MunafaLabMunafaLab

Privacy Policy

MunafaLab respects your privacy. This policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have under Indian law — primarily the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1. Who we are (Data Fiduciary)

MunafaLab (the "Site") is operated by Kishan Patel, a sole proprietor based in Surat, Gujarat, India (the "Data Fiduciary", "we", "us", or "our"). For all data-protection matters, contact: contact@munafalab.com.

2. What we collect

We collect the minimum personal data needed to run the site:

  • Newsletter email — if you choose to subscribe, we collect your email address (and, optionally, a first name).
  • Contact form / email replies — if you write to us, we receive your email address, name (if provided), and the contents of your message.
  • Comments (if/when enabled) — name, email address, and the comment text.
  • Analytics (Google Analytics 4) — pageviews, referrer, approximate country and city, device type, browser, and language. We have enabled IP anonymisation so your full IP is not stored by Google. We do not enable Google Signals, ad personalisation, or remarketing. See section 6 for details, and section 5 for the cookies this sets.
  • Server logs — IP address, user-agent, and timestamps, kept short-term for security and abuse prevention.

3. What we do NOT collect

  • We do not collect your PAN, Aadhaar, bank account, or KYC details.
  • We do not run third-party advertising cookies or behavioural ad networks.
  • We do not sell, rent, or trade your personal data.
  • We do not knowingly collect personal data from children under 18.

4. Why we use your data (lawful purposes)

We use your personal data only for the specific, lawful purposes you consent to:

  • To send the email newsletter you subscribed to.
  • To reply to your enquiries, corrections, and feedback.
  • To understand site usage in aggregate and improve content (e.g. which posts get read, which load slowly).
  • To detect and prevent abuse, spam, or security threats.
  • To meet our legal and regulatory obligations.

We will not use your data for any new purpose without your fresh consent.

5. Cookies

We use a small number of cookies and similar technologies:

  • Theme preference (first-party) — to remember light/dark mode.
  • Session security (first-party) — for admin/login flows (only if you are a contributor).
  • Google Analytics 4 (third-party) — sets cookies named _ga and _ga_KDM91DNM0Q with a default lifetime of up to 2 years. These help us count unique visitors and understand which posts get read. IP anonymisation is enabled and ad-personalisation features are disabled.

You can disable cookies in your browser; some site features (such as remembering theme) may stop working. To specifically opt out of Google Analytics across all sites, install the Google Analytics Opt-out Browser Add-on.

6. Third parties (sub-processors)

To operate the site, we rely on the following categories of third-party services, each of which processes only the minimum data required:

  • Hosting and CDN — to deliver the site over HTTPS.
  • Email service provider — to send the newsletter and transactional emails.
  • Google Analytics 4 (Google LLC, USA)— for aggregated traffic metrics. Data may be processed on Google servers outside India. We have enabled IP anonymisation and disabled ad-personalisation features. Google's handling of this data is governed by the Google Privacy Policy.
  • Affiliate networks — when you click an affiliate link, the partner platform (e.g. broker, credit card issuer) sets its own cookies under its own privacy policy. Please review their policies before signing up.

7. Data retention

  • Newsletter email — kept while you remain subscribed. Deleted within 90 days of unsubscribe.
  • Email correspondence — kept for up to 24 months, then deleted unless required for legal reasons.
  • Server logs — kept for up to 90 days for security analysis, then deleted or anonymised.
  • Analytics data — retained in aggregated form; no individual user record is stored.

8. Your rights under the DPDP Act, 2023

As a Data Principal, you have the following rights with respect to your personal data held by MunafaLab:

  • Right to access — to know what personal data we hold about you and how it is processed.
  • Right to correction and erasure — to correct inaccurate data or request deletion when no longer needed.
  • Right to grievance redressal — to raise complaints with our Grievance Officer (details on the Contact page).
  • Right to nominate — to nominate another individual to exercise these rights in case of your death or incapacity.
  • Right to withdraw consent — to withdraw consent at any time; this will not affect lawfulness of processing done before the withdrawal.

To exercise any of these rights, email contact@munafalab.com with "DPDP request" in the subject. We will respond within 30 days. We may ask you to verify your identity (for example, by replying from the email address on record) before acting on the request.

9. Security

We apply reasonable security practices in line with the SPDI Rules, 2011 — HTTPS everywhere, encrypted storage where supported by our providers, access control on admin accounts, and regular software updates. No online service can promise absolute security; if you believe an incident has occurred, please contact us immediately.

10. Personal data breaches

In the unlikely event of a personal data breach that is likely to result in significant risk to affected Data Principals, we will notify the Data Protection Board of India and affected users in the manner and timelines prescribed under the DPDP Act and rules framed under it.

11. International transfers

Some of our service providers may store data on servers outside India. Where this happens, we rely on providers that offer contractual safeguards and process data only on our documented instructions. We will comply with any Government of India restrictions issued under the DPDP Act on transfers to specific countries.

12. Children

MunafaLab is not directed at children under 18. We do not knowingly process personal data of children. If you believe a child has provided us their data, please email us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be highlighted on the homepage or via email to subscribers. The "Last updated" date below shows when the latest revision took effect.

14. Grievance Officer

For complaints about this policy or about how your personal data is being handled, please contact:

  • Name: Kishan Patel
  • Designation: Grievance Officer, MunafaLab
  • Email: contact@munafalab.com
  • Address: Surat, Gujarat, India

Grievances are acknowledged within 24 hours and resolved within 15 days, in line with applicable Indian law.

Effective date: 16 May 2026 · Last updated: 18 May 2026