring Data (collected on your behalf)

  • GTM tag names, types, fire status, and execution times
  • Page URLs and paths (PII parameters are stripped automatically)
  • Browser type, device class, viewport dimensions
  • Core Web Vitals measurements (LCP, CLS, INP, FCP, TTFB)
  • Consent mode signals (analytics_storage, ad_storage, etc.)
  • Script domains loaded on monitored pages (for Magecart detection)
  • Session IDs (pseudonymised via one-way hash for EU/India users)

Technical Data

  • IP addresses (used for rate limiting, not stored long-term)
  • API request logs (retained for 30 days for debugging)
  • Error logs (retained for 30 days)

3. How We Use Your Data

  • Provide the service: Process tag events, generate alerts, display dashboards
  • Billing: Process subscription payments via Razorpay
  • Security: Detect Magecart attacks, CSP violations, and SRI failures
  • Compliance: Generate GDPR/CCPA/DPDP audit trails for you
  • Communications: Send alert emails, product updates, and billing notices
  • Improvement: Analyse aggregate usage patterns to improve the platform (never individual-level analysis for advertising)
  • Contract: Processing necessary to deliver the service you subscribed to (Art. 6(1)(b))
  • Legitimate Interest: Security monitoring, fraud prevention, service integrity (Art. 6(1)(f))
  • Legal Obligation: Compliance with applicable laws including tax and financial regulations (Art. 6(1)(c))
  • Consent: Marketing emails — you can withdraw consent at any time

5. Data Sharing

We do not sell your data. We share data only with these sub-processors, all bound by data processing agreements:

  • Google Cloud Platform — Cloud Run (compute), BigQuery (analytics storage), Pub/Sub (event queue). Region: asia-south1 (Mumbai).
  • Supabase — Application database (tenant, workspace, API key storage). Region: ap-south-1.
  • Cloudflare — CDN, DNS, DDoS protection, Worker proxy.
  • Razorpay — Payment processing. PCI DSS Level 1 certified.
  • Resend — Transactional email delivery.
  • Upstash — Redis caching layer.

We may also disclose data when required by law, court order, or to protect the rights and safety of TagDrishti, our customers, or the public.

6. Data Retention

  • Starter plan: Monitoring data retained for 7 days
  • Agency plan: Monitoring data retained for 90 days
  • Enterprise plan: Monitoring data retained for 1 year
  • Account data: Retained for the duration of your subscription plus 90 days after cancellation
  • Billing records: Retained for 7 years as required by Indian tax law

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request we restrict processing of your data
  • Withdraw consent: For marketing emails at any time

To exercise any right, email contact@tagdrishti.com. We will respond within 30 days. For DSAR (Data Subject Access Requests), use the export function in Dashboard → Settings → Data & Privacy.

8. Cookies

Our marketing website (tagdrishti.com) uses the following cookies:

  • Strictly necessary: Session authentication (cannot be disabled)
  • Analytics: Aggregate page view tracking — only with consent
  • Preferences: UI preference storage (theme, language)

The TagDrishti monitoring script installed on your customers' websites does not set any cookies. It uses session pseudonymisation instead.

9. Security

We implement appropriate technical and organisational measures including: TLS 1.3 encryption in transit, AES-256 encryption at rest, API key authentication, role-based access control, regular security audits, and 72-hour breach notification. See our Security page for details.

10. Children's Privacy

TagDrishti is not directed to children under 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, contact us at contact@tagdrishti.com. The DPDP 2023 children_mode flag blocks all non-essential tag monitoring for users identified as minors.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email and by posting a notice on the dashboard. Continued use of TagDrishti after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy questions, data requests, or to report a concern:

  • Email: contact@tagdrishti.com
  • Response time: Within 30 days for general enquiries, 72 hours for breach reports
  • Postal: TagDrishti Technologies, India

If you are an EU resident and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.