Skip to main content
This Privacy Policy describes how Epixel Software Private Limited (“Terriqon”, “we”, “us”, or “our”) collects, uses, stores, and discloses personal data in connection with the Terriqon platform and website (terriqon.com). This policy is effective July 1, 2026 and is Version 1.1. By using Terriqon, you agree to the practices described here.
This is the full Privacy Policy. For a plain-language overview of how Terriqon protects your field data, see Data Protection and PII Stripping.

1. Our Role: Data Fiduciary and Data Processor

Terriqon operates in two distinct privacy roles depending on the category of data involved. Data Fiduciary / Controller — Account and Website Data: When Terriqon collects personal data about you directly — such as your name, email address, and payment details provided when you sign up for a Terriqon account — Terriqon acts as the Data Fiduciary under the India Digital Personal Data Protection Act, 2023 (“DPDP Act”) and as the Data Controller under the EU General Data Protection Regulation (“GDPR”). Terriqon determines the purposes and means of processing this data. Data Processor — Customer Field Data: When your organisation uses the Terriqon platform to collect, store, and process field data about third parties (such as beneficiaries, survey respondents, or programme participants), Terriqon acts as a Data Processor on your instructions. Your organisation is the Data Fiduciary / Data Controller for that data. Terriqon processes it only to provide the platform services you have requested, in accordance with your instructions and applicable data processing agreements.

2. Personal Data We Collect

Account and Organisation Data

When you register for a Terriqon account or manage an organisation on the platform, we collect:
  • Full name and email address of account holders and invited users
  • Organisation name and country
  • User roles assigned within the platform (Admin, Manager, Field Officer)
  • Authentication credentials (passwords stored as salted hashes; we never store plaintext passwords)
  • Profile information provided voluntarily

Field Data

Field data is submitted by your Field Officers using forms your organisation creates and deploys. Terriqon stores this data on your behalf as Data Processor. The categories of personal data in field submissions depend entirely on the forms you design. Common categories in field programmes include names, locations, case references, responses to survey questions, uploaded files, audio recordings, and signatures. Terriqon does not examine or use this data for any purpose other than providing the platform to you.

Billing Data

When you subscribe to a paid Terriqon plan, billing is handled by our payment processor, Stripe. Terriqon receives and retains:
  • Subscription tier and status
  • Billing contact name and email
  • Country and postal code (for tax purposes)
  • Last four digits of your payment card and card type (for display purposes only)
Terriqon does not receive or store full card numbers, CVV codes, or bank account details. These are held exclusively by Stripe.

Website and Marketing Data

When you visit terriqon.com or interact with Terriqon marketing content, we may collect:
  • IP address and approximate location (country/region level)
  • Browser type, operating system, and device type
  • Pages visited, referrer URL, and session duration
  • Email address if you sign up for marketing communications
This data is collected via first-party analytics (PostHog) and is used to understand how visitors use the website and to improve the product.

Support Communications

When you contact Terriqon through the in-app support chat (Crisp) or by email, we collect the content of those communications, your name and email address, and any information you choose to provide to help resolve your query. Support conversations are retained to enable follow-up and to improve our support quality.
PurposeLegal Basis (India DPDP Act)Legal Basis (EU/EEA GDPR)
Providing and operating the Terriqon platformConsent / Legitimate usePerformance of a contract (Art. 6(1)(b))
Processing payments and managing subscriptionsLegitimate usePerformance of a contract (Art. 6(1)(b))
Sending transactional emails (account, security, billing)Legitimate usePerformance of a contract / Legitimate interests (Art. 6(1)(b)/(f))
Sending product and marketing emailsConsentConsent (Art. 6(1)(a))
Product analytics and platform improvementLegitimate useLegitimate interests (Art. 6(1)(f))
Providing customer supportLegitimate useLegitimate interests (Art. 6(1)(f))
Complying with legal obligationsLegal obligationLegal obligation (Art. 6(1)(c))
Detecting and preventing fraud and abuseLegitimate useLegitimate interests (Art. 6(1)(f))
We do not sell personal data to third parties. We do not use personal data for behavioural advertising.

4. AI Processing and Privacy Safeguards

Terriqon offers AI-powered programme reports generated from aggregated field submission data. Before any field data is passed to AI processing components, Terriqon runs an automated PII stripping pipeline that removes personal identifiers. The pipeline:
  • Excludes all fields tagged with a sensitivity classification of personally identifiable or restricted
  • Always strips GPS coordinates and all precise geolocation data, regardless of tagging
  • Excludes structural field types known to carry personal data: free text, names, phone numbers, device and subscriber IDs, case IDs, file uploads, audio recordings, and signatures
  • Applies pattern-matching to detect and exclude national identification numbers, passport numbers, bank account numbers, and payment card numbers
  • Records a redaction manifest in the organisation’s audit log documenting every exclusion
The AI only receives anonymised, aggregated metrics. It never receives raw personal data, names, coordinates, or case identifiers. Every AI-generated report must be reviewed and approved by a named manager before it can be downloaded or shared. A report cannot be published without explicit human approval. Rejection requires a written reason; the full approval and rejection trail is permanently retained in the audit log. For a detailed explanation, see PII Stripping.

5. Sub-Processors

Terriqon engages the following sub-processors to deliver the platform. Each is bound by data processing agreements ensuring data is handled with appropriate safeguards.
Sub-processorPurposeLocation
StripePayment processing and subscription billingUnited States / Ireland
RailwayApplication hosting and backend infrastructureUnited States
CloudflareContent delivery network, DDoS protection, DNSUnited States (global network)
PlanetScaleManaged relational database hostingUnited States
Amazon Web ServicesApplication hosting and object storageUnited States
ZeptoMailTransactional email deliveryUnited States
LoopsProduct and marketing email communicationsUnited States
CrispCustomer support live chatFrance / European Union
PostHogProduct usage analyticsUnited States / European Union

6. Cross-Border Data Transfers

Terriqon is incorporated in India and its primary users include organisations operating in India, the EU/EEA, and other jurisdictions. Your data may be processed by sub-processors located in the United States, France, and other countries outside your own jurisdiction. Where personal data originating from the EU/EEA is transferred to countries not recognised by the European Commission as providing an adequate level of protection, Terriqon relies on the European Commission’s Standard Contractual Clauses (“SCCs”) as the legal mechanism for those transfers. Where personal data originating from India is transferred internationally, Terriqon relies on the cross-border transfer provisions of the DPDP Act and applicable rules thereunder.

7. Data Retention

CategoryRetention Period
Account and organisation dataRetained for as long as your account is active
Field data (Customer Data)Retained for as long as your account is active
After full account cancellation30-day window for you to export data; production deletion completed within 90 days of cancellation
Billing and financial recordsRetained for up to 8 years as required by applicable financial and tax law
Backup copiesOverwritten on a rolling ~90-day cycle
Support communicationsRetained for a reasonable period to enable follow-up and quality improvement
Marketing email consent recordsRetained until consent is withdrawn, plus a reasonable period for legal compliance
After your account is cancelled, you have 30 days to export your data. Following that window, production deletion begins. Terriqon cannot restore data after production deletion is complete.

8. Data Security

Terriqon implements the following technical and organisational security measures:
  • Encryption in transit: All data is transmitted over TLS-encrypted connections.
  • Role-based access control: Platform users are restricted to resources within their assigned role and organisation.
  • Private cloud storage: All uploaded files are stored in private (non-public) buckets and accessed exclusively through time-limited signed URLs.
  • Audit logging: All access, administrative actions, report approvals, and report exports are recorded in a permanent audit log.
  • Secure session management: User sessions are managed with cryptographically secure tokens that expire on inactivity and are invalidated on sign-out.
No security measure is infallible. In the event of a data breach, Terriqon follows the breach notification procedure described in Section 12 below.

9. Your Rights

Rights under the India DPDP Act

If you are a data principal under the DPDP Act, you have the right to:
  • Access: Obtain a summary of personal data Terriqon holds about you and how it is processed.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request erasure of personal data where retention is no longer necessary for the original purpose, subject to legal retention obligations.
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Grievance redressal: Lodge a grievance with Terriqon’s Grievance Officer (see Section 15).
  • Nomination: Nominate a person to exercise your rights in the event of your death or incapacity.

Rights under the EU/EEA GDPR

If you are a data subject under the GDPR, you have the right to:
  • Access (Art. 15): Obtain a copy of your personal data and information about how it is processed.
  • Rectification (Art. 16): Request correction of inaccurate personal data.
  • Erasure / Right to be Forgotten (Art. 17): Request deletion of your personal data in certain circumstances.
  • Portability (Art. 20): Receive your personal data in a structured, machine-readable format.
  • Restriction of processing (Art. 18): Request that we limit how we process your data in certain circumstances.
  • Objection (Art. 21): Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint: File a complaint with a supervisory authority in your EU member state.
To exercise any of these rights, please contact us at support@terriqon.com. We will respond within the timeframe required by applicable law. We may ask you to verify your identity before processing a request.

10. Cookies and Tracking Technologies

Terriqon uses cookies and similar technologies on terriqon.com and within the Terriqon platform. Some cookies are strictly necessary for the platform to function; others are optional and used for analytics and support. For a complete description of the cookies we use, how to manage your preferences, and how to opt out, please see the Cookies Policy.

11. Children’s Data

Terriqon is a business-to-business platform intended for use by organisations and their employees or authorised representatives. Terriqon does not knowingly collect personal data directly from individuals under the age of 18. If you believe that a child’s personal data has been submitted to Terriqon without appropriate authorisation, please contact us at support@terriqon.com so we can take appropriate action.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, Terriqon will:
  • Notify affected customers within 48 hours of confirming the breach
  • Notify relevant supervisory authorities as required by applicable law (including the Data Protection Board of India under the DPDP Act and relevant EU supervisory authorities under the GDPR)
  • Provide information about the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach and mitigate its effects

13. EU Representative and Data Protection Officer

Terriqon does not currently have a formal EU Representative or a designated Data Protection Officer. Where GDPR obligations require a representative or DPO, we will update this policy accordingly. In the meantime, EU/EEA data subjects may direct all privacy inquiries to support@terriqon.com.

14. Changes to This Policy

Terriqon may update this Privacy Policy from time to time to reflect changes in our practices, platform features, or applicable law. When we make material changes, we will:
  • Update the effective date and version number at the top of this page
  • Notify active account holders by email or in-platform notification
Continued use of Terriqon after a revised policy takes effect constitutes acceptance of the revised terms. If you do not agree with a material change, you may close your account before the change takes effect. The current version is Version 1.1, effective July 1, 2026.

15. Grievance Officer and Contact

For privacy inquiries, to exercise your rights, or to lodge a grievance, please contact: Grievance Officer Ved Prakash ved@epixelsoftware.com Epixel Software Private Limited 1415-B Jain Nagar Karala New Delhi, Delhi, India 110081 General support: support@terriqon.com We aim to acknowledge all inquiries within 72 hours and resolve grievances within the timeframe required by applicable law.