MongersMint (“we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data responsibly and transparently. This Privacy Policy explains how we collect, use, store, disclose and safeguard personal data when you visit our website, interact with our sales and marketing team, or use the MongersMint Platform (www.mongersmint.com) and related services. It is designed to comply with applicable Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, as amended from time to time.
1. Introduction
MongersMint operates AI-powered marketing services and the MongersMint Platform for CRM, automation and analytics for clients in India and abroad.
This Privacy Policy explains how we collect, use, disclose, store and protect personal data when you visit our website, use our platform, or interact with us by any other means, in compliance with the Information Technology Act, 2000, the SPDI Rules 2011, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).
By accessing or using our website or services, you agree to the terms of this Privacy Policy.
2. Scope and Application
This Privacy Policy applies to:
-
Visitors to our website and landing pages.
-
Users of the MongersMint Platform (including trial users and clients’ authorised users).
-
Prospects and customers who communicate with us via email, phone, WhatsApp, social media or other channels.
It covers personal data processed in digital form or digitised form, where the processing is in India or relates to offering products or services to individuals in India, as contemplated under the DPDP Act.
3. Definitions
For the purposes of this Privacy Policy:
-
“Personal Data” means any data about an identifiable individual.
-
“Sensitive Personal Data or Information” (“SPDI”) includes, as per SPDI Rules, such information relating to passwords, financial information (such as bank account or credit card details), health conditions, biometric data and similar categories, as may be updated by law.
-
“Data Principal” means the individual to whom the personal data relates (for example, a website visitor, client contact or our client’s customer), as used in the DPDP Act.
-
“Data Fiduciary” means MongersMint when we determine the purpose and means of processing personal data.
-
“Processor” or “Data Processor” refers to third parties processing personal data on our behalf.
4. Categories of Data We Collect
We collect the following categories of information, as permitted under applicable law:
-
Information you provide directly
-
Name, company name, job title and contact details (email address, phone number, WhatsApp number).
-
Account details for platform access (username, passwords stored in encrypted form).
-
Billing details such as business address and GST information; payment processing is generally handled via secure third-party providers.
-
Support communications, feedback, survey responses and any other information you voluntarily provide.
-
-
Information collected automatically
-
Device and browser information, IP address, approximate location, access times and pages viewed via log files and analytics tools.
-
Usage data within the MongersMint Platform, such as feature usage, clicks, workflow events and error logs, to improve performance and security.
-
-
Client and lead data processed via our platform
-
When clients use the MongersMint Platform, we process personal data of their leads and customers (for example, names, contact details, communication history, appointment information) on their instructions as part of CRM and marketing automation workflows.
-
This may include limited SPDI where the client’s business requires it (for example, certain clinic or financial service information), in which case we process such data only as per client instructions and applicable law.
-
-
Cookies and similar technologies
-
We use cookies, pixels and similar technologies for session management, analytics and marketing attribution.
-
You may manage cookie preferences via your browser settings and any cookie consent tools we deploy, subject to legal requirements.
-
5. Legal Basis and Purpose of Processing
We process personal data for specific, lawful purposes and only to the extent necessary for such purposes, in line with the principles of purpose limitation and data minimisation.
The main purposes include:
-
Service provision and account management
-
To register you on the MongersMint Platform, create and manage user accounts and provide CRM, automation, analytics and related marketing services.
-
-
Performance of contracts
-
To negotiate, conclude and perform contracts with our clients, resellers and partners, including billing, payments and customer support.
-
-
Marketing, sales and communication
-
To respond to enquiries, schedule demos, send service updates and marketing communications (where permitted by law and, where required, with your consent).
-
-
Platform improvement and security
-
To monitor and improve the performance, reliability and security of our website and platform, including detecting and preventing fraud or misuse.
-
-
Compliance with legal obligations
-
To comply with obligations under Indian law, including responding to lawful requests, enforcing our terms and protecting our legal rights.
-
Where required under the DPDP Act or SPDI Rules, we will obtain your free, specific, informed and unambiguous consent before processing personal data, especially for sensitive categories or certain marketing activities, and you may withdraw such consent at any time.
6. How We Obtain Consent and Notices
Before collecting personal data, especially where consent is the primary legal basis, we provide you with a clear notice describing:
-
The categories of personal data to be collected.
-
The specific purposes of processing.
-
Your rights as a Data Principal and how to exercise them.
-
Contact details of our Grievance Officer.
Consent may be obtained via website forms, checkbox consents, platform signup flows, or other documented means.
You can withdraw consent by contacting us at the details provided in this Policy, or using available unsubscribe / preference mechanisms.
7. Sharing and Disclosure of Personal Data
We do not sell your personal data. We may share personal data only in the following circumstances, subject to appropriate safeguards and permissions:
-
Within MongersMint group / team
-
With employees, consultants and authorised personnel who need access for legitimate business purposes and are bound by confidentiality obligations.
-
-
Service providers / processors
-
With trusted third-party vendors providing services such as hosting, cloud infrastructure, payment processing, email delivery, SMS gateways, telephony, analytics or support tools.
-
These providers act as processors and process personal data only on our instructions and under appropriate contractual safeguards.
-
-
Clients and their users
-
For data processed on behalf of clients, we may share personal data back with those clients and their authorised users as part of the service (for example, CRM records, campaign performance data).
-
-
Legal and regulatory requirements
-
Where required by applicable law or in response to valid legal process, governmental requests, court orders or similar obligations.
-
-
Business transfers
-
In connection with any merger, acquisition, sale of assets, financing, or restructuring, where personal data may be transferred as part of the transaction, subject to continued protection consistent with this Policy.
-
Where required under SPDI Rules, we obtain prior consent before disclosing SPDI to third parties, except where such disclosure is necessary for compliance with legal obligations.
8. International Transfers
Our servers or third-party service providers may be located outside India.
Where personal data is transferred outside India, we ensure that the recipient provides a level of data protection that is comparable to the protections under Indian law, or we implement appropriate contractual safeguards as required.
9. Data Retention and Storage Limitation
We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law.
-
Client and account data are generally retained for the duration of the contract and a reasonable period thereafter for billing, dispute resolution and legal compliance.
-
Lead and marketing data may be retained for defined marketing cycles, subject to opt-outs and withdrawal of consent.
-
Platform activity logs may be stored for security, audit and troubleshooting purposes for a limited period.
In accordance with the DPDP Act, we erase or anonymise personal data once the purpose has been fulfilled and retention is no longer necessary for legal or legitimate business purposes.
10. Data Security
We implement reasonable security practices and procedures, as required under the IT Act and SPDI Rules, to protect personal data against unauthorised access, alteration, disclosure or destruction.
Security measures include, among others:
-
Role-based access controls and authentication mechanisms on the MongersMint Platform.
-
Encryption of data in transit using HTTPS/TLS and, where appropriate, encryption of data at rest.
-
Regular monitoring, logging, and technical safeguards to detect and respond to security incidents.
-
Internal policies, confidentiality obligations and training for employees handling personal data.
If we become aware of a data breach that is likely to cause significant harm, we will notify the affected individuals and, where required, the competent authority (such as the Data Protection Board of India), in line with legal obligations.
11. Your Rights as a Data Principal
Subject to applicable law, you may have the following rights regarding your personal data:
-
Right to access: To obtain confirmation whether we process your personal data and access to such data.
-
Right to correction and updating: To request correction, completion or updating of inaccurate or incomplete personal data.
-
Right to erasure: To request erasure of personal data when it is no longer necessary for the purpose for which it was collected, subject to legal retention requirements.
-
Right to withdraw consent: To withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
-
Right to grievance redressal: To raise complaints regarding the processing of personal data and seek redressal.
-
Right to nominate: In certain circumstances, to nominate another person to exercise your rights in the event of your death or incapacity, as contemplated under the DPDP Act.
To exercise these rights, please contact our Grievance Officer using the details in Section 13 below.
We may verify your identity before acting on your request, and we may be unable to comply if we have a legal obligation or an overriding legitimate interest to retain certain data.
12. Responsibilities of Users / Data Principals
Under the DPDP Act, Data Principals also have certain duties, including not providing false or misleading information, not impersonating others, and not submitting frivolous or false complaints.
By using our website or services, you agree to provide accurate information and to use the platform in compliance with applicable laws.
13. Grievance Officer and Contact Details
In accordance with Indian law, we have designated a Grievance Officer to address questions or complaints regarding this Privacy Policy or our data practices.
Grievance Officer
MongersMint
Bengaluru, Karnataka, India
Email: [insert dedicated privacy / legal email]
Phone: [insert phone number]
If you are not satisfied with the response, you may escalate the matter to the Data Protection Board of India or other competent authority, in accordance with the DPDP Act and other applicable laws.
14. Children’s Privacy
Our website and services are intended for use by businesses and adults and are not directed at children under the age of 18.
We do not knowingly collect personal data of children; if you believe that a child’s data has been provided to us without appropriate consent, please contact our Grievance Officer so that we can take appropriate steps.
15. Third-Party Links and Services
Our website and platform may contain links to third-party websites, apps or services that are not operated by MongersMint.
We are not responsible for the privacy practices of such third parties and encourage you to review their privacy policies before providing any personal data.
16. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors.
When we make material changes, we will update the “Last Updated” date at the top of the Policy and, where required by law, provide additional notice or seek renewed consent.
17. Governing Law and Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, SPDI Rules 2011 and the Digital Personal Data Protection Act, 2023, as amended from time to time.
Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in Bengaluru, Karnataka, India, subject to any mandatory provisions of applicable law.
By continuing to use MongersMint’s website and platform, you acknowledge that you have read, understood and agreed to this Privacy Policy and the way we handle personal data. We are committed to continuously strengthening our privacy and security practices, and we encourage you to contact our Grievance Officer with any questions, concerns or feedback regarding this Policy or your rights.