Privacy Policy

Last Updated:

Introduction
Data Controller
Information We Collect
How We Collect Information
Purpose of Data Collection
Third-Party Service Providers
Data Storage and Retention
Data Security Measures
Cookies and Session Management
Your Rights
Children’s Privacy
International Users
Changes to This Policy
Grievance Officer
Contact Us

1. Introduction

SCOMET.in (“we,” “our,” or “us”) is an AI-powered export control assistance tool operated by TariffWolf. We are committed to protecting the privacy of our users and handling personal data in a transparent, fair, and lawful manner.

This Privacy Policy explains what information we collect when you use the SCOMET.in website and chatbot service (collectively, the “Service”), how we use it, who we share it with, and what rights you have regarding your personal data.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and applicable Indian laws.

2. Data Controller

The data controller responsible for processing your personal data is:

TariffWolf
Email: scomet@tariffwolf.com
Website: scomet.in
LinkedIn: linkedin.com/company/tariffwolf

3. Information We Collect

3.1 Information You Provide Directly

Data Category	Specific Data	When Collected
Registration Data	Full name, email address, current organisation (optional), years of experience in trade compliance (optional), whether you use an AI-powered SCOMET tool, and the name of such tool (if applicable)	When you create an account
Chat Messages	Questions and messages you type into the chatbot, including descriptions of items, chemicals, CAS numbers, or other technical details you share during conversations	During every chat session
Uploaded Documents	PDF files you upload during a chat session (e.g., product specification sheets) — text is extracted for analysis; files are deleted after your session ends	When you upload a PDF during chat
Feedback Data	Star ratings (1–5), written feedback comments, feedback type (positive, negative, suggestion, bug)	When you provide feedback

3.2 Information Collected Automatically

Data Category	Specific Data	Purpose
Session Data	Session identifier, session start/end times, number of queries per session, session status	Service operation and analytics
Device & Browser	User agent string (browser type, version, operating system)	Service compatibility and analytics
IP Address	Your Internet Protocol (IP) address	Security, rate limiting, guest session tracking, and approximate geolocation
Geolocation (approximate)	Country and city derived from your IP address (not GPS-based)	Analytics and understanding user demographics
Usage Data	Number of queries, SCOMET codes searched, response times, pages visited	Service improvement and performance monitoring

3.3 Information We Do NOT Collect

We do not collect or process:

Passwords (we use OTP-based passwordless authentication)
Financial information (credit cards, bank accounts, payment details)
Government-issued identification numbers (Aadhaar, PAN, passport)
Biometric data
Precise GPS geolocation
Social media account credentials
Health or medical records

4. How We Collect Information

Directly from you — when you register, chat, upload files, or submit feedback.
Automatically — through server logs, session cookies, and IP-based geolocation when you access our Service.
From third-party services — approximate geolocation data from IP lookup services (see Section 6).

We do not purchase, rent, or obtain personal data from data brokers or other external sources.

5. Purpose of Data Collection

We collect and process your personal data strictly for the following purposes:

Purpose	Legal Basis
Providing the AI chatbot service — processing your queries, retrieving SCOMET data, generating responses	Consent (by using the Service) and legitimate interest
User authentication via OTP — verifying your identity during login and registration	Consent and contractual necessity
Session management — maintaining your active chat session, preserving conversation history within a session	Legitimate interest (Service functionality)
Guest user tracking — counting queries per IP to enforce the 10-query guest limit	Legitimate interest (preventing abuse)
Security — rate limiting, CSRF protection, input sanitisation, and monitoring for abuse or attacks	Legitimate interest (security)
Analytics — understanding which SCOMET categories are most queried, average response times, user demographics	Legitimate interest (Service improvement)
Communication — sending OTP emails, welcome emails, and feedback follow-up emails	Consent and contractual necessity
Internal reporting — generating aggregated, anonymised daily reports for system monitoring	Legitimate interest (operational monitoring)

We do NOT use your personal data for: advertising, marketing to third parties, selling to data brokers, profiling for credit scoring, automated decision-making that produces legal effects, or any purpose not listed above.

6. Third-Party Service Providers

To operate the Service, we use the following third-party service providers who may process limited data on our behalf:

Provider	Purpose	Data Shared	Location
OpenAI	Text embedding (converting your query into a search vector)	Your chat message text (not your name, email, or IP)	United States
Google (Gemini API)	AI analysis and response generation	Your chat message text and retrieved SCOMET context (not your name, email, or IP)	United States
Vector Search Provider	Semantic search for finding relevant SCOMET entries	Search query vectors (numerical, not personally identifiable)	Cloud infrastructure
IP Geolocation Service	Approximate country/city lookup from IP	Your IP address	Varies
SMTP Provider	Sending transactional emails (OTP, welcome, feedback follow-up)	Your email address and name	Varies by hosting provider
Web Hosting Provider	Hosting the website, database, and application files	All stored data (encrypted at rest)	India / varies by provider

Important: When your chat messages are sent to OpenAI and Google Gemini for processing, only the message text is transmitted. Your personal identity (name, email, IP address) is never included in API calls to these providers. These providers process data as sub-processors under their respective privacy policies and data processing agreements.

We do not share, sell, rent, or trade your personal data with any third parties for their own purposes, including marketing or advertising.

7. Data Storage and Retention

Data Type	Storage Location	Retention Period
User account data (name, email, organisation)	Secure database on our servers	Until account deletion is requested
Chat messages	Secure database on our servers	12 months from creation, then anonymised or deleted
Active session data	Secure server storage	Deleted when session ends or expires (max 60 minutes of inactivity)
Uploaded PDFs	Secure server storage	Deleted within 24 hours of upload
OTP tokens	Secure database on our servers	Expire after 10 minutes; purged periodically
Feedback	Secure database on our servers	Retained for service improvement; deleted upon user request
IP-based guest tracking	Secure database on our servers	Retained until linked to a registered account, then anonymised
Error logs	Secure server logs	90 days
API usage logs	Secure database on our servers	90 days

8. Data Security Measures

We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Our security measures include:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS/SSL).
Input sanitisation: All user inputs are sanitised to prevent cross-site scripting (XSS), SQL injection, and other injection attacks.
Form protection: All forms are protected against cross-site request forgery attacks.
Rate limiting: We limit the number of requests to prevent automated abuse.
Access control: Sensitive data (API keys, database credentials, knowledge files) is stored outside the web root in directories not accessible via the internet.
Database security: All database operations use industry-standard practices to prevent injection attacks.
OTP security: One-time passwords expire after 10 minutes with limited verification attempts.
Session timeouts: Sessions automatically expire after 60 minutes of inactivity.
Error monitoring: Critical system errors trigger immediate alerts for investigation.

While we employ industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing the best practices reasonably available to protect your data.

9. Cookies and Session Management

We use session cookies which are essential for the Service to function. These cookies are:

Cookie Type	Purpose	Duration
Session Cookie	Maintains your login state and chat session	Expires when you close the browser or after 60 minutes of inactivity
Security Token	Prevents cross-site attacks	1 hour

We do not use:

Advertising or tracking cookies
Third-party analytics cookies (e.g., Google Analytics)
Social media tracking pixels or widgets
Cross-site tracking cookies
Persistent marketing cookies

Since we only use strictly necessary session cookies required for the Service to function, we do not display a cookie consent banner. You can configure your browser to reject cookies, but this will prevent the chatbot and login functionality from working.

10. Your Rights

Under applicable Indian law and in keeping with global privacy best practices, you have the following rights regarding your personal data:

10.1 Right to Access

You may request a copy of the personal data we hold about you. We will provide this information within 30 days of receiving your verified request.

10.2 Right to Correction

If any personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request correction. Contact us with the specific data you wish to correct.

10.3 Right to Deletion (Account Deletion)

You may request the deletion of your account and associated personal data at any time. To request deletion:

Send an email to scomet@tariffwolf.com from your registered email address with the subject line “Account Deletion Request.”
We will process your request within 30 days.
Upon deletion, your account will be deactivated, your personal data will be removed from active systems, and your chat history will be anonymised or deleted.
Certain data may be retained in encrypted backups for up to 90 days before permanent deletion, and some data may be retained where required by law.

10.4 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time by contacting us at scomet@tariffwolf.com. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

10.5 Right to Data Portability

You may request a machine-readable copy of your personal data (in JSON or CSV format) by contacting us. We will provide this within 30 days.

10.6 Right to Object

You may object to the processing of your personal data for analytics purposes. Contact us and we will cease such processing, though this will not affect core Service functionality.

11. Children’s Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a child has provided us with personal data, please contact us immediately at scomet@tariffwolf.com.

12. International Users

SCOMET.in is primarily intended for users in India. However, users from other countries may access the Service. If you access the Service from outside India, please be aware that:

Your data may be transferred to and processed in India, where our servers are located.
Your chat message text is transmitted to third-party AI service providers located in the United States (OpenAI and Google) for processing as described in Section 6.
By using the Service, you consent to the transfer and processing of your data in these jurisdictions.

For users in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data protection laws: we process your data on the basis of your explicit consent (provided when you register or use the Service) and our legitimate interest in operating the Service. You may exercise your rights under the applicable data protection regulation by contacting us at the details provided in Section 15.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

We will update the “Last Updated” date at the top of this page.
For significant changes, we will notify registered users via email.
The updated policy will be effective immediately upon posting.

We encourage you to review this page periodically to stay informed about how we protect your data.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the contact details of the Grievance Officer are provided below. You may contact the Grievance Officer for any complaints, concerns, or grievances regarding the processing of your personal data:

Grievance Officer

Name: TariffWolf Grievance Desk
Email: scomet@tariffwolf.com
Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days from the date of receipt.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: scomet@tariffwolf.com
Website: scomet.in/contact
LinkedIn: linkedin.com/company/tariffwolf
X (Twitter): x.com/tariffwolf