How Rupix handles your data
Last updated: 5 May 2026 · Effective immediately for users of the Rupix mobile application and therupix.in.
On this page
- Introduction
- What we collect
- Third-party SDKs
- Tracking technologies and identifiers
- Advertising (Google AdMob)
- How we use information
- Sharing of information
- International data transfers
- Data retention
- Data security
- Your rights
- Data deletion request
- Permissions used
- Children’s privacy
- Disclaimer — not financial advice
- Changes to this policy
- Contact & grievance officer
1. Introduction
This Privacy Policy explains how Rupix (“we”, “our”, or “us”), operated by INFINET MEDIA, collects, uses, and protects information when you access or use our mobile application, website (therupix.in), and any related services (collectively the “Services”). By continuing to use Rupix you confirm you have read and understood this policy.
Rupix is an IPO-tracking app for Indian capital markets. It does not require you to log in, create an account, or provide personal identifiers such as your name, email address, or phone number.
Plain-English summary. We don’t sell your data. We don’t ask for your name, email, or phone. We do collect anonymous device-level analytics (so we can fix crashes and improve the app) and we serve advertisements through Google AdMob. You can opt out of ads-personalisation, clear our local cache, and email a deletion request at any time — see the Your rights and Data deletion request sections.
2. What we collect
Because Rupix has no login system, we never collect your name, email, phone, address, payment details, contacts, calendar, photos, microphone, camera, or precise (GPS) location.
2.1 Information you may voluntarily provide
Rupix may let you save in-app preferences such as bookmarked IPOs, push-notification topic choices (Mainboard, SME, all updates), or settings toggles. This information stays on your device unless you choose to share it (e.g. by emailing our support address).
2.2 Information collected automatically
To keep the app stable and improve it over time, we automatically collect:
| Category | Examples |
|---|---|
| Device identifiers | Firebase App-Instance ID, FCM registration token, Advertising ID (AAID on Android, IDFA on iOS — when you grant permission) |
| Device information | Model, OS version, app version, system language, network type |
| Approximate location | Country / region inferred from your IP address (we do not collect GPS coordinates) |
| App activity | Screens viewed, session duration, button taps, search terms, refresh events |
| Diagnostics | Crash logs, performance metrics (cold-start time, ANRs, error stack traces), API response times |
| Ad-interaction data | Ad impressions, clicks, view-through events (collected by Google AdMob) |
None of the above can be used by us to identify you personally, because Rupix has no account system tying these signals to a name or email.
3. Third-party SDKs
Rupix integrates the following third-party software development kits (SDKs). Each is governed by its own privacy policy, linked below.
| SDK / service | Purpose | Provider policy |
|---|---|---|
| Firebase Cloud Messaging | Push notifications for IPO open / close / listing alerts. Generates a per-install FCM token. | firebase.google.com/support/privacy |
| Firebase Analytics | Anonymous usage and performance analytics. | policies.google.com/privacy |
| Google AdMob & Mobile Ads SDK | In-app advertising (banner, interstitial, app-open, native, rewarded). Reads the Advertising ID and IP address. | policies.google.com/technologies/ads |
| Google User Messaging Platform (UMP) | Presents the GDPR / EEA consent form for personalised ads. | support.google.com/admob/answer/10115942 |
| App Tracking Transparency (Apple, iOS 14.5+) | System prompt that gates IDFA-based ad measurement. | apple.com/legal/privacy/data |
| SKAdNetwork (Apple) | Apple-mediated install attribution that does not expose individual users. | developer.apple.com/documentation/storekit/skadnetwork |
| Cached preferences (SharedPreferences / NSUserDefaults) | Local-only storage of app settings and cached server responses. Never leaves your device. | n/a — local storage only |
Our own backend (therupix.in) hosts the IPO catalogue. Requests are made over HTTPS and return only public IPO information; we do not log per-user behaviour at the API layer beyond standard server access logs (IP + URL + timestamp), retained for 30 days.
4. Tracking technologies and identifiers
Rupix is a mobile application and does not use browser cookies. We use the following identifiers and tracking technologies:
- Firebase App-Instance ID — a per-install random string used by Firebase Analytics. Resets when you uninstall or “Clear data”.
- FCM registration token — used to deliver push notifications. Resets on reinstall.
- Advertising ID (AAID on Android, IDFA on iOS) — used by Google AdMob. You can reset or opt out of personalised ads:
- Android: Settings → Google → Ads → Reset / Delete advertising ID, or Opt out of Ads Personalisation.
- iOS: Settings → Privacy & Security → Tracking → Allow Apps to Request to Track (off).
- IP address — captured by our backend and by analytics providers for security and rough geographic analytics. Server-side IP logs are retained for 30 days.
By using the App you consent to the use of these technologies for the purposes described in this policy.
5. Advertising (Google AdMob)
Rupix shows ads via Google AdMob. AdMob may collect the Advertising ID, IP address, device model, OS version, app version, and ad-interaction events to display and measure ads. We do not personally identify users to AdMob and AdMob does not return personal data to us.
5.1 Consent management (EEA / UK / Switzerland)
On first launch we present a consent form via Google’s User Messaging Platform (UMP). You can change or withdraw consent at any time from Privacy controls inside the app, or from your device’s ad-personalisation settings.
5.2 iOS App Tracking Transparency (ATT)
On iOS 14.5 and later we display the system ATT prompt before any tracking-related ad request. You may decline; declining does not break the app — AdMob will serve only non-personalised ads, and Apple’s SKAdNetwork will provide aggregate, anonymised attribution.
5.3 Server-side kill switch
Where regulators or our publishing accounts require it, we can disable ads globally via a server-side configuration toggle without shipping an app update.
6. How we use information
We use the data described above to:
- operate, maintain, and improve Rupix;
- diagnose crashes and performance issues;
- analyse anonymous usage patterns to inform product decisions;
- deliver and measure advertisements;
- protect Rupix and users from fraud, abuse, and security threats;
- comply with applicable legal obligations.
We do not use your data to build user profiles for resale, to target political content, or to make any automated decision that produces legal effects on you.
7. Sharing of information
We do not sell, rent, or trade information to third parties. We share limited data only with:
- Service providers who process data on our behalf — Google LLC (Firebase, AdMob, Analytics) and our cloud-hosting provider — under contractual obligations to protect the data.
- Law enforcement and authorities, when required by valid legal process or to protect our rights, property, or safety, or the rights, property, or safety of others.
Service providers process data only to assist us in providing and improving Rupix and are not permitted to use it for their own marketing.
8. International data transfers
Rupix is published from India by INFINET MEDIA. Some service providers (notably Google Firebase and Google AdMob) process data on servers located in the United States, the European Union, and other regions. When personal data of EEA / UK residents is transferred outside the EEA, transfers rely on Google’s Standard Contractual Clauses (SCCs) and supplementary safeguards. By using Rupix, you acknowledge that your data may be processed outside your country of residence.
9. Data retention
We retain data only for as long as necessary:
| Data | Retention |
|---|---|
| Firebase Analytics events | 14 months (Firebase default) |
| AdMob ad events | Up to 60 days at the SDK layer (per Google’s policy) |
| Crash logs and diagnostic data | Up to 90 days |
| FCM registration token | Until app is uninstalled or “Clear data” is invoked |
| Backend access logs (IP + URL) | 30 days, then aggregated and anonymised |
| Cached preferences and bookmarks | On-device only — persists until you clear app data or uninstall |
10. Data security
We deploy reasonable technical and organisational safeguards:
- All network communication uses HTTPS / TLS 1.2 or higher.
- The backend runs in a private network behind a managed reverse proxy with auto-renewed certificates.
- Locally cached data is stored in the OS-managed sandboxed app storage.
- No secrets, credentials, or sensitive information are stored on-device or transmitted in plaintext.
No method of internet transmission or electronic storage is fully secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
11. Your rights
11.1 European Economic Area / United Kingdom (GDPR / UK GDPR)
You have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure (“right to be forgotten”) subject to legal-retention exceptions;
- request restriction of, or object to, certain processing;
- data portability;
- withdraw consent for processing based on consent at any time;
- lodge a complaint with your national Supervisory Authority.
Because Rupix has no account system, the data we hold is limited to anonymous app-instance and analytics identifiers. To exercise any right, email info@therupix.in with your request and the device’s App-Instance ID (visible in the app under Privacy controls).
11.2 California, USA (CCPA / CPRA)
California residents have the right to know, delete, correct, and limit the use of sensitive personal information. Rupix does not sell or share Personal Information within the meaning of the CCPA / CPRA. We do not knowingly collect Sensitive Personal Information. To exercise rights, email info@therupix.in.
11.3 India (Digital Personal Data Protection Act 2023)
Indian users have the right to:
- access, correct, complete, update, and erase personal data;
- nominate another individual to exercise rights in case of death or incapacity;
- grievance redressal (see the Contact section);
- withdraw consent.
12. Data deletion request
Even though Rupix does not require an account, you can request deletion of any data linked to your device.
- In-app — fastest. Open the side menu → Privacy Controls. From there:
- Reset / opt out of Advertising ID — opens system settings.
- Withdraw ads-personalisation consent — re-shows the consent form on next launch.
- Clear cached data — wipes all locally saved preferences and caches.
- Request data deletion — drafts an email to our privacy address with your App-Instance ID pre-filled.
- By email. Send a request to info@therupix.in with the subject “Data deletion request”. Include your App-Instance ID (Privacy Controls → App-Instance ID) so we can scope the deletion to your install.
- Web form. Submit at therupix.in/data-deletion.
We will respond within 30 days. Anonymous aggregate analytics that cannot be re-associated with your device may persist as part of statistical reporting and cannot be individually deleted.
13. Permissions used
Rupix requests only the platform permissions needed to function:
| Permission | Platform | Why |
|---|---|---|
| Internet / Network state | Android, iOS | Fetch IPO data, push notifications, advertising |
| Post Notifications | Android 13+ | Show IPO open / close / listing alerts |
| Advertising ID | Android | Personalised ads via Google AdMob (revocable in Google Settings → Ads) |
| App Tracking Transparency | iOS 14.5+ | Optional IDFA-based ad measurement (you can decline) |
Rupix does not request access to your contacts, photos, location, microphone, camera, or storage.
14. Children’s privacy
Rupix is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 13 (United States), under 16 (European Economic Area), or under 18 (India). If we become aware that we have inadvertently collected such data, we will delete it. Parents or guardians who believe their child has provided data through Rupix should contact info@therupix.in.
15. Disclaimer — not financial advice
Information shown in Rupix (IPO timelines, prices, GMP, subscription numbers, allocation, financial KPIs, etc.) is sourced from publicly available SEBI / RHP / DRHP filings and third-party data providers. It is provided for informational and educational purposes only and does not constitute investment advice, a recommendation, or a solicitation to buy or sell any security. Always consult a SEBI-registered investment adviser before making investment decisions. INFINET MEDIA does not accept liability for any loss arising from reliance on Rupix.
16. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the “Last updated” date at the top of this page and, where appropriate, surfaced in the app. Continued use of Rupix after such changes constitutes acceptance of the updated policy.
17. Contact & grievance officer
For privacy questions, data requests, or grievances, contact us at:
- General queries: info@therupix.in
- Privacy / data requests: info@therupix.in
- EEA / UK queries: info@therupix.in
- Grievance Officer (India, DPDP Act 2023):
- Name: Utsav M
- Email: grievance@therupix.in
- Response time: within 30 days of receipt
- Postal address: INFINET MEDIA, Green Plaza, near Golden Chowk, Mota Varachha, Surat, Gujarat 394101
We aim to respond to all privacy requests within 30 days.