Privacy Policy

1. Identity of the Data Fiduciary

MaxFate Private Limited (hereinafter referred to as "the Company", "we", "our", or "us"), a company incorporated under the Companies Act, 2013 and operating the Drishti Astro platform under the brand Drishti Clarity Lab, is the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 ("DPDPA"). Our registered business contact for data protection matters is: Email: drishti@maxfate.com | Phone: +91-8906220622.

2. Scope and Applicability

This Privacy Policy ("Policy") applies to all individuals ("Data Principals") who access, browse, or avail any services offered through our website, mobile interface, or any associated digital platform operated by MaxFate Private Limited. This Policy shall be read in conjunction with our Terms and Conditions and any other applicable policy published by the Company. By interacting with our platform, you acknowledge that you have read, understood, and consent to the practices described herein.

3. Categories of Personal Data Collected

4. Purpose and Legal Basis of Processing

5. Consent and Withdrawal

The Company collects and processes your personal data on the basis of your free, informed, specific, and unambiguous consent as required under Section 6 of the Digital Personal Data Protection Act, 2023. You retain the right to withdraw your consent at any time by writing to us at drishti@maxfate.com. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. Please note that certain services may be unavailable upon withdrawal of consent for processing essential data.

6. Data Sharing and Disclosure

7. Cross-Border Data Transfers

Where personal data is transferred outside the territory of India (for example, to cloud infrastructure or analytics services), such transfers are effected in accordance with Section 16 of the DPDPA and any rules or notifications issued thereunder by the Central Government. The Company ensures that adequate safeguards are in place to protect the personal data of Data Principals during such transfers.

8. Data Retention

Personal data shall be retained for no longer than is necessary for the purposes for which it was collected, or as required by applicable law. As a general practice: (a) account and transactional data is retained for a period of five (5) years from the date of last transaction in accordance with applicable financial and tax regulations; (b) marketing data is retained until consent is withdrawn; and (c) technical logs are retained for a maximum of ninety (90) days. Upon expiry of the retention period, data shall be securely erased or anonymised.

9. Rights of the Data Principal

10. Data Security

The Company implements reasonable security practices and procedures as mandated under Rule 8 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and in accordance with the DPDPA. These include, but are not limited to, encryption of data in transit and at rest, access controls, regular security audits, and contractual obligations on third-party processors. However, no method of electronic transmission or storage is entirely secure; accordingly, while we endeavour to protect your personal data, we cannot guarantee absolute security.

11. Personal Data of Minors

Our services are not directed at or intended for children below the age of eighteen (18) years. We do not knowingly collect personal data from minors without verifiable parental or guardian consent as required under Section 9 of the DPDPA. If you become aware that a minor has submitted personal data without appropriate consent, please contact us immediately at drishti@maxfate.com and we shall take appropriate steps to delete such data.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in risk to the rights and freedoms of Data Principals, the Company shall notify the Data Protection Board of India and the affected Data Principals in the manner and within the timelines prescribed under the DPDPA and rules framed thereunder.

13. Grievance Redressal

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Company has designated a Grievance Officer to address concerns of Data Principals. Any grievance or complaint regarding the processing of personal data or the provisions of this Policy may be addressed to:

Grievance Officer: Manvendra Chaudhary Designation: Chief Marketing Officer, MaxFate Private Limited Email: cmo@maxfate.com

The Grievance Officer shall acknowledge the complaint within forty-eight (48) hours and endeavour to resolve the same within thirty (30) days of receipt of the complaint.

14. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your user experience, analyse website traffic, and support marketing activities. You may manage your cookie preferences through your browser settings. Disabling certain cookies may impact the functionality of our platform. For detailed information on the types of cookies we use, please refer to our Cookie Policy or contact us at drishti@maxfate.com.

15. Amendments to this Policy

The Company reserves the right to amend, update, or revise this Privacy Policy at any time. Material changes shall be communicated to registered users via email or a prominent notice on the platform. Continued use of our services following such notification shall constitute acceptance of the revised Policy. We encourage you to review this Policy periodically.

16. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in India.