QuantaRoute logo
QuantaRouteDeveloper Portal
Sign in

Privacy Policy

Effective Date: November 10, 2025
Last Updated: November 10, 2025

1. Introduction

Welcome to QuantaRoute ("we", "us", "our", or "Company"). QuantaRoute operates the developer portal and API services available at https://developers.quantaroute.com and https://www.quantaroute.com (collectively, the "Platform" or "Services").

This Privacy Policy explains how we collect, use, process, store, share, and protect your personal data when you use our Services, in accordance with:

  • The Digital Personal Data Protection Act, 2023 (DPDP Act)
  • The Information Technology Act, 2000 and IT Rules, 2011
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

By accessing or using our Platform, you ("User", "Data Principal", or "you") consent to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller/Fiduciary

QuantaRoute acts as a Data Fiduciary under the DPDP Act, 2023.

Contact Information:

For any privacy-related queries, data deletion requests, or exercising your rights under this policy, please contact us at hello@quantaroute.com.

3. Scope and Applicability

This Privacy Policy applies to:

  1. Personal data collected digitally through our website, developer portal, APIs, and related services
  2. Data collected offline and subsequently digitized for processing
  3. Users located in India or anywhere in the world accessing our Services
  4. API consumers, developers, businesses, and other users of QuantaRoute Services

4. Information We Collect

4.1 Personal Data

We collect the following categories of personal data:

Account Registration Data:

  • Full name
  • Email address
  • Mobile number
  • Company/Organization name
  • Designation/Role
  • Billing address
  • GSTIN (for business users)

API Usage Data:

  • API keys and credentials
  • API request logs (timestamps, endpoints, request/response data)
  • Usage metrics (number of API calls, data volume)
  • IP addresses
  • Device information (browser type, operating system)

Payment and Financial Data:

  • Payment method details (collected and processed by Razorpay)
  • Transaction history
  • Billing and invoice information
  • Bank account details (for refunds, if applicable)

Communication Data:

  • Support tickets and correspondence
  • Feedback and survey responses
  • Marketing communication preferences

4.2 Sensitive Personal Data (as per IT Rules, 2011)

We may collect the following sensitive personal data only with explicit consent:

  • Financial information (payment details - processed securely through Razorpay)
  • Passwords (stored in encrypted/hashed format)

We do NOT collect:

  • Sexual orientation
  • Medical records or health information
  • Biometric data
  • Caste, religion, or political affiliation

4.3 Technical and Automatically Collected Data

  • Cookies and similar tracking technologies
  • Log files (IP address, browser type, pages visited, time spent)
  • Device identifiers
  • Location data (approximate, based on IP)

4.4 Data Collected via APIs

When you use QuantaRoute's Geocoding/DigiPin APIs, we may process:

  • Input addresses, pincodes, and location coordinates
  • Geocoded results (latitude, longitude, DigiPin codes)
  • Administrative data (locality, district, state)

Note: We act as a Data Processor for data you send through our APIs. You remain the Data Fiduciary for your end-users' data.

5. Legal Basis and Purpose of Data Processing

We process your personal data on the following lawful grounds:

5.1 Consent (Primary Basis)

Your explicit, free, informed, and specific consent for:

  • Creating and managing your account
  • Processing API requests and providing Services
  • Sending marketing communications (opt-in basis)

5.2 Contractual Necessity

To perform our contract with you:

  • Providing access to APIs and developer tools
  • Processing payments and generating invoices
  • Customer support and service delivery

5.3 Legitimate Interests

For our legitimate business interests:

  • Fraud prevention and security monitoring
  • Platform analytics and performance optimization
  • Compliance with legal obligations

5.4 Compliance with Law

To comply with applicable laws and regulations, including:

  • GST and tax compliance
  • KYC and anti-money laundering requirements
  • Response to lawful government requests

6. Purpose Limitation

We collect and process your personal data only for the following specified purposes:

  1. Service Delivery: Providing access to QuantaRoute APIs, processing geocoding requests, and delivering results
  2. Account Management: Creating, maintaining, and securing user accounts
  3. Billing and Payments: Processing subscriptions, invoicing, and financial transactions
  4. Customer Support: Responding to queries, troubleshooting, and technical assistance
  5. Platform Improvement: Analytics, performance monitoring, and feature development
  6. Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, or malicious activities
  7. Legal Compliance: Meeting regulatory, tax, and legal obligations
  8. Marketing Communications: Sending promotional content (only with explicit consent, opt-out available)

7. Data Minimization and Accuracy

  • We collect only the minimum personal data necessary for the specified purposes
  • We take reasonable efforts to ensure data accuracy and keep it up-to-date
  • You may update or correct your personal data through your account settings or by contacting us at hello@quantaroute.com

8. Data Retention and Storage Limitation

8.1 Retention Period

We retain your personal data only for as long as necessary for the purposes outlined in this policy:

Data TypeRetention Period
Account dataDuration of active account + 1 year after account closure
API usage logs180 days (as per IT Act, 2000 requirements)
Payment/billing records7 years (as per GST and tax laws)
Support communications2 years after resolution
Marketing consent recordsUntil consent is withdrawn

8.2 Data Deletion

Upon expiry of the retention period or upon your request, we will:

  • Permanently delete your personal data from active systems
  • Anonymize or archive data in a secure, encrypted form if required for legal compliance

You may request early deletion by contacting hello@quantaroute.com (see Section 10).

9. Data Sharing and Disclosure

9.1 We Do NOT Sell Your Data

QuantaRoute does not sell, rent, or trade your personal data to third parties for marketing purposes.

9.2 Third-Party Service Providers (Data Processors)

We may share your data with trusted service providers who assist in operating our Platform:

Service ProviderPurposeData SharedLocation
RazorpayPayment processingName, email, payment detailsIndia
Cloud hosting (e.g., AWS, DigitalOcean)Infrastructure and data storageAll platform dataIndia/Asia-Pacific
Email service providersTransactional and marketing emailsEmail address, nameIndia/Global
Analytics toolsPlatform performance monitoringUsage data, IP addressIndia/Global

All service providers are contractually bound to:

  • Process data only as per our instructions
  • Implement adequate security measures
  • Comply with DPDP Act and applicable data protection laws

9.3 Legal and Regulatory Disclosures

We may disclose your personal data to:

  • Government authorities in response to lawful requests or court orders
  • Law enforcement agencies for fraud prevention, security, or criminal investigations
  • Tax authorities for GST and income tax compliance

9.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

10. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights:

10.1 Right to Access

You may request access to your personal data and obtain information about how it is processed.

10.2 Right to Correction

You may request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data, subject to:

  • Legal and regulatory retention requirements
  • Ongoing contractual obligations

To request deletion, email us at: hello@quantaroute.com

We will respond within 30 days and provide at least 48 hours' notice before erasure.

10.4 Right to Data Portability

You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

10.5 Right to Withdraw Consent

You may withdraw your consent at any time by:

  • Updating your account settings
  • Opting out of marketing emails (unsubscribe link)
  • Contacting us at hello@quantaroute.com

Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

10.6 Right to Grievance Redressal

You may file a complaint regarding data processing practices by contacting us at hello@quantaroute.com. We will acknowledge and respond within 30 days.

If unsatisfied with our response, you may escalate to the Data Protection Board of India (DPBI).

11. Data Security Measures

QuantaRoute implements reasonable technical and organizational security safeguards to protect your personal data:

11.1 Technical Measures

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access and multi-factor authentication (MFA)
  • Secure APIs: API keys, rate limiting, and authentication mechanisms
  • Regular Security Audits: Vulnerability assessments and penetration testing
  • Firewalls and Intrusion Detection: Network-level protection

11.2 Organizational Measures

  • Data Protection Policies: Internal policies and procedures for data handling
  • Employee Training: Regular training on data privacy and security
  • Incident Response Plan: Procedures for detecting and responding to data breaches
  • Vendor Management: Due diligence and contractual safeguards with service providers

11.3 Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Data Protection Board of India without undue delay
  • Notify affected Data Principals within a reasonable timeframe (as per DPDP Act requirements)
  • Provide information about the nature of the breach and remedial actions

12. Children's Data

QuantaRoute's Services are not intended for children under 18 years of age.

We do not knowingly collect personal data from children without verifiable parental consent. If we become aware that we have collected data from a child without proper consent, we will take steps to delete such data immediately.

Parents/guardians may contact hello@quantaroute.com to request deletion of a child's data.

13. Cross-Border Data Transfers

13.1 Data Storage Location

Your personal data is primarily stored and processed in India using cloud infrastructure located in Indian data centers.

13.2 International Transfers

We may transfer personal data to countries outside India for:

  • Cloud hosting and backup services
  • Analytics and monitoring tools
  • Customer support services

All international transfers comply with:

  • DPDP Act, 2023 requirements
  • Adequate safeguards (Standard Contractual Clauses, adequacy decisions)
  • Restrictions on transfers to blacklisted countries (as notified by the Government of India)

14. Cookies and Tracking Technologies

14.1 Types of Cookies We Use

Cookie TypePurposeDuration
Strictly NecessaryAuthentication, security, session managementSession/Persistent
FunctionalRemembering preferences, settingsPersistent (1 year)
AnalyticsPlatform usage, performance monitoringPersistent (2 years)
Marketing (Optional)Personalized ads, campaign trackingPersistent (varies)

14.2 Managing Cookies

You may control cookies through your browser settings. Note that disabling certain cookies may affect Platform functionality.

For more details, see our Cookie Policy (if separate) or manage preferences in your account settings.

15. Marketing and Communications

15.1 Opt-In Consent

We will send marketing communications (newsletters, product updates, promotional offers) only with your explicit consent.

15.2 Opt-Out

You may opt out at any time by:

  • Clicking the "Unsubscribe" link in emails
  • Updating communication preferences in your account
  • Emailing hello@quantaroute.com

15.3 Transactional Communications

You cannot opt out of essential transactional communications (account notifications, invoices, security alerts) required for service delivery.

16. Third-Party Links

Our Platform may contain links to third-party websites, services, or APIs. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal data.

17. Data Processor Obligations (For API Users)

If you use QuantaRoute APIs to process personal data of your end-users, you acknowledge that:

  1. You are the Data Fiduciary for your end-users' data
  2. QuantaRoute acts as your Data Processor
  3. You must:
    • Obtain proper consent from your end-users
    • Provide appropriate privacy notices
    • Ensure compliance with DPDP Act and applicable laws
  4. You indemnify QuantaRoute against any claims arising from your non-compliance

Data Processing Agreement (DPA) available upon request for enterprise customers.

18. Compliance and Audit

QuantaRoute is committed to compliance with:

  • Digital Personal Data Protection Act, 2023
  • Information Technology Act, 2000
  • IT Rules, 2011
  • GST and tax regulations

We conduct periodic internal audits and may engage third-party auditors to assess compliance.

19. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in legal or regulatory requirements
  • Updates to our data processing practices
  • Introduction of new features or services

Notice of Updates:

  • Updated version will be posted on our website with a revised "Last Updated" date
  • Material changes will be notified via email or prominent notice on the Platform
  • Continued use of Services after updates constitutes acceptance of the revised policy

20. Grievance Redressal Mechanism

20.1 Contact for Grievances

For any complaints, queries, or requests related to your personal data, contact:

Email: hello@quantaroute.com
Subject Line: "Privacy Grievance - [Your Name]"

20.2 Response Timeline

  • Acknowledgment: Within 48 hours of receiving your complaint
  • Resolution: Within 30 days of acknowledgment
  • If we cannot honor your request, we will provide a written explanation

20.3 Escalation

If unsatisfied with our response, you may file a complaint with:

Data Protection Board of India (DPBI)
(Details to be updated once DPBI is operational)

21. Accountability and Compliance Officer

For any privacy-related inquiries or to exercise your rights, please contact:

Email: hello@quantaroute.com
Address: (To be updated with registered office address)

22. Definitions

  • Data Principal: An individual (you) whose personal data is processed
  • Data Fiduciary: An entity (QuantaRoute) that determines the purpose and means of processing personal data
  • Data Processor: An entity that processes personal data on behalf of a Data Fiduciary
  • Personal Data: Any data relating to an identifiable individual
  • Sensitive Personal Data: Financial information, passwords, biometric data (as per IT Rules, 2011)
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion)

23. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India.

Any disputes arising out of this policy shall be subject to the exclusive jurisdiction of courts in [Your City, India].

24. Language

This Privacy Policy is provided in English. In case of any translation, the English version shall prevail.

25. Consent

By using QuantaRoute's Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For Data Deletion Requests:
Email: hello@quantaroute.com
Subject: "Request for Data Deletion - [Your Name/Email]"

QuantaRoute
Empowering Precision in Location Intelligence

For questions or concerns, please contact us at hello@quantaroute.com

Need a different format?

You can also host PDFs or localized versions under /public/legal.

hello@quantaroute.com