TinTorchAccount
Back to home

Privacy Policy

Last updated: June 22, 2026

This document is a template provided for convenience and must be reviewed and adapted by qualified legal counsel before it is relied upon. It does not constitute legal advice.

1. Overview

This Privacy Policy explains how TinTorch (“we”, “us”) collects, uses and protects personal data when you use TinTorch Account and the TinTorch product suite. Because TinTorch Account is the identity layer for the suite, it processes the core account data shared across n10, Transfer, Forms, Sign, Docs and Pulse.

2. Data we collect

Account and profile data

  • Email address (required to create and sign in to your account).
  • Name and, if you provide one, profile image.
  • Authentication provider identifiers — for example your Google account ID or Telegram user ID when you connect those providers.
  • Hashed password, if you sign in with email and password (we never store passwords in plain text).

Security and device data

  • IP address and approximate location for security and fraud prevention.
  • Device, browser and operating-system information used to identify sessions.
  • Login history, active sessions and two-factor authentication status.

Billing data

  • Subscription and plan information for products you pay for.
  • Billing identifiers and transaction metadata from our payment processors. Full card details are handled by the processor and are not stored on our systems.

Organization data

If you create or join an organization, we process organization names, membership, roles and your active-organization selection.

3. How we use your data

  • To provide single sign-on and authenticate you across the suite.
  • To secure your account, detect suspicious activity and manage sessions.
  • To operate organizations, teams and role-based access.
  • To process subscriptions, billing and invoices.
  • To communicate with you about your account, security and service changes.
  • To comply with legal obligations and enforce our terms.

4. Legal bases for processing

Where applicable law requires a legal basis, we rely on: performance of our contract with you (to provide the Services); our legitimate interests (to secure and improve the Services); your consent (for optional processing such as certain communications); and compliance with legal obligations.

5. Service providers and processors

We share data with trusted third parties who process it on our behalf, only as needed to deliver the Services:

  • Supabase — managed database and authentication infrastructure.
  • Vercel — application hosting and content delivery.
  • Google — Google OAuth sign-in.
  • Telegram — Telegram login.
  • Stripe, Razorpay and Cashfree — payment processing for subscriptions.

A current list is maintained on our Sub-processors page. These providers are bound by contractual obligations to protect your data.

6. International transfers

Your data may be processed in countries other than your own. Where we transfer personal data internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms recognized under applicable law.

7. Data retention

We retain personal data for as long as your account is active and as needed to provide the Services. After account closure we delete or anonymize personal data within a reasonable period, except where we must retain it to comply with legal, accounting or security obligations (for example, billing records and security logs may be kept for a limited statutory period).

8. Your rights

Depending on your location, you may have rights under the EU/UK GDPR, India’s Digital Personal Data Protection Act (DPDP), and other laws, including:

  • Access to the personal data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Deletion of your data, subject to legal exceptions.
  • Restriction of or objection to certain processing.
  • Data portability in a structured, machine-readable format.
  • Withdrawal of consent, where processing is based on consent.
  • Lodging a complaint with your supervisory or data protection authority.

You can exercise many of these rights directly from your account settings, or by contacting us using the details below.

9. Children

The Services are not directed to children below the age required to consent to data processing in their jurisdiction, and we do not knowingly collect their personal data.

10. Changes to this policy

We may update this Privacy Policy from time to time and will post the updated version with a revised “Last updated” date. Material changes will be notified through the Services.

11. Contact us

For privacy questions or to exercise your rights, contact our data protection team at privacy@tintorch.com. We will respond within the timeframes required by applicable law.