Privacy Policy

// MEPVAULT PRIVACY POLICY

Effective: 11 May 2026  |  Last reviewed: 11 May 2026  |  Governing law: Digital Personal Data Protection Act 2023 (India)

MEPVAULT (the “Website”, operated by the MEPVAULT Editorial Team — a group of enthusiastic MEP engineers based in India) respects your privacy. This Policy explains what personal data we collect, why we collect it, how long we keep it, and your rights under the Digital Personal Data Protection Act, 2023 (India), with secondary alignment to GDPR (EU) and CCPA (California).

1. Data we collect

  • Contact details you submit voluntarily — name, email address (via contact form, newsletter sign-up, or article comments).
  • Technical data — IP address, browser, device, operating system, referrer URL (via server logs + analytics).
  • Usage data — pages visited, time on page, clicks, search queries, calculator inputs (via cookies + analytics).
  • Cookies — strictly necessary (always on), functional, analytics, and advertising (opt-in via banner).

We do not collect sensitive personal data (financial account numbers, biometric data, health records, government identifiers) unless you voluntarily submit it.

2. Why we use your data (DPDP §4, §6)

  • To render Website content and respond to your contact form submissions.
  • To run analytics (Google Analytics 4) and improve content + calculator tools.
  • To display advertising via Google AdSense (with your consent).
  • To send occasional MEPVAULT updates if you opt in (you can withdraw at any time).
  • To maintain Website security and comply with applicable Indian law (DPDP Act 2023; IT Act 2000).

3. Lawful basis (DPDP §6)

We process personal data on the basis of (a) your consent (advertising cookies, analytics, newsletter); (b) contract / service delivery (rendering Website services you request); (c) legitimate interest (security + aggregate analytics); and (d) legal obligation (compliance with Indian law).

4. Retention (DPDP §8(7))

  • Contact form submissions — 24 months.
  • Newsletter subscriber email — until unsubscribe, plus 6 months for the unsubscribe record.
  • Analytics data — 26 months (Google Analytics 4 default).
  • Advertising data — 13 months.
  • Server logs — 30 days.
  • Calculator inputs — session-only (browser-side, not persisted by MEPVAULT).
  • Cookie consent records — 12 months.

5. With whom we share data

We share personal data only with trusted service providers: Hostinger (Website hosting + email), Google (Analytics 4, AdSense, Tag Manager, Site Kit), and RankMath (SEO metadata, server-side only, no PII). We do not sell your personal data.

6. Cross-border transfer (DPDP §17)

Some service providers (Google; certain Hostinger data centres) may process data outside India. Such transfers comply with DPDP §17 + applicable contractual safeguards.

7. Children (DPDP §9)

The Website is not directed at persons under the age of 18 years (the age threshold under DPDP §9 for personal data processing in India). We do not knowingly collect data from anyone under 18. If you believe a minor has provided data, contact our Grievance Officer for prompt deletion.

8. Your rights (DPDP §11, §12, §14)

You have the right to: access a summary of your data; request correction or erasure; withdraw consent at any time; raise a grievance (see Section 10); and nominate another individual to exercise these rights on your behalf.

To exercise any right, email admin@mepvault.com with the subject line “DPDP Data Subject Request”. We respond within 30 days. If unresolved, you may escalate to the Data Protection Board of India under DPDP §13.

9. Cookies

Strictly necessary cookies are always on. Analytics and advertising cookies load only after you provide consent via the cookie banner. You can revoke consent at any time using the cookie-preferences link in the footer.

10. Grievance Officer (DPDP §8(9), §13)

Designation: MEPVAULT Grievance Officer
Email: admin@mepvault.com
Response SLA: 30 days from receipt (DPDP §13)
Escalation: Data Protection Board of India (DPDP §18)

11. Security (DPDP §8(5))

We use HTTPS / TLS encryption, multi-factor authentication for administration, two-layer backups (UpdraftPlus + Hostinger weekly server-side), up-to-date WordPress patching, and periodic OWASP-aligned reviews.

12. Data breach notification (DPDP §8(6))

If a personal data breach occurs that is likely to result in risk to your rights, we will notify you and the Data Protection Board of India within timelines prescribed by the DPDP Act.

13. Changes to this Policy

Material changes will be notified via a prominent notice on the Website and, where contact data is available, by email. The “Last reviewed” date at the top reflects the latest revision.

14. International visitors (GDPR / CCPA)

EU/EEA visitors are entitled to GDPR rights (Articles 13, 15, 17, 18, 20, 21). California visitors are entitled to CCPA rights including the right to know, delete, and opt out of sale (we do not sell data). Email admin@mepvault.com to exercise these rights.

Contact us  |  General: contact@mepvault.com  |  Privacy / Grievance: admin@mepvault.com  |  Form: /contact/

This Policy is provided in plain English for clarity. The Digital Personal Data Protection Act 2023 (India) prevails in case of any inconsistency. This is not legal advice.

Exit mobile version