Skip to main content
Terriqon is built for field programmes that handle sensitive operational data — crop yields, beneficiary records, infrastructure assessments, and more. Keeping that data secure is not an afterthought; it is a foundational part of how the platform works. Every submission travels over an encrypted connection, every file sits in private storage, and every action taken on a report is permanently recorded. This page explains the technical and organisational measures Terriqon applies to protect your data, how long your data is kept, and who else may process it on our behalf.

Security Measures

Terriqon applies the following controls across all tiers of the platform:
  • Encryption in transit (TLS): All data transmitted between field devices, the Terriqon web application, and Terriqon servers is encrypted using TLS. No submission, file, or report travels over an unencrypted connection.
  • Role-based access control (RBAC): Three roles — Admin, Manager, and Field Officer — each carry strictly scoped permissions. Field Officers can submit data but cannot view reports or manage users. Managers can approve and share AI Reports within their assigned scope. Admins control organisation-wide settings, user management, and billing. No role can access resources outside its defined boundary.
  • Private cloud storage with time-limited signed URLs: All files uploaded by your organisation — attachments, audio, images, signatures — are stored in private (non-publicly accessible) cloud buckets. Files are served exclusively through short-lived signed URLs that expire automatically, preventing unauthorised sharing or hotlinking.
  • Audit logging: Every access event, administrative action, approval, rejection, and report export is recorded in a permanent, append-only audit log. Audit records cannot be edited or deleted and are available to Admins for compliance review.
  • Session management with secure tokens: User sessions are managed with cryptographically secure tokens. Sessions expire after a period of inactivity and are invalidated immediately on sign-out.

Data Retention

The table below summarises how long Terriqon retains different categories of data.
ScenarioRetention
Active accountAll data retained for as long as your account remains active
After full cancellation30-day window for you to export your data; production data deleted within 90 days of cancellation
Billing and financial recordsRetained for up to 8 years as required by applicable financial and tax law
Backup copiesOverwritten on a rolling ~90-day cycle
After cancelling your account you have 30 days to export your data. After that window closes, production deletion begins and cannot be reversed. Please export any records you need before the window expires.

Breach Notification

In the event of a personal data breach that poses a risk to individuals, Terriqon will notify affected customers within 48 hours of confirming the breach. Where required by applicable law (including the EU General Data Protection Regulation and India’s Digital Personal Data Protection Act), Terriqon will also notify the relevant supervisory authority. Notifications will describe the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it.

Sub-Processors

Terriqon uses a small, carefully selected set of trusted third-party sub-processors to deliver the platform. Each sub-processor is bound by data processing agreements that require them to protect your data to at least the same standard as Terriqon. No sub-processor receives more data than is necessary for its specific function.
Sub-processorPurposeLocation
StripePayment processing and subscription billingUnited States / Ireland
RailwayApplication hosting and backend infrastructureUnited States
CloudflareContent delivery network, DDoS protection, and DNSUnited States (global network)
PlanetScaleManaged relational database hostingUnited States
Amazon Web ServicesApplication hosting and object storageUnited States
ZeptoMailTransactional email delivery (account notifications, password resets)United States
LoopsProduct and marketing email communicationsUnited States
CrispCustomer support live chatFrance / European Union
PostHogProduct usage analyticsUnited States / European Union

Your Rights

You and your organisation have rights over the personal data Terriqon holds, including rights of access, correction, erasure, data portability, and — depending on your jurisdiction — restriction and objection. For the full details of your rights under the India Digital Personal Data Protection Act and the EU General Data Protection Regulation, see the Privacy Policy. To exercise any of these rights, contact us at support@terriqon.com.
Your Customer Data is always yours. Terriqon only uses it to provide the service and to generate AI Reports on your request — never for advertising or sale to third parties.