Protocol Overview
At MondalSoft, we treat data privacy as a fundamental engineering constraint. This policy outlines how we collect, process, and secure data across our Global Edge Network.
We define two categories of data in our ecosystem:
Account Data
Information you provide for billing and auth. We are the Data Controller.
Workload Data
Data residing on your VPS/Servers. We act as the Data Processor; you retain sovereignty.
What Information Do We Collect?
We collect information from you when you register on our site, place an order, or interact with our infrastructure.
When ordering or registering, we may ask for your:
- Name
- E-mail Address
- Mailing Address
- Phone Number
You may, however, visit our site anonymously.
We automatically collect IP addresses, API request logs, latency metrics, and SSH access patterns to maintain network integrity and mitigate DDoS attacks.
How Do We Use Your Information?
Any of the information we collect from you may be used in one of the following ways:
- To Personalize ExperienceYour information helps us to better respond to your individual needs and dashboard preferences.
- To Improve Customer ServiceMore effective response to your customer service requests and technical support tickets.
- To Improve Our WebsiteWe continually strive to improve our infrastructure offerings based on the feedback we receive from you.
- To Send Periodic EmailsThe email address you provide for order processing may be used to send you information, invoice updates, and security alerts pertaining to your order.
Infrastructure Security
We implement a variety of security measures to maintain the safety of your personal information when you submit a request, place an order, or access your personal information.
Secure Sockets Layer (SSL/TLS 1.3) technology ensures fully encrypted transmission. Data at rest is encrypted with AES-256.
Password protected directories and databases. Zero-trust architecture for internal administrative access.
We actively protect our servers from hackers and vulnerabilities via automated PCI compliance scanning.
After a transaction, your private financial information (credit cards, etc.) will not be stored on our servers.
Disclosure & Third Parties
Outside Parties
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites.
Data Residency & Transfer
MondalSoft operates from Barrackpore, India. By default, Account Data is stored in our Indian data centers in compliance with the DPDPA 2023. Workload Data (e.g., CDN caching) may be replicated to edge nodes in jurisdictions you select (e.g., Frankfurt, Singapore, NYC) to ensure low latency.
Cookies & Local Storage
We use a minimal footprint of identifiers necessary for the control panel to function.
- Essential: Session tokens required to keep you logged into the dashboard.
- Functional: Preference flags (e.g., `theme`, `collapsed_sidebar`).
- Analytics: Aggregated, anonymized telemetry to debug performance issues.
Your Rights (GDPR & DPDPA)
Whether you are an EU citizen protected by GDPR or an Indian citizen protected by DPDPA, you possess the Right to Forget (Erasure), Right to Rectify, and Right to Portability. You may export your entire account history via the dashboard or request full deletion by contacting our Data Protection Officer.
Terms and Conditions
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website.
Updates: If we decide to change our privacy policy, we will post those changes on this page.
Last Updated: November 2025 • Compliant with IT Act 2000 & GDPR