Legal

Privacy Policy

Last updated:

Introduction

This Privacy Policy explains how Mernpearl Technology Private Limited ("Mernpearl", "we", "us", or "our") collects, uses, shares, and protects your personal information when you visit our website, interact with our AI chatbot, book a meeting, subscribe to updates, or otherwise engage with our services.

We operate internationally, including in Australia, the United Arab Emirates, Germany, the United Kingdom, India, and the United States. We are committed to handling your personal information in accordance with the privacy and data-protection laws that apply to you. If you have any questions about this policy, please contact our Data Protection Officer using the details at the end of this page.

What Data We Collect

We collect the following categories of personal information:

  • Contact information: Name, email address, phone number, and company name provided through our contact, booking, and subscription forms, or when engaging our services.
  • Chat transcripts: Conversations with our AI chatbot, including the questions you ask and the responses provided, which help us answer your enquiries and improve service quality.
  • Analytics data: Information about how you interact with our website, including pages visited, time spent, device type, browser, and referring URLs.
  • IP address: When you submit a lead, booking, or subscription, we collect and store the raw IP address from which the request originated. We use this for security, abuse prevention, and fraud detection (see "How We Use Your Data" and "Data Security" below).
  • Technical data: Browser type and version, operating system, timezone, and language preferences.

How We Use Your Data

We use your personal information for the following purposes:

  • Service delivery: To provide, maintain, and improve our technology services and respond to your enquiries, booking requests, and subscriptions.
  • Service improvement: To analyse usage patterns and improve our website, AI chatbot, and overall user experience.
  • Security, abuse prevention, and fraud detection: To protect our website, services, and users, we record the IP address associated with each lead, booking, and subscription submission. We use this information to detect and prevent fraudulent, abusive, or automated submissions, to investigate security incidents, and to maintain the integrity of our systems.
  • Marketing (with consent): To send you relevant information about our services, industry insights, and company updates. You may opt out at any time.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

Where data-protection law (such as the EU GDPR, UK GDPR, or India's Digital Personal Data Protection Act, 2023) requires a lawful basis, we process your personal data under the following bases:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications, analytics cookies).
  • Legitimate interest: Where processing is necessary for our legitimate business interests, such as improving our services, securing our website, and preventing fraud and abuse (including processing IP addresses), provided these interests do not override your fundamental rights and freedoms.
  • Contractual necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
  • Legal obligation: Where processing is necessary to comply with a legal or regulatory obligation to which we are subject.

Data Sharing

We share your data with the following categories of third-party service providers who assist us in operating our business:

  • Cloud hosting and storage providers: We store your data securely on access-controlled cloud infrastructure operated by reputable cloud providers, used to hold lead, consent, data-rights request, and operational event records.
  • Google Analytics (GA4): Website analytics and usage measurement where enabled with appropriate consent.

CRM, booking, CAPTCHA, email, and advertising providers are not connected to personal-data workflows unless separately approved and documented. All third-party processors are contractually bound to protect your data and process it only on our instructions. We do not sell your personal information to any third party.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, least-privilege permissions, and monitoring of our systems.

As part of our security and fraud-prevention controls, we record the raw IP address associated with lead, booking, and subscription submissions. This allows us to detect and block abusive or automated activity, rate-limit suspicious requests, and investigate security incidents. IP addresses are treated as personal data and are protected by the same safeguards described in this policy.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continually review and improve our safeguards.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data TypeRetention Period
Chat transcripts90 days
Lead/contact information2 years from last interaction
IP addresses (on lead, booking, and subscription records)Retained with the associated record for security, abuse prevention, and fraud detection, then deleted or anonymised when the record is deleted
Analytics data26 months

After the retention period, data is securely deleted or anonymised.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where we rely on your consent, withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to nominate (India): Under India's Digital Personal Data Protection Act, 2023, nominate another individual to exercise your rights in the event of death or incapacity.
  • Right to complain: Lodge a complaint with your local data-protection or supervisory authority.

Regional Coverage

The rights available to you depend on where you are located and which laws apply. We recognise and honour rights under, among others:

  • European Union — GDPR: The General Data Protection Regulation (Regulation (EU) 2016/679).
  • United Kingdom — UK GDPR: The UK GDPR and the Data Protection Act 2018.
  • India — DPDP: The Digital Personal Data Protection Act, 2023, including the rights to access, correction, erasure, grievance redressal, and nomination.
  • United States (California) — CCPA/CPRA: See our California Privacy Notice (CCPA) for California-specific rights.
  • United Arab Emirates — PDPL: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
  • Australia: The Privacy Act 1988 (Cth) and the Australian Privacy Principles.

To exercise any of these rights, please contact our Data Protection Officer using the details below. We will verify your identity before acting on a request.

Data Residency

Your records are stored securely on access-controlled, industry-standard cloud storage operated by reputable cloud providers. Country, locale, and market are stored as metadata for reporting, support, and routing; they do not imply separate regional database storage.

Cross-border data transfers are protected by appropriate safeguards, including data processing agreements with our cloud providers and Standard Contractual Clauses where required.

Contact Our Data Protection Officer

If you have questions about this privacy policy or wish to exercise your data rights, please contact our Data Protection Officer:

  • Email (DPO): dpo@mernpearl.com
  • General privacy enquiries: privacy@mernpearl.com
  • Registered office: Mernpearl Technology Private Limited (CIN: U62099RJ2024PTC097952), C/O Sunil Kumar Sharma, Bar Chowk, Pilani, Jhunjhunu, Rajasthan 333031, India

For India-related data-protection enquiries, including grievance redressal under the Digital Personal Data Protection Act, 2023, you may contact our grievance officer by email at dpo@mernpearl.com or by post at the registered office above.

We will respond to your request within 30 days (or sooner where required by applicable law). If you are not satisfied with our response, you have the right to lodge a complaint with your local data-protection or supervisory authority.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you via email or a prominent notice on our website where appropriate.

We encourage you to review this policy periodically to stay informed about how we protect your information.