Privacy policy

What data we collect, why, and what control you have over it. Written for India's DPDP Act 2023.

Last updated: 2026-04-15

1. Who we are

QuickCommerceMap.com (the "Site") is operated by Apexlayer Technologies Private Limited (Apexlayer Technologies), a private limited company incorporated in India under CIN U58201HR2025PTC135312. Under the Digital Personal Data Protection Act 2023 ("DPDP Act"), Apexlayer Technologies is the Data Fiduciary for personal information collected through the Site.

2. What we collect

We collect the minimum personal data required to operate the Site:

  • Newsletter signups: email address, optional name, the page you signed up from, and the date.
  • Free report downloads: name, email, role (investor / founder / analyst / journalist / student / other), and any UTM parameters present in the URL.
  • Contact form submissions: name, email, optional phone, subject category, message body, IP address (for spam protection), and the timestamp.
  • Paid product purchases: name, billing email, billing address, GST number (if you provide one), and payment confirmation. Card numbers and bank details are handled by our payment processor (Razorpay) and never stored on our servers.
  • API and data license customers: the contact and billing information you provide on the order form, plus API key usage logs (request count, timestamp, endpoint - not request contents).
  • Anonymous analytics: page-level visit counts, referrer, country, and browser type via Cloudflare Web Analytics. We do not use Google Analytics or any cross-site tracker.

We do not collect: precise geolocation, device fingerprints, contact lists, biometric data, financial account details (handled by the payment processor), or any "sensitive personal data or information" as defined in IT Rules 2011 unless you voluntarily include it in a contact-form message.

3. Why we collect it

  • To deliver the product or content you requested (newsletter, report, license, API access)
  • To respond to your messages and follow up on data corrections
  • To process payments and issue GST-compliant invoices
  • To detect spam, fraud, and abuse of the Site
  • To understand which pages people read, in aggregate, so we can improve them
  • To comply with our legal obligations under Indian tax, accounting, and IT law

We do not sell or rent personal data. We do not run ad networks. We do not share email lists with third parties for marketing. Visitors are not the product.

We process personal data only on the following bases:

  • Consent: when you sign up for the newsletter, download a free report, submit the contact form, or buy a paid product. You can withdraw consent at any time (see §7).
  • Performance of a contract: for paid products and licensed services, we process the personal data needed to deliver what you bought.
  • Legal obligation: for tax, GST, and accounting records we are required to retain by Indian law.
  • Legitimate use: the limited "legitimate use" grounds permitted under §7 of the DPDP Act, primarily for spam and fraud protection on the contact form.

5. Who we share data with

We work with a small number of vetted sub-processors:

  • ZeptoMail (Zoho Corporation): sends transactional emails (auto-replies, free-report delivery, monthly digest, payment receipts). ZeptoMail processes the recipient email and message content. Sub-processor location: India.
  • Razorpay: processes paid-product payments. Razorpay receives the billing details and card / UPI information directly from you - we never see card numbers. Sub-processor location: India.
  • Cloudflare: provides the CDN, hosting (Cloudflare Pages), DDoS protection, and anonymous web analytics. Cloudflare sees IP addresses for traffic routing and security purposes; we receive only aggregated, anonymised analytics.
  • MongoDB Atlas: hosts the contact-form submissions and payment records database. Region: India.

We do not share data with marketing networks, data brokers, or governments outside India unless legally compelled to do so. If we receive a lawful Indian government request, we will respond as required, and (where permitted) notify the affected user.

6. How long we keep data

  • Newsletter subscribers: until you unsubscribe. Unsubscribe links are in every email.
  • Free report downloads: kept for the active drip campaign (~30 days), then either retained as a newsletter subscriber (if you didn't unsubscribe) or purged.
  • Contact form submissions: retained for 24 months for support history, then deleted unless an active matter or open contract requires longer retention.
  • Paid purchase records: retained for the period required by Indian tax law (currently 8 years from the relevant financial year).
  • API usage logs: retained for 90 days.
  • Anonymous web analytics: aggregated; no individual-level retention.

7. Your rights under the DPDP Act 2023

You have the following rights with respect to your personal data:

  • Access: ask us what personal data we hold about you and obtain a copy
  • Correction: ask us to correct inaccurate data we hold
  • Erasure: ask us to delete your personal data, subject to legal-retention exceptions
  • Withdraw consent: withdraw any consent you previously gave; this may end services that rely on that consent
  • Grievance: raise a complaint with our grievance officer (see §12)
  • Nominate: nominate another person to exercise your rights in the event of your death or incapacity

To exercise any of these rights, write to dpo@apexlayer.in with enough information for us to identify your records (typically the email address you used). We will acknowledge within 72 hours and resolve within 30 days, as required by the DPDP Act.

8. Children's data

The Site is not directed at children under 18. We do not knowingly collect personal data from children. If we discover that a child has submitted personal data, we will delete it. If you are a parent or guardian and believe your child has submitted data, please write to dpo@apexlayer.in.

9. Cookies and analytics

We use a minimal number of first-party cookies - primarily for the language preference banner and the search command palette state. We do not use:

  • Google Analytics or any other Google tracker
  • Facebook Pixel, LinkedIn Insight Tag, or any social-media tracker
  • Cross-site advertising cookies
  • Session replay tools

We use Cloudflare Web Analytics, which is a privacy-friendly, cookie-free analytics product that measures aggregate page-level traffic without identifying individual visitors. You can opt out at the browser level using standard "Do Not Track" or similar settings, though there is no individual-level data to opt out of.

10. Security

We implement reasonable technical and organisational security measures: TLS 1.3 in transit, encryption at rest for the database, access controls limited to the founder and named contractors, regular dependency updates, and rate limiting on all public endpoints. No system is perfectly secure, but we take security seriously and will notify affected users of any incident as required by the DPDP Act.

11. International transfers

Your personal data is stored in India (MongoDB Atlas, ZeptoMail). Some sub-processors (e.g. Cloudflare) operate global infrastructure that may route traffic through servers outside India for performance reasons. Where international transfers occur, they are governed by the sub-processor's standard contractual safeguards.

12. Grievance officer

Under the DPDP Act 2023 and the IT Rules 2011, our designated Grievance Officer is:

  • Name: Sachin Gurjar
  • Designation: Founder & Director, Apexlayer Technologies Private Limited
  • Email: dpo@apexlayer.in
  • Address: WeWork India, DLF Forum, DLF Cyber City Phase III, Sector 24, Gurugram, Haryana 122002, India

The Grievance Officer will acknowledge complaints within 72 hours and attempt to resolve them within 30 days.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page reflects the most recent change. Material changes will be flagged in our newsletter. Continued use of the Site after a change means you accept the revised policy.

14. Contact

For any privacy-related question, write to dpo@apexlayer.in or use the contact form with "Privacy" in the subject line.