MandiGrow — Live
Legal · Effective 1 April 2026

Privacy Policy

How MandiGrow collects, stores, processes and protects your mandi business data in compliance with Indian law.

Effective Date: 1 April 2026  ·  Last Updated: 1 April 2026

1. Introduction

MindT Enterprises ("MandiGrow", "we", "us", or "our") operates the MandiGrow SaaS platform (the "Service"), a mandi ERP solution for fruits & vegetable commission agents, wholesalers and traders across India. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the rights you have over your data.

This Policy is issued under the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"). It is also designed to be GDPR-aware for users who interact with us from outside India.

2. Information We Collect

2.1 Account & identity data: name, mobile number, email, business name, GSTIN, PAN, address, state, and login credentials.

2.2 Business & transactional data: sales invoices, purchase bills, daybook entries, ledgers, commission agent accounts, mandi khata records, party details, stock movement, inventory, and payment records.

2.3 GST & financial data: GST returns, HSN codes, tax computations, e-invoice data, and related fiscal records — classified as Sensitive Personal Data or Information (SPDI) under Indian law.

2.4 Payment data: subscription billing information processed via PCI-DSS compliant payment gateways (Razorpay, Stripe, SMEPay). We do not store full card numbers or CVV on our servers.

2.5 Technical data: IP address, device identifiers, browser type, operating system, app version, crash logs, and usage analytics.

3. Purpose of Collection

  • To provide, maintain and improve the Service including billing, accounting and compliance features.
  • To generate GST-compliant invoices, reports and filings on your behalf.
  • To authenticate users and protect against fraud and unauthorised access.
  • To communicate service updates, security alerts and billing notifications.
  • To comply with legal, tax and regulatory obligations in India.
  • To deliver customer support and resolve disputes.

4. Legal Basis for Processing

We process personal data on the basis of (a) your consent at account creation, (b) performance of our contract with you, (c) compliance with legal obligations (including GST, income tax and IT Act requirements), and (d) legitimate business interests such as securing the platform and preventing misuse.

5. Third-Party Sharing & Sub-Processors

We do not sell your personal data. We share data only with the following categories of recipients, under contractual confidentiality:

  • Infrastructure providers: Supabase, AWS / GCP data centres located in India or regions offering equivalent safeguards.
  • Payment processors: Razorpay, Stripe, SMEPay for subscription collection.
  • Analytics & monitoring: Sentry for error tracking, Google Analytics for aggregate usage (anonymised).
  • Government authorities: GSTN, income tax department, or law-enforcement agencies where legally compelled.
  • Professional advisors: auditors, lawyers and compliance consultants under strict confidentiality.

6. Data Retention

We retain your business and financial data for as long as your account is active and thereafter for a minimum of eight (8) years from the end of the relevant financial year, as required by Section 36 of the CGST Act, 2017 and Section 44AA of the Income Tax Act, 1961. Upon account closure, you may request export or deletion subject to these statutory retention obligations.

7. Data Security

We implement reasonable security practices aligned with ISO/IEC 27001 and Rule 8 of the SPDI Rules, 2011, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access control, row-level security, audit logging, regular penetration testing, and encrypted off-site backups. No method of electronic storage is 100% secure; we therefore cannot guarantee absolute security.

8. Your Rights

Subject to the DPDP Act, 2023 and applicable law, you have the right to:

  • Access and obtain a copy of the personal data we hold about you.
  • Correct or update inaccurate or incomplete data.
  • Withdraw consent (where processing is based on consent).
  • Request erasure, subject to statutory retention requirements.
  • Nominate another individual to exercise your rights in the event of death or incapacity.
  • Lodge a grievance with our Grievance Officer (see Section 12) or the Data Protection Board of India.

9. Cookies & Tracking

We use strictly-necessary cookies for authentication and session management, and analytics cookies (with your consent) to understand aggregate usage. You can control cookies through your browser settings. Disabling strictly-necessary cookies may impair your ability to sign in and use the Service.

10. Cross-Border Transfers

Primary data storage is within India. Where limited processing occurs outside India (e.g. global CDN, payment gateways), we rely on contractual safeguards and jurisdictions that ensure an adequate level of protection, as notified by the Central Government under Section 16 of the DPDP Act.

11. Children

The Service is intended for businesses and individuals aged 18 or above. We do not knowingly collect personal data from children under 18. If you believe we have done so, please contact us and we will delete such data promptly.

12. Grievance Officer & Contact

In accordance with Rule 5(9) of the SPDI Rules, 2011 and Section 10 of the IT (Intermediary Guidelines) Rules, 2021:

Grievance Officer

MandiGrow
Email: privacy@mandigrow.com
Support: support@mandigrow.com
Response time: within 15 days of receipt of a valid request.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice at least 7 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.