Privacy Policy

We collect data you provide directly (account information, billing details, project data) and data generated from your use of the platform (logins, page views, feature usage).

• Account data: name, email, phone, company name, role
• Authentication: encrypted credentials, session tokens
• Project data: project details, units, leads, customers, partners, documents
• Usage data: page views, feature interactions, error logs
• Communication: emails to support, WhatsApp messages routed through Makanify
• Payment: handled by our PCI-compliant gateway, we do not store card numbers

We use your data only to operate the Makanify platform, comply with legal obligations, and improve the service.

• Provide and maintain the platform you subscribed to
• Authenticate your sessions and protect your account
• Process payments and send invoices
• Send transactional notifications (lead alerts, payment receipts, demand letters)
• Improve product features through aggregate usage analytics
• Comply with RERA, GST, DPDP, and other applicable laws

Your data is stored in encrypted form on infrastructure located in India (Mumbai region) and secondary backups in Hyderabad. We do not transfer your data outside India unless explicitly requested by an Enterprise customer with a separate data processing agreement.

Inside Makanify, only authorised engineers with operational need access production data, and only with audit-logged session approval. We never sell, rent, or share your data with third parties for marketing purposes.

• Your team members you have invited to your account
• Authorised Makanify engineers with audit-logged session access
• Sub-processors listed in our Trust Center (Vercel, Supabase, Resend, Razorpay)
• Legal authorities when compelled by valid court order under Indian law

Under DPDP and our own commitments, you have the following rights at any time:

• Access: request a copy of all data we hold about you
• Correct: ask us to correct or update inaccurate data
• Delete: request permanent deletion of your data and account
• Portability: receive your data in a structured, machine-readable format
• Withdraw consent: opt out of any processing that is consent-based

We use first-party cookies for authentication and session management, plus a small number of analytics cookies. We do not run third-party advertising trackers on our marketing site or product.

We retain your data for as long as your account is active. After account closure we keep aggregated, anonymised data for product improvement and a backup for 90 days, after which we permanently delete personal identifiers. Some data may be retained longer where required by law (for example tax records under GST and CGST acts).

We use industry-standard security measures: TLS 1.3 in transit, AES-256 at rest, daily encrypted backups, two-factor authentication for all employees, role-based access control, audit logs, and vulnerability assessments. We are working towards SOC 2 Type II certification.

We will notify you by email if we make material changes to this policy. The current version is always available at makanify.com/privacy.