Your privacy matters to us

MantrixFlow ("we", "us", or "our") operates a data pipeline platform that supports various database connectors. We are committed to protecting your privacy and complying with the Indian Digital Personal Data Protection (DPDP) Act 2023, GDPR, and other applicable data protection laws.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, APIs, and related services (collectively, the "Services").

Role Definitions

We act as a Data Fiduciary for account management data (billing, support, user accounts). We act as a Data Processor for the data moving through your pipelines. We process Customer Data solely on your instructions to orchestrate, clean, and validate datasets.

Identity Data

Names, email addresses, organization details, job titles, and billing information collected for account creation and service delivery.

Pipeline Telemetry

Job status, execution duration, data volume metadata, and pipeline run logs. This metadata is used to ensure reliability and performance of the platform.

Sensitive / Restricted Data

Any financial, health, or other "Restricted Data" you ingest requires specialized handling. We implement PII detection and support de-identification. You remain responsible for ensuring lawful basis for processing such data.

Other Data

• Usage Data: IP address, browser type, pages visited, features used, API call patterns.
• Communication Data: Support tickets, email correspondence, feedback.
• Cookies and similar technologies for essential functionality and analytics.

We process your data solely to:

• Orchestrate, clean, and validate datasets per your instructions.
• Provide, maintain, and improve the Services.
• Manage accounts, billing, and support.
• Detect and prevent security incidents, fraud, and abuse.
• Comply with applicable laws and legal processes.

Under the DPDP Act 2023 and other applicable laws, you have the right to:

• Access a summary of your personal data we hold.
• Correct inaccuracies in your data.
• Request erasure once the purpose is fulfilled or consent is withdrawn.
• Withdraw consent at any time (where processing is consent-based).
• Receive your data in a portable format (JSON, CSV).

To exercise these rights, contact us at support@mantrixflow.com. We will respond within 30 days (or sooner as required by law).

In compliance with the DPDP Act 2023, we have appointed a Grievance Officer for users in India. The Grievance Officer will acknowledge complaints within 24–72 hours and resolve most requests within 7 working days.

You may also lodge a complaint with the Data Protection Board of India (DPBI) if you believe our processing violates applicable law.

We retain data only as long as necessary for the stated purposes. Specific timelines:

Upon account termination, Customer Data is available for export for 30 days, after which it is permanently deleted. We provide a certificate of secure deletion upon request.

We implement industry-standard security controls:

• Encryption at rest: AES-256.
• Encryption in transit: TLS 1.2+.
• Logical separation between the control plane (metadata, UI) and your data plane.
• Role-based access control (RBAC), MFA for production access.
• Regular security assessments and incident response procedures.

In the event of a personal data breach, we will notify the DPBI and affected individuals without undue delay (typically within 72 hours) as required by law.

We engage the following third parties to provide the Services. All are bound by contractual obligations to protect your data.

We will notify customers at least 30 days in advance of any new subprocessor that may process Customer Data. Enterprise customers may object in accordance with their Data Processing Agreement.

We share information only with subprocessors listed above, or when required by law. We do NOT sell your personal information. We do NOT use Customer Data for advertising. We do NOT share Customer Data with other customers.

For transfers from the EEA, UK, or Switzerland, we rely on EU Standard Contractual Clauses (SCCs), the UK IDTA, and adequacy decisions where applicable. We offer data residency options for enterprise customers.

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, contact us at support@mantrixflow.com.

In the event of a personal data breach, we will: (a) notify the relevant supervisory authority within 72 hours; (b) notify affected individuals without undue delay where required; (c) document the breach and remedial actions.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Your continued use after changes constitutes acceptance.