PRIVACY

Important: This policy explains how we handle personal data in plain language for business and technical transparency. It is not a substitute for legal advice. Moosi Web intends to align practices with the Digital Personal Data Protection Act, 2023 (India) and other applicable law as interpreted by qualified counsel. Please have your lawyer review this document before you rely on it in regulated contexts.

1. Who and what this covers

This policy describes how Moosi Web (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you:

• visit or use our public website and related digital properties (collectively, the “Site”);
• contact us by form, email, phone, WhatsApp, or similar channels;
• negotiate or enter into a commercial engagement for design, development, software, or related services (“Services”); or
• interact with us as a supplier, partner, job applicant, or other business contact.

If you are an employee or contractor of a client organisation, your employer’s privacy notices may also apply. Where a written contract (SOW, MSA, NDA, or order form) conflicts with this policy on a specific engagement, the contract prevails for that engagement.

2. Who is responsible (data controller)

For personal data processed in connection with the Site and Services, the controller is:

We may designate an internal privacy / grievance contact (“Grievance contact”) for operational requests. Until a separate address is published, privacy and data-rights enquiries may be sent to info@moosiweb.com with subject line “Privacy request”.

3. Personal data we process

Depending on how you interact with us, we may process categories such as:

• Identity and contact data: name, job title, employer, email address, phone numbers, messaging handles, country or city, billing contacts.
• Enquiry and project data: information you provide in forms, briefs, RFPs, attachments, meeting notes, and technical access details you choose to share (e.g. staging URLs, repository invitations).
• Account and authentication data: if we issue credentials to portals or ticketing systems you use with us.
• Financial data: payment-related references (e.g. bank or UPI details on invoices, GSTIN, purchase order numbers). Card payments, if offered, are typically handled by payment processors—we do not store full card numbers on our servers.
• Technical and usage data: IP address, device and browser type, approximate location derived from IP, pages viewed, referring URLs, timestamps, and diagnostic logs needed to operate and secure the Site.
• Communications metadata: email headers, call logs where kept for billing or quality, and consent records where required.
• Marketing preferences: if you subscribe to updates or consent to marketing (we aim to use opt-in approaches where applicable).

We ask that you do not send us special categories of personal data (for example health data) unless strictly necessary for a defined engagement and with appropriate safeguards agreed in writing.

4. Purposes and legal bases (India framing)

We process personal data for purposes including:

• Responding to enquiries and pre-contract steps (legitimate business interests; and where required, your consent for marketing or non-essential cookies).
• Contract performance—delivering Services, invoicing, support, and project governance.
• Legal and compliance—tax, accounting, fraud prevention, dispute resolution, and responding to lawful requests from authorities.
• Site integrity and security—monitoring for abuse, debugging, backups, and resilience.
• Improvement of our offerings—aggregated or de-identified analytics where possible.

Indian law continues to evolve in this area. Where the law requires consent (for example for certain kinds of processing or for non-essential tracking), we will obtain it in a clear manner and record it where appropriate. Where we rely on legitimate uses compatible with your reasonable expectations, we will limit processing to what is necessary and proportionate.

5. Cookies and similar technologies

We use a limited set of cookies and similar technologies to run the Site securely and to remember preferences. Details are set out in our Cookie policy, including how to control cookies in your browser.

6. Sharing and subprocessors

We do not sell your personal data. We may share personal data with:

• Service providers who assist us (for example hosting, email delivery, ticketing, backups, accounting, or payment processing), under confidentiality and processing terms appropriate to the risk.
• Professional advisers (lawyers, auditors, insurers) where necessary.
• Authorities when required by applicable law or to protect rights, safety, and security.
• Business transfers—in connection with a merger, acquisition, or asset sale, subject to confidentiality and legal requirements.

A current list of material categories of subprocessors may be provided on request for active enterprise clients. Where your contract includes a subprocessor annex, we will keep that annex aligned with material changes to vendors we use for your engagement, subject to notice periods in your agreement.

7. Retention

We retain personal data only as long as necessary for the purposes above, including statutory retention periods (for example tax and accounting records). Project artefacts may be retained according to contract or backup policies. When retention ends, we delete or anonymise data where feasible.

8. Security

We implement reasonable technical and organisational measures appropriate to the nature of the data and the risk—such as access controls, secure transport (HTTPS where configured), malware-aware hosting practices, and staff confidentiality expectations. No method of transmission or storage is 100% secure; you should also protect your credentials and devices.

9. Your rights

Depending on applicable law and the role we have in processing (controller vs. processor on client-directed systems), you may have rights such as:

• access to your personal data and a summary of processing;
• correction of inaccurate or incomplete data;
• erasure or restriction in circumstances prescribed by law;
• withdrawal of consent where processing was consent-based (this may not affect prior lawful processing);
• nomination of a representative where permitted;
• grievance redressal through our Grievance contact and, where applicable, regulatory channels.

To exercise rights, email info@moosiweb.com from the address used in your enquiry where possible, so we can verify legitimacy. We may need reasonable information to confirm identity. We will respond within timelines required by law once those obligations are clearly applicable to our processing.

If we process personal data on a client’s instructions as a processor, we will forward your request to that client where appropriate.

10. Cross-border transfers

We are based in India. If we use tools or hosting that involve transfers outside India, we will take steps consistent with applicable law (such as contractual safeguards or adequacy decisions where recognised). Enterprise clients may request transfer terms in their DPA.

11. Children

The Site and Services are directed at businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will take appropriate steps.

12. Automated decision-making

We do not use personal data for solely automated decisions that produce legal or similarly significant effects about individuals. If that changes, we will update this policy and provide information required by law.

13. Changes to this policy

We may update this policy to reflect legal, technical, or business changes. Material changes will be indicated by posting a revised policy on the Site and, where appropriate, a short notice on the Site or by email.

14. Contact and grievances

Questions about this policy or requests about personal data: info@moosiweb.com · Contact form · +91 8328363973.