Privacy Policy

Introduction

MavelsTech ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use NeuroStack™ and visit neurostack.mavelstech.in.

We are committed to complying with applicable data protection laws, including India's Digital Personal Data Protection Act (DPDP Act) 2023, the European Union's General Data Protection Regulation (GDPR), and other relevant regulations. As an enterprise platform, we take data privacy and security extremely seriously.

Information We Collect

Business Contact Information

• Name and professional contact information
• Company name and job title
• Business email address and phone number
• Account credentials and authentication data

Technical Information

• Device and browser information
• IP address and approximate location
• Usage data and platform interactions
• Technical logs for security and performance

Enterprise Customer Data

For enterprise customers using NeuroStack™ platform, we process data according to separate Data Processing Agreements (DPAs) that define our role as a data processor and the specific terms governing your organization's data.

How We Use Your Information

We use the information we collect for:

• Providing and maintaining the NeuroStack™ platform
• Customer support and technical assistance
• Platform improvements and feature development
• Security monitoring and fraud prevention
• Communicating about updates, features, and support
• Complying with legal and regulatory obligations
• Enterprise sales and business development

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Consent: When you have given explicit consent for specific purposes
• Contract: When processing is necessary to fulfill our contractual obligations
• Legal Obligation: When we must comply with applicable laws
• Legitimate Interests: When processing is necessary for our legitimate business interests

DPDP Act Compliance (India)

In accordance with India's Digital Personal Data Protection Act 2023, we:

• Process personal data only for lawful purposes with your consent
• Collect only data that is necessary for specified purposes
• Maintain accuracy of personal data and allow corrections
• Store data only for as long as necessary
• Implement reasonable security safeguards
• Honor your rights as a Data Principal
• Maintain appropriate Data Processing Agreements with enterprise customers

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Objection: Object to certain types of processing
• Withdrawal: Withdraw consent at any time
• Grievance Redressal: File a complaint with us or the relevant authority

Data Sharing and Transfers

We may share your information with:

• Service providers who assist in our operations (under strict confidentiality)
• Business partners with your consent
• Legal authorities when required by law

For international data transfers, we ensure appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, and other mechanisms approved by relevant authorities.

Data Security

As an enterprise platform, we implement comprehensive security measures including:

• End-to-end encryption for data in transit and at rest
• Secure, geographically distributed data centers
• Role-based access controls and multi-factor authentication
• Regular security audits and penetration testing
• Incident response and disaster recovery procedures
• Employee security training and background checks

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. For enterprise customers, retention periods are defined in individual service agreements. When data is no longer needed, it is securely deleted or anonymized.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Enterprise customers will be notified of material changes through their designated communication channels.