Privacy Policy

Last Updated: 23 October 2025

On this page

Introduction

Welcome to Mahatva ("we", "us", "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and the rights you have under applicable laws including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 and related rules.

Information We Collect

We collect the following categories of information to provide and improve our services:

  • Personal Identifiers: Name, email address, phone number, date of birth (if provided), user account details.
  • Account & Usage Data: Account creation data, login timestamps, preferences, and service usage logs.
  • Contact & Support Data: Messages exchanged with support, call records (if you contact us), verification records.
  • Technical & Device Data: IP address, device identifiers, browser type, operating system, and cookie identifiers.
  • Payment & Billing Data: Transaction identifiers and payment confirmation information processed through our payment processor (Cashfree). We do not store full card details.
  • User-Provided Content: Any documents, notes, or files you upload to your account.

How We Use Your Data

We use personal data for the following purposes:

  • To create and manage your account and provide the service features.
  • To process payments and manage subscriptions via Cashfree.
  • To communicate with you (service messages, reminders, support and, where consented, marketing via WhatsApp/SMS/email).
  • To perform identity verification and KYC checks when required for compliance.
  • To detect, prevent, and investigate fraud, abuse, or security incidents.
  • To comply with legal obligations, resolve disputes, and enforce our agreements.

Lawful Basis & Consent

Under the DPDP Act and other applicable laws, we rely on one or more lawful bases to process personal data:

  • Consent: Where you have given us explicit consent (for example, WhatsApp messages or promotional communication).
  • Contractual Necessity: Processing necessary to perform our contract with you (account provisioning, subscription management).
  • Legal Compliance: Processing required to comply with legal obligations (KYC, tax and regulatory requirements).
  • Legitimate Interests: For fraud prevention, improving the service, and security—balanced against your privacy rights.

Sharing & Third Parties

We may share personal data with the following categories of third parties:

  • Payment processors: Cashfree for payment transactions and reconciliation (we only share necessary payment metadata; full card data is handled by Cashfree).
  • Messaging providers: WhatsApp Cloud API (via Meta) for authorized messaging if you opt-in.
  • Service providers: Hosting providers, analytics services, email delivery services, and other vendors who process data on our behalf under contract.
  • Legal & Regulatory Authorities: When required by law, court order, or to enforce our rights and protect others.

We enter into written agreements with service providers requiring appropriate security and confidentiality measures.

Payment Security

All payments on Mahatva are processed through Cashfree (or other PCI-compliant payment gateways). Mahatva does not store raw card numbers, CVV, or full payment credentials. We only retain the minimum metadata required for transaction records (transaction IDs, timestamps, invoice references) to support customer queries and compliance.

WhatsApp Communication (Cloud API)

We use the official WhatsApp Cloud API for sending notifications and support messages if you opt-in. Key points:

  • We will request explicit consent before sending promotional messages.
  • You may withdraw consent anytime by contacting support or following the opt-out instructions in messages.
  • WhatsApp may process data outside India (see "International Transfers").

Cookies & Tracking

We use cookies and similar technologies for essential site functionality, analytics, performance, and fraud prevention. Typical cookie categories include:

  • Essential cookies: Required for sign-in, session management and security.
  • Analytics cookies: To understand usage patterns and improve the product.
  • Marketing cookies: If you opt into marketing communications.

You can manage or block cookies via browser settings (which may impact functionality).

Data Retention

We retain personal data only for as long as necessary for the purposes described, or as required by law. Typical retention periods:

  • Account & profile data: retained while your account is active and for up to 3 years after account deletion for legal & operational purposes.
  • Transactional/payment records: retained for 7 years for compliance and tax purposes.
  • Support and logs: retained for up to 2 years unless required otherwise.

If you request deletion, we will delete or anonymize data unless preservation is required by law.

Data Security

We implement reasonable technical, administrative, and physical safeguards to protect personal data, including encryption in transit (TLS) and at rest for sensitive fields, access controls, and regular security reviews. However, no system can be guaranteed 100% secure—if there is a data incident we will notify affected users and authorities as required by law.

Your Rights

Subject to applicable law (including DPDP Act), you may have the following rights in relation to your personal data:

  • Access: Request a copy of personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Portability: Request a machine-readable copy of the data you provided.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Withdraw Consent: Withdraw consent for processing where processing is based on consent.
  • Grievance: Report concerns to our Grievance Officer (details below).

To exercise any right, contact us at askmahatva@gmail.com. We will respond within a reasonable time and in accordance with applicable law.

Grievance Officer / Data Protection Contact

As required under applicable law, our designated Grievance Officer is:

Name:    Kalpesh Modi
Email:   askmahatva@gmail.com
Phone:   +91 7722025220
Address: [Insert registered office address here]

Please allow up to 30 days for a response. If you remain unsatisfied, you may escalate to the relevant regulator under applicable law.

International Transfers

Certain processing (e.g., WhatsApp Cloud API, hosting or analytics) may involve transfer of personal data to services outside India. Where transfers occur, we implement appropriate safeguards such as standard contractual clauses, Data Processing Agreements, or other measures required by law.

Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect personal data from minors. If we learn that we have collected data of a minor without parental consent, we will take steps to delete it.

Automated Decision-Making & Profiling

We do not perform solely automated decision-making that has a legal or similarly significant effect on users. If we use automated processing or profiling in the future, we will provide appropriate notice and rights to challenge decisions.

Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated policy here with a revised "Last Updated" date. Where required by law, we will notify you of material changes and obtain consent if necessary.

Contact & Support

If you have questions or complaints about this policy or our data practices, please contact us:

Email: askmahatva@gmail.com
Phone / WhatsApp: +91 7722025220

You may also refer to our Terms of Use page for additional legal terms governing use of the service.

Effective Date: 23 October 2025

Back to Signup