01Introduction
Transitr (“Transitr”, “we”, “us”, or “our”) is a multi-tenant software-as-a-service platform, operated from India, that helps freight and transport companies manage shipments, fleet, drivers, invoicing, and client communication. This Privacy Policy explains what personal data we collect, why we collect it, how we process and share it, and the rights available to you — including your rights under India’s Digital Personal Data Protection Act, 2023(the “DPDP Act”).
This policy applies to the Transitr marketing website, the Transitr web application, the client portal, and the driver portal (together, the “Service”). Where a freight company (an “Organization”) uses Transitr to manage its own business records — for example, details of its clients, drivers, and shipments — that Organization determines the purposes of processing and Transitr processes the data on its behalf and under its instructions.
02Data We Collect
We collect the following categories of data:
Account data
- Name, email address, and/or phone number, used to create your account and to deliver one-time sign-in codes (OTP).
- Profile details you choose to add, such as a display name or avatar.
Organization and business data
- Organization details: company name, addresses, registration/tax identifiers, and billing information.
- Operational records your Organization creates in the Service: shipments, jobs, vehicle and fleet records, driver records, client and vendor records, invoices, documents, messages, and notes.
Driver location data
- GPS location of driver devices is collected only during active trips, to provide live shipment tracking to the Organization and its clients. Location collection stops when a trip ends, and drivers are shown an in-app indicator while tracking is active.
Usage and analytics data
- We use PostHog, hosted in the United States, to understand how the Service is used (page views, feature interactions, approximate region derived from IP). Analytics events are configured to exclude sensitive personal data and the contents of your business records.
- Technical logs and diagnostics: device/browser type, IP address, timestamps, and error reports (via Sentry) to keep the Service secure and reliable.
Support and communications
- Messages you send to our support, sales, or grievance channels, and our responses.
03How We Use Your Data
We process personal data for the following purposes:
- Providing the Service— authenticating you (including delivering OTP codes by email or SMS), operating your Organization’s workspace, enabling live shipment tracking, and powering the client and driver portals.
- Billing and subscriptions — processing payments, managing plans, and issuing invoices through our payment processor.
- Communication — sending transactional emails and SMS (sign-in codes, shipment notifications, invoices) and responding to your requests.
- Security and reliability — detecting abuse and fraud, rate limiting, debugging errors, and maintaining audit logs of administrative actions.
- Product improvement — analyzing aggregated, pseudonymized usage patterns to improve features and performance.
- Legal compliance — meeting our obligations under applicable law, including tax, accounting, and lawful requests from authorities.
We do notsell personal data, and we do not use your Organization’s business records for advertising.
04Your Rights (DPDP Act, 2023)
If you are in India, the DPDP Act gives you the following rights as a Data Principal in respect of personal data processed with your consent:
- Right to access — obtain a summary of the personal data we process about you and the processing activities undertaken.
- Right to correction and erasure — request correction of inaccurate or incomplete data, updating of your data, and erasure of data that is no longer necessary for the purpose it was collected for.
- Right of grievance redressal — raise a grievance with us, which we will acknowledge and respond to within the timelines prescribed under the DPDP Act and its rules.
- Right to nominate — nominate another individual to exercise your rights in the event of death or incapacity.
- Right to withdraw consent — withdraw previously given consent at any time, with effect for future processing.
To exercise any of these rights, contact our Grievance Officer at grievance@transitr.in with the subject line “DPDP Request”. We may need to verify your identity before acting on a request. If you remain unsatisfied after our response, you may escalate your complaint to the Data Protection Board of India.
Note: where Transitr processes data on behalf of your freight company (for example, your shipment records as a client of that company), please direct requests to that Organization first — we will support them in fulfilling your request.
06Cross-Border Processing
Transitr operates from India, and the sub-processors listed above host data in the European Union and the United States. This means your personal data may be transferred to, stored in, and processed in countries outside India.
We transfer data only to jurisdictions and providers consistent with the DPDP Act and any government notifications restricting transfers, and we require all sub-processors to protect personal data with safeguards at least equivalent to those described in this policy, including encryption in transit and contractual confidentiality obligations.
07Data Retention
We keep personal data only as long as it is needed:
- Account data — retained while your account is active, and deleted or anonymized within 90 days of account deletion, except where law requires longer retention.
- Organization business records— retained for the life of the Organization’s subscription and deleted within 90 days after the Organization closes its workspace, subject to a reasonable export window.
- Driver GPS trip data— retained as part of trip history for the Organization’s operational and audit needs, per the Organization’s configuration.
- Billing and tax records — retained for the periods required by Indian tax and accounting law.
- Logs and analytics — retained for short, rolling windows and then deleted or aggregated.
08Security Measures
We apply technical and organizational measures appropriate to the risk, including:
- Tenant isolation at the database level— every Organization’s data is segregated using PostgreSQL Row-Level Security (RLS), enforced by the database itself rather than application code alone.
- Encryption in transit — all traffic between your devices and the Service, and between our services and sub-processors, is encrypted using TLS.
- Passwordless authentication — short-lived one-time codes with rate limiting, instead of stored passwords.
- Granular access control — role-based permissions within each Organization, audit logging of administrative actions, and least-privilege access for our own staff.
No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify you and the Data Protection Board of India as required by the DPDP Act.
09Children's Data
The Service is intended for businesses and their staff. We do not knowingly process the personal data of children (persons under 18 in India) and do not direct the Service at them. If you believe a child’s data has been provided to us, contact us and we will delete it.
10Changes to This Policy
We may update this policy as the Service or the law changes. We will post the updated version on this page with a revised “Last updated” date and, for material changes, notify you through the Service or by email before the changes take effect.
11Contact Us
Questions about this policy or our data practices? Reach us at hello@transitr.in, or for DPDP requests and grievances, our Grievance Officer at grievance@transitr.in.