Privacy policy
Effective Date: 21-09-2025                                                                             Last Updated: 21-09-2025

1. Definitions
As used in this Privacy Policy, “Company”, “we”, “us”, “our”, “My Chitti”, and “MC Vendor Hub” refers to MY CHITTI TECHNOLOGIES PRIVATE LIMITED (replace with the correct legal entity name if different).
 “Platform” refers to the MC Vendor Hub (https://www.mcvendorhub.com ) & My Chitti( www.mychitti.net ) websites, mobile application, and related services. “User”, “You”, “Your”, “Vendor”, “MC Vendor”, and “MC Vendor Staff” refers to any individual or business using the Platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, your rights, and how to contact us. This policy applies to personal data processed in connection with our services and products offered through mychitti.net (https://www.mcvendorhub.com) and related services.
2. Scope & Legal Framework
This policy is written with India’s Digital Personal Data Protection Act, 2023 (DPDP Act) in mind. It also includes references for GDPR (EU) and CCPA/CPRA (California) where applicable. This document is a template and must be adapted to reflect actual processing activities and legal advice.
3. Who we are / Contact
Controller: MY CHITTI TECHNOLOGIES PRIVATE LIMITED
 Registered address: LIG 134, Tuda Quarters, Unnamed Road, Mangalam, Tirupati, Andhra Pradesh, 517507
 Privacy contact / DPO: mychitti@mychitti.net
4. Your privacy is our priority
At My Chitti, trust is the foundation of everything we do. We do not sell your personal data. We will not share your personal information with third parties for their own marketing purposes without your explicit consent. We collect and use information only as needed to provide and improve our services — for example, to process payments, deliver features you request, secure accounts, and comply with legal obligations. Typical uses include account setup, billing, customer support, fraud prevention, and product improvement. Where we work with third parties (for example, payment processors, hosting providers, and analytics partners), those providers act as processors on our behalf and are contractually required to protect your data. We require appropriate safeguards and Data Processing Agreements (DPAs) with such partners. We protect your information using industry-standard technical and organizational measures (for example, encryption in transit and at rest, access controls, and regular security testing). You have control over your data — you can access, correct, or request deletion of your personal information, and you can object to certain processing where applicable. To exercise these rights or to ask questions, contact us at mychitti@mychitti.net. For complete details, including the types of information we collect, retention periods, cookie use, cross-border transfers, and how we respond to legal requests, please refer to the full Privacy Policy on our website.
5. Personal data we collect
We collect personal data necessary to provide our services. Categories include: Identity & account data: name, email, mobile number, company name, password (stored hashed). Transactional & payment data: billing address, payment instrument information (processed by third-party payment processors). Service data: order history, subscription plan, tokens/IDs, support tickets. Device & usage data: IP address, device identifiers, browser type, pages visited, crash logs, cookies, and analytics. Communications: messages you send to us (support requests), marketing preferences. Sensitive categories: we do not intentionally collect special category data (e.g., health, biometric) except where you voluntarily provide it or where necessary for a service; explicit consent will be obtained where required.
6. How we use your personal data (purposes)
We process personal data for purposes including, but not limited to: Providing, operating, and maintaining our services (account creation, authentication, invoicing). Processing payments and preventing fraud. Providing customer support and responding to requests. Improving, personalizing, and analyzing our services. Sending transactional communications (invoices, security alerts) and marketing communications where you have opted in. Complying with legal obligations and responding to lawful requests by public authorities. Legal bases under applicable law may include consent, performance of a contract, legitimate interests, or compliance with law — depending on the activity.
7. Cookies & tracking
We use cookies and similar technologies for authentication, security, preferences, and analytics. We present a cookie banner where required and obtain consent for non-essential cookies. Users can manage cookie preferences via the banner or through their browser settings.
8. Sharing & third parties
We share personal data only as necessary with: Service providers / processors: payment processors, hosting & cloud providers, analytics platforms, email providers — acting under contract and bound by DPAs. Legal requests: where required by law, court order, or governmental request. Business transfers: in connection with a merger, sale, or reorganization (with notice to affected users where practicable). We do not sell personal data to third parties for their own marketing purposes.
9. International data transfers
Your data may be hosted or processed in India or other countries where our processors operate. We implement contractual and technical safeguards to protect transfers (for example, DPAs and Standard Contractual Clauses where applicable). EU/UK residents should consult the GDPR addendum for additional transfer safeguards.
10. Data retention
We retain personal data only as long as necessary for the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce agreements. Example retention periods (adjust to your practices): account data — while the account is active + 2 years; billing records — 7 years for tax compliance; logs & analytics — up to 24 months unless anonymized.
11. Security
We use industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, and periodic testing. No system is 100% secure; we maintain an incident response plan and will notify affected users and authorities as required by law in the event of a breach.
12. Your rights
Subject to applicable law, you may have the right to: Access and obtain a copy of your personal data. Correct inaccurate or incomplete data. Request deletion or restriction of processing (where permitted). Object to processing based on legitimate interests. Request data portability (where technically feasible). Withdraw consent where processing is based on consent. To exercise these rights, contact mychitti@mychitti.net. We may require identity verification before acting on requests.
13. Children
Our services are not directed to children under 18. We do not knowingly collect personal data from children; if we discover that we have collected a child’s personal data without verifiable parental consent, we will delete it promptly.
14. Changes to this policy
We may update this policy from time to time. We will indicate the effective date at the top and, where required, provide notice of material changes.
15. How to contact us
Questions, complaints, or requests: mychitti@mychitti.net. You also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.