LEGAL

Privacy Policy.

What we collect, why we collect it, and the rights you have over your data — written plainly, no dark patterns.

Last updated: 11 May 2026  ·  Effective: 11 May 2026

AT A GLANCE

  • • We collect only what we need to run our website and respond to enquiries.
  • • We do not sell personal data and we do not run advertising trackers.
  • • Analytics (Google Analytics 4) load only if you consent — you can change your mind anytime via Cookie Settings.
  • • Under India's DPDP Act 2023 and the EU GDPR you have access, correction, deletion, and grievance rights — see Section 7.

01 — WHO WE ARE

Data Fiduciary / Controller

PurpleMESH Solutions ("PurpleMESH", "we", "us", "our") is a company headquartered in Hyderabad, India, that builds AI products and provides software engineering services for the insurance industry.

For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act") we act as a Data Fiduciary. For the EU/UK General Data Protection Regulation we act as a Controller for data we collect through this website and as a Processor for data our customers entrust to us inside our products and services.

02 — WHAT WE COLLECT

Categories of Personal Data

Information you provide

When you fill out our contact form, request a demo, or email us, we receive:

  • Your name, work email, company, and role
  • The message or enquiry you send us
  • Any other details you choose to include

Information we collect automatically

If you accept analytics cookies, Google Analytics 4 collects:

  • Pages visited, session duration, referrer, approximate region (city-level)
  • Device type, browser, operating system, language
  • A pseudonymous cookie ID — your IP address is anonymised before storage

A full list of cookies is in our Cookie Policy.

Information we do not collect

We do not knowingly collect special-category data (e.g. health, religion, biometrics) through this website, and we do not collect data from children under 18.

03 — HOW WE USE IT

Purposes & Legal Bases

Purpose Data Used Legal Basis (GDPR) / Ground (DPDP)
Respond to your enquiry or demo request Contact form fields Legitimate interest / consent at point of submission
Understand site usage and improve content Analytics data (only after consent) Consent
Send follow-up emails about your enquiry Name, email, conversation history Legitimate interest
Protect against fraud, abuse, and security threats Request metadata, logs Legitimate interest / legal obligation
Comply with legal and tax obligations Records relating to contracts and enquiries Legal obligation

04 — SHARING

Who Receives Your Data

We do not sell personal data. We share it only with the following categories of recipients, each bound by contract to protect it:

  • Infrastructure providers — cloud hosting on Amazon Web Services and Microsoft Azure (region: India / EU as configured).
  • Email & form processing — Formspree (form delivery) and Google Workspace (email).
  • Analytics — Google Analytics 4 (Google LLC), only when consented.
  • Professional advisers — auditors, lawyers, and accountants, where strictly necessary.
  • Authorities — if we are legally required to disclose data under a valid order.

A full sub-processor list is available on request via privacy@purplemesh.in.

05 — INTERNATIONAL TRANSFERS

Cross-Border Data Flows

Some of our service providers (e.g. Google) may process data outside India or the EEA. Where they do, we rely on appropriate safeguards — Standard Contractual Clauses under the GDPR and lawful transfer mechanisms under the DPDP Act — and we restrict transfers to countries not on any government-issued negative list.

06 — RETENTION

How Long We Keep Data

  • Contact enquiries: up to 24 months from your last interaction with us, then deleted or anonymised.
  • Analytics data: 14 months in Google Analytics 4 (the shortest retention window GA4 offers).
  • Contractual / financial records: 7 years, as required by Indian tax and company law.
  • Security logs: 90 days for routine logs; longer if needed for an active investigation.

07 — YOUR RIGHTS

What You Can Ask Us to Do

Depending on where you live, you have some or all of the following rights:

  • Access — a copy of the personal data we hold about you.
  • Correction — fix data that is inaccurate or incomplete.
  • Erasure — have your data deleted, subject to legal retention obligations.
  • Withdraw consent — turn off analytics or unsubscribe at any time. Withdrawing consent does not affect prior lawful processing.
  • Object / restrict — ask us to stop or limit certain processing (GDPR).
  • Portability — receive your data in a structured, machine-readable format (GDPR).
  • Nominate — appoint someone to exercise your rights in the event of your death or incapacity (DPDP Act).
  • Complain — to a supervisory authority (the Data Protection Board of India, or your local EU/UK regulator).

To exercise any of these rights, email hello@purplemesh.in. We respond within 30 days.

08 — SECURITY

How We Protect Data

PurpleMESH is ISO 27001:2022 certified. We use encryption in transit and at rest, role-based access control with MFA, vulnerability scanning, and documented incident-response procedures. Full details are on our Trust & Compliance page.

09 — CHILDREN

Children's Privacy

Our website and services are intended for businesses and adult professionals. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with their data, please contact us and we will delete it.

10 — CHANGES

Updates to This Policy

We may update this policy when our practices, the law, or our service providers change. Material changes will be highlighted at the top of this page and, where required, notified to you directly. The "Last updated" date at the top tells you when this version took effect.

11 — CONTACT

Get in Touch

For any privacy matter — including DPDP Act grievances — please contact our Grievance Officer / Data Protection contact:

PurpleMESH Solutions
Attn: Grievance Officer · Privacy
Hyderabad, Telangana, India
hello@purplemesh.in

For general enquiries, use our contact page.