Privacy Policy

Privacy, Data Protection & Processing Framework

Miracuves Solutions Pvt. Ltd. (“Miracuves”, “Company”, “we”, “us”, or “our”) maintains this comprehensive Privacy, Data Protection, and Processing Framework to explain how personal data is collected, used, processed, protected, retained, disclosed, and governed across all Miracuves websites, applications, platforms, software, APIs, services, and business operations.

This document consolidates Miracuves’ Privacy Policy, Data Processing Agreement (DPA), Cookie Policy, App Privacy Disclosures, Client Privacy Summary, and Enterprise SLA Privacy Annexure into a single authoritative reference.

By accessing or using any Miracuves service, you acknowledge that you have read, understood, and agreed to this Framework. If you do not agree, you must discontinue use immediately.

1. Scope and Applicability

1.1 Covered Entities and Activities

• Visitors to Miracuves websites and landing pages
• Clients, customers, partners, vendors, contractors
• Users of Miracuves software, applications, dashboards, APIs
• Leads, prospects, and marketing contacts
• Support communications, tickets, chats, calls, and recordings

1.2 Relationship to Contracts

This Framework operates alongside Master Service Agreements (MSA), Statements of Work (SOW), NDAs, SLAs, and commercial contracts. In case of conflict, contractual terms prevail.

2. Definitions and Legal Interpretation

• Personal Data: Any information relating to an identified or identifiable individual.
• Sensitive Personal Data: Financial data, credentials, government identifiers, biometric or health data.
• Client Data: Any data submitted or processed on behalf of a client.
• Processing: Any operation on data including collection, access, storage, logging, analysis, transmission, deletion.
• Controller / Data Fiduciary: The party determining purposes and means of processing.
• Processor / Service Provider: The party processing data on instructions of the Controller.

All definitions are interpreted broadly to protect Miracuves’ lawful interests.

3. Categories of Data Collected

3.1 Data Provided Directly

• Identity and contact details
• Business, contractual, and billing information
• Project specifications, documentation, credentials
• Communications and correspondence

3.2 Automatically Collected Data

• IP address, device identifiers, OS and browser details
• Server logs, access logs, audit trails
• Usage metrics, feature interactions
• Error logs, diagnostics, performance metrics
• Security and authentication events

3.3 Third-Party Sources

• Cloud infrastructure and hosting providers
• Payment processors and financial institutions
• Analytics, monitoring, and communication tools
• Public professional platforms
• Legal and regulatory authorities

Miracuves is not responsible for inaccuracies in third-party data.

4. Legal Basis for Processing

Miracuves processes data under one or more lawful bases:

• Contractual necessity
• Legal and regulatory obligation
• User consent (where required)
• Legitimate business interest
• Security, fraud prevention, and abuse detection
• Establishment, exercise, or defense of legal claims

Miracuves retains discretion to determine the applicable lawful basis.

5. Purpose of Processing

• Service delivery, maintenance, and support
• Billing, invoicing, accounting, and audits
• Security monitoring and risk management
• Quality assurance and internal analytics
• Business operations and continuity
• Legal compliance and dispute resolution

Miracuves may anonymize or aggregate data for internal analysis without restriction.

6. Data Processing Agreement (DPA)

6.1 Roles

• Client acts as Controller / Data Fiduciary for Client Data
• Miracuves acts as Processor / Service Provider unless otherwise agreed

6.2 Client Responsibilities

• Ensure lawful collection and use of Client Data
• Obtain required notices and consents
• Ensure accuracy and legality of data provided
• Restrict upload of sensitive data unless explicitly authorized

Miracuves bears no liability for unlawful Client Data.

6.3 Sub-processors

Client authorizes Miracuves to engage sub-processors required to deliver services. Equivalent data protection obligations are imposed contractually.

6.4 Data Subject Requests

Client is responsible for responding to data subject requests. Miracuves will provide reasonable assistance subject to verification, feasibility, and cost recovery.

7. Data Sharing and Disclosure

Miracuves may share data with:

• Cloud and infrastructure providers
• Payment and financial processors
• Analytics, security, monitoring vendors
• Professional advisors and regulators

Miracuves does not sell personal data.

Disclosure may occur where necessary to protect Miracuves’ legal rights, intellectual property, systems, personnel, or comply with law.

8. International Data Transfers

Data may be processed across multiple jurisdictions including India, EU, USA, and others. Transfers rely on legally recognized safeguards. Continued use constitutes consent to such transfers.

9. Data Retention

• Client Data: retained per contract or legal necessity
• Financial records: minimum 7 years
• Logs and security records: up to 24 months
• Backups: retained per operational cycles

Miracuves may retain limited data to protect legal and commercial interests.

10. Cookie and Tracking Policy

10.1 Categories

• Strictly necessary (security, sessions, consent)
• Functional (preferences)
• Analytics (performance measurement)
• Marketing (campaign measurement, where consented)

10.2 Cookie Control

Users may manage cookies through browser settings or consent tools. Blocking cookies may affect functionality.

11. App Privacy Disclosure (Apple & Google)

11.1 Mobile App Data Categories

• Contact and account information
• Identifiers and device data
• Usage and diagnostic data
• Financial data (only where applicable)

11.2 Purposes

• Core app functionality
• Analytics and improvement
• Security and fraud prevention
• Developer communications

Tracking is enabled only where explicitly declared and consented.

12. Security Measures (Enterprise Baseline)

• Encryption in transit; encryption at rest where supported
• Role-based access control and least privilege
• Logging, monitoring, and audit trails
• Incident response and containment procedures

No system is 100% secure. Risks inherent to digital systems are acknowledged.

13. Incident Response and Breach Notification

Miracuves will notify clients of confirmed breaches of Client Data without undue delay where required by law. Clients remain responsible for regulatory and end-user notifications unless legally mandated otherwise.

14. Limitation of Liability

To the maximum extent permitted by law:

• No warranties of absolute security are provided
• Miracuves is not liable for indirect or consequential damages
• Total liability is capped as per the governing commercial agreement

15. Client-Facing Privacy Summary

Miracuves collects only necessary data to deliver services, does not sell personal data, applies security best practices, and respects lawful user rights. Full details are governed by this Framework and applicable contracts.

16. Enforcement and Termination

Violation of this Framework may result in suspension or termination of access or services without notice, subject to contractual rights.

17. Governing Law and Jurisdiction

This Framework is governed by the laws of India. Courts of Mumbai, Maharashtra have exclusive jurisdiction.

18. Contact and Grievance Redressal

Privacy & Legal: [email protected]
Data Protection Officer: [email protected]
Grievance Officer: [email protected]

Registered Office:
Miracuves Solutions Pvt. Ltd.
Mumbai, Maharashtra, India

Continued use of Miracuves services constitutes explicit acceptance of this Privacy, Data Protection & Processing Framework.