Privacy Policy

1. Introduction

MudraGen ("we," "us," or "our") is committed to protecting the privacy and security of your personal and business data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website, AI-powered project report generation services, user accounts, and generated documents.

This policy applies to all users of MudraGen's platform and complies with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000/2008 (as amended), RBI Master Directions on Digital Lending (where applicable), and other relevant Indian laws and regulations.

By using MudraGen, you consent to the collection and use of your data as described in this policy. If you do not agree, please do not use our services.

2. Personal Data We Collect

Identity & Contact Information

• Full name, father's/husband's name, date of birth, gender
• Email address, mobile/phone number
• Residential and permanent address
• Aadhaar number, PAN number (if provided voluntarily for report generation — masked in storage)
• Business name, GSTIN, Udyam Registration number

Financial & Business Information

• Loan category (Shishu/Kishore/Tarun), requested loan amount
• Business type, activity type, project cost estimates
• Projected turnover, capacity details, operational information
• Bank details entered for report generation (processed but not stored long-term)

Technical & Usage Data

• IP address, browser type, device information, operating system
• Pages visited, time spent, clickstream data (via analytics)
• Cookies and similar identifiers (see Section 9)

3. How We Collect Data

• Directly from you: When you register, fill in forms, generate project reports, or contact us
• Automatically: Through cookies, analytics tools (Google Analytics 4), and server logs when you browse our site
• Third parties: Authentication providers (Firebase Auth), payment processors (if applicable in future — we do not store card/payment instrument data)

4. Purpose & Legal Basis

We process your data for the following purposes:

• Service delivery: To generate project reports, business plans, and financial projections for your Mudra loan application
• Account management: To create and maintain your user account, authenticate sessions, and manage your projects
• Communication: To send email verifications, service updates, and (with your opt-in consent) marketing communications
• Platform improvement: To analyse usage patterns, improve our AI models, and enhance user experience
• Legal compliance: To comply with applicable laws, regulations, and government requests
• Consent-based marketing: Only with your explicit opt-in consent, for newsletters and promotional content

Under the DPDP Act 2023, our lawful bases include: your explicit consent, legitimate purpose for service delivery, and compliance with legal obligations.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Service processors: Cloud infrastructure providers (Google Cloud/Firebase), AI service providers (Anthropic, Google) — for processing only, bound by data protection agreements
• Legal authorities: Government bodies, regulators, or law enforcement only when legally compelled by court order, statutory requirement, or lawful process
• Professional advisors: Auditors, legal counsel — under strict confidentiality obligations

We never share your data with banks or financial institutions for loan processing unless you explicitly request and authorise such sharing.

6. Data Retention

We retain your personal data for as long as your account is active and for a statutory retention period thereafter (5-7 years for financial records as required under Indian tax and companies law). After this period, data is securely anonymised or permanently deleted.

• Account data: retained while account is active + 30 days after deletion request
• Generated reports: retained for the duration of your account
• Financial input data: processed for report generation, not stored beyond the generated document
• Analytics data: retained per Google Analytics default retention settings

7. Your Rights under the DPDP Act

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access: Request a summary of your personal data we hold and how it is processed
• Correction: Request correction of inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Withdraw consent: Withdraw previously given consent at any time; this does not affect the lawfulness of processing before withdrawal
• Grievance redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India
• Nominate: Nominate a person to exercise your rights in case of death or incapacity

To exercise any of these rights, please email anointtech@gmail.com or use the form in Section 14 below. We will respond within 30 days.

8. Security Measures

We implement appropriate technical and organisational measures to protect your data:

• Encryption in transit (TLS/HTTPS) and at rest (AES-256 via cloud provider)
• Firebase Authentication with secure session management
• Role-based access controls and principle of least privilege
• Regular security reviews and dependency audits
• Sensitive data masking (e.g., Aadhaar numbers displayed as XXXX XXXX 1234)

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to responding promptly to any identified vulnerabilities.

9. Cookies & Similar Technologies

We use the following types of cookies:

• Essential cookies: Session authentication cookie (__session) — required for the platform to function. Cannot be disabled.
• Analytics cookies: Google Analytics 4 — to understand usage patterns and improve the platform. You may opt out via browser settings or Google Analytics opt-out browser add-on.
• Marketing cookies: Only set with your explicit opt-in consent for personalised communications.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

10. International Data Transfers

Your data is primarily stored and processed in India using Google Cloud infrastructure. In some cases, data may be processed outside India (e.g., by AI service providers for report generation, CDN delivery). Where cross-border transfers occur, we ensure appropriate safeguards are in place, including contractual data protection clauses, in compliance with the DPDP Act and any applicable transfer regulations notified by the Central Government.

11. Children's Data

MudraGen is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18 without verifiable parental or guardian consent, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at anointtech@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email to registered users and/or a prominent notice on our website. The "Last Updated" date at the top of this page indicates the most recent revision. We encourage you to review this policy periodically.

13. Grievance Officer

In accordance with the DPDP Act 2023 and IT Act 2000, we have appointed a Grievance Officer:

If you are unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India as constituted under the DPDP Act 2023.

14. Exercise Your Rights

Use the form below to submit a data access, correction, erasure, or other privacy request. Alternatively, email anointtech@gmail.com with your request.