Skip to main content

Privacy

Delete your account or data

How to delete your Trinetra account and the data we hold — what gets removed, what's retained for legal reasons, how long it takes, and what to do when your own customer asks for deletion.

Updated

This is a short walkthrough of what deletion looks like in practice. The binding, DPDP-compliant procedure (with retention periods, sub-processor propagation timelines and grievance contacts) is the dedicated Data Deletion page.

Two ways to delete

  • Disconnect only. If you want to stop Trinetra from accessing your WhatsApp but keep the CRM and the conversation history, go to Settings → WhatsApp Business → Disconnect. The access token is revoked at Meta and crypto-shredded in our database; new inbound messages stop reaching the inbox. Nothing else is deleted.
  • Full account deletion. If you want everything gone — account, contacts, history, WhatsApp connection — that's what this article covers.

How to ask for deletion

Two paths today — pick whichever fits:

  • In-app (recommended). Go to Settings → Privacy in Trinetra and click Start account deletion. You confirm with your password and re-type the word DELETE; Trinetra stamps a 30-day grace window and emails you a confirmation. You can cancel from the same screen at any point during the grace period.
  • By email. Email privacy@trinetracrm.com from the email address registered on your account. Subject line: Data Deletion — <your business name>. If the privacy@ mailbox is unreachable, fall back to rajkumarupadhyay515@gmail.com with the same subject; both routes are monitored with the same target turnaround.

Trinetra is currently MSME-registered (no GSTIN issued yet). The in-app and email routes are equally valid — the in-app route just saves you an email and gives you a cancellable grace window.

You don't need to give a reason. Asking is enough — that's a DPDP §6(6) right.

What gets removed

  • Your user profile (name, email, phone, hashed password, sessions, login history).
  • Your business profile (business name, address, business hours, branding, away-message templates).
  • Your contacts (customer names, phone numbers, lead status, notes, tags).
  • Your conversation history (inbound and outbound WhatsApp messages, attachments, delivery state).
  • Your templates and any automation flows you saved.
  • Your team-member records (invitations, role assignments).
  • The encrypted Meta access token — overwritten before the database row is deleted (crypto-shred).

What we have to keep (and why)

Indian tax and corporate law require us to retain a narrow set of records even after you delete your account:

  • Billing and tax records — invoices and payment receipts. Retained per CGST Act §36 read with §35 (72 months) and Income Tax Act §44AA read with Rule 6F (6 years from the assessment year). Once Trinetra is incorporated, Companies Act 2013 §128(5) adds an 8-year horizon. These records hold business name, GSTIN if provided, and amount paid — no message content.
  • Security audit logs — login, password change, breach response. Retained up to 1 year, exceeding the 180-day CERT-In directive of 28 April 2022.

No retained record is used for marketing, profiling, advertising or AI training. The exact retention windows are spelled out on the Data Deletion page.

How long it takes

  • Target: acknowledge receipt within 2 working days. We'll publish measured turnaround once we have volume to report.
  • For email requests we confirm identity in one round-trip — usually a code sent to the email on file. In-app requests use your password as the identity check.
  • Deletion completes within 30 days of acknowledgement (per DPDP Rules 2025 Rule 8, and IT Rules 2021 Rule 4(1)(b)). We target faster but won't claim it until we have a track record.
  • You receive a written confirmation listing what was deleted and what was retained — that's your DPDP §11 evidence of processing.

Your end-customer asks to be deleted

If one of your end-customers (a contact in your inbox) asks you to delete their data, you're the Data Fiduciary under DPDP — the decision is yours. Trinetra is the Data Processor and we execute the deletion under your written instruction. Email privacy@trinetracrm.com with the contact's phone number(s) and we run the deletion surgically — only that contact, only the rows you ask us to remove.

If your end-customer contacts us directly, we route the request to you within 2 working days. We won't act on their data without your authorisation, because the data sits inside your Trinetra workspace, not ours.

The official DPDP / Meta page

The official, DPDP-compliant page that's also listed in our Meta App configuration is at /data-deletion. It carries the grievance-officer contact, the escalation path to the Data Protection Board, the sub-processor propagation timeline, and a version-stamped audit footer. Use that page as the canonical reference; this article is the friendly digest.