Privacy Policy

Effective date: August 9, 2025

Last updated: August 9, 2025

1. Introduction

Monflèche (“we”, “us”, “our”) operated by Suparna Sanyal respects your privacy and is committed to protecting your personal data. This Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, your rights, and how you can exercise them.

2. Controller & contact details

Data Controller: Monflèche / Suparna Sanyal
Office Address: Station Road, Salar, Murshidabad, Bharatpur 2, West Bengal 742401, India
Email: support@monfleche.in
Phone: (+91) 90645 11573
Data Protection Officer (if any): Not applicable / contact the email above

3. Personal data we collect

We may collect and process the following categories of personal data:

  • Identifiers: name, email address, phone number, postal address.
  • Account data: username, account credentials (securely stored / hashed).
  • Financial / transactional data: payment information processed by third-party payment processors (we do not store full card numbers).
  • Technical data: IP address, device and browser type, device identifiers, cookies, usage and analytics logs.
  • Communications: support messages, feedback, survey responses.
  • Children’s data: see Section 11 — we do not knowingly collect personal data from children under applicable ages without verified consent.

4. How we obtain personal data

We obtain data directly from you (for example when you register, contact support, make purchases), from your device/browser (cookies, analytics), and from third-party service providers such as payment providers, hosting and analytics vendors.

5. Purposes & legal bases

We process personal data for the following purposes:

  • To provide, maintain and improve services — necessary for contract performance.
  • To respond to support requests and communications — legitimate interest / contract.
  • To process payments and prevent fraud — necessary for contract / legal obligations.
  • To send marketing where you have consented — consent; you can opt out at any time.
  • To meet legal or regulatory obligations (tax, anti-fraud, law enforcement) — legal obligation.

6. Cookies & similar technologies

We use cookies, local storage and similar technologies for site functionality, analytics and optional advertising/personalization. Non-essential cookies will not be set until you provide consent where required. You can manage cookie preferences through our cookie banner or via your browser settings. For guidance on cookie consent and required practices in many jurisdictions, see official guidance from privacy authorities. :contentReference[oaicite:0]{index=0}

7. Sharing & disclosures

We may share personal data with:

  • Service providers who perform services on our behalf (hosting, payment processors, email providers, analytics).
  • Advertising partners, only if you opt into personalized advertising.
  • Law enforcement or regulators when required by law.
  • Third parties in connection with a merger, acquisition, or sale — with notice to affected individuals where required.

8. International transfers

When we transfer personal data outside your country (for example to hosting, analytics, or payment providers), we apply appropriate safeguards such as standard contractual clauses or rely on recognized adequacy mechanisms where available. Contact us for details of safeguards for specific transfers.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described, to comply with legal obligations, or as otherwise permitted. Examples (adjust to your operations):

  • Account data — retained while account is active + 3 years.
  • Transactional/payment records — retained for up to 7 years for tax and accounting purposes.
  • Support logs — retained for up to 2 years unless needed longer for dispute resolution.

10. Security

We implement reasonable administrative, technical and physical safeguards to protect personal data. No system is 100% secure; in the event of a security incident we will follow applicable breach-notification laws and notify affected individuals and authorities as required.

11. Children

Our services are not directed to children under 13 (or local age thresholds). We do not knowingly collect personal information from children without verified parental consent. If you believe we have collected information from a child, please contact us so we can delete it. For operators serving U.S. children, COPPA obligations apply. :contentReference[oaicite:1]{index=1}

12. Your rights

Depending on your jurisdiction, you may have rights including:

  • Right of access — request a copy of personal data we hold about you.
  • Right to correction — request correction of inaccurate data.
  • Right to deletion — request erasure subject to legal exceptions.
  • Right to restriction or objection to processing and rights to data portability.
  • Right to withdraw consent where processing is based on consent.
  • For California residents: right to know, right to delete, right to opt-out of sale/sharing, and non-discrimination (see Section 13).

To exercise rights, contact us at support@monfleche.in. We may request information to verify your identity before responding.

13. California residents (CCPA / CPRA)

If you are a California resident you may have additional rights under the CCPA/CPRA including a right to opt-out of sale or sharing of personal information and the right to request certain disclosures. If applicable, we provide a “Do Not Sell or Share My Personal Information” link on our website footer. For details on notice and opt-out requirements, consult official California guidance. :contentReference[oaicite:2]{index=2}

14. India — Digital Personal Data Protection (DPDP) Act

If you are in India, processing of digital personal data is subject to the Digital Personal Data Protection Act, 2023 (DPDP Act). The Act requires data fiduciaries to implement reasonable security safeguards, handle data subject rights, and notify the Data Protection Board in certain breach circumstances. Penalties may apply for non-compliance. Contact us for details about India-specific safeguards. :contentReference[oaicite:3]{index=3}

15. Third-party services & links

We may use third-party services (analytics, payment gateways, social logins). These third parties have their own privacy policies and independent data practices. We are not responsible for third-party practices — review their policies before sharing data.

16. Changes to this policy

We may update this Policy. We will post the revised Policy with an updated “Last updated” date. Significant changes will be communicated where required by law (for example by email or prominent notice).

17. How to contact us & supervisory authority

For privacy questions or to exercise rights: support@monfleche.in
If you are located in the EU/EEA you may lodge a complaint with your local data protection authority; if you are in India, you may consult the Data Protection Board as provided under the DPDP Act.

Policy version: v1.0 — This template is provided for convenience and does not constitute legal advice. Please review and, if appropriate, have this policy reviewed by legal counsel to ensure compliance with laws applicable to your operations and customers.