Legal

Privacy Policy

Effective date: 25 May 2026 · Last updated: 25 May 2026

MaxFate Private Limited (“MaxFate,” “we,” “our” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard information that we obtain through our website maxfate.com, our product Drishti (accessible at drishti.maxfate.com), and any related services (collectively, the “Services”).

This Policy is published in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”) of India, and other applicable laws.

1. Who we are

MaxFate Private Limited is a company incorporated under the Companies Act, 2013, having its registered office at Radha Valley, Mathura, Uttar Pradesh — 281004, India (CIN: U93090UP2019PTC122185). For the purposes of the DPDP Act, MaxFate is the Data Fiduciary in respect of personal data processed via the Services.

2. Personal data we collect

We collect personal data that you provide to us directly, that is generated automatically when you use the Services, and that we receive from third parties.

2.1 Data you provide

  • Identification data: name, date of birth, time of birth, place of birth, gender (where relevant to a Drishti consultation or report).
  • Contact data: email address, postal address, telephone number.
  • Account data: login credentials, profile preferences and settings.
  • Transaction data: billing details, payment instrument metadata (we do not store full card numbers), order history.
  • Communications: messages, queries, feedback, support tickets and survey responses.

2.2 Data collected automatically

  • Device and technical data: IP address, browser type, operating system, device identifiers.
  • Usage data: pages viewed, time spent, clicks, referring URLs, session timestamps.
  • Cookies and similar technologies: see Section 7 below.

2.3 Data from third parties

We may receive limited data from analytics providers, payment processors, login providers (where you sign in with a third-party account) and publicly available sources.

3. Purposes of processing

We process personal data for the following purposes:

  • To provide, operate, maintain and improve the Services, including generating Drishti reports and consultations.
  • To create and manage user accounts, authenticate users and prevent unauthorised access.
  • To process payments and issue invoices and tax documents.
  • To respond to your enquiries, provide customer support and process grievances.
  • To send service communications, security alerts and transactional emails.
  • To send marketing communications, where we have your consent (you may withdraw consent at any time).
  • To conduct research, analytics and product development in aggregated or de-identified form.
  • To comply with applicable laws, respond to lawful requests and enforce our Terms of Use.

4. Legal basis for processing

We process personal data on one or more of the following legal bases under the DPDP Act and other applicable laws:

  • Consent: where you have given clear, specific, informed and unambiguous consent.
  • Performance of a contract: where processing is necessary to deliver the Services you have requested.
  • Legitimate uses: as specified under Section 7 of the DPDP Act.
  • Legal obligation: where required by applicable law, regulation or court order.

5. Sharing and disclosure

We do not sell personal data. We share personal data only as follows:

  • Service providers (Data Processors): hosting providers, payment gateways, communication platforms, analytics providers and customer support tools that process data on our behalf under written agreements.
  • Professional advisers: auditors, lawyers, bankers and insurers, where reasonably required.
  • Government and law enforcement: where disclosure is required by law, lawful court order or to protect our legal rights.
  • Business transfers: in the event of a merger, acquisition, restructuring or sale of assets, subject to confidentiality protections.

6. International transfers

Some of our service providers may process data outside India. Where this occurs, we ensure that transfers are made only to jurisdictions permitted under applicable law and that appropriate contractual safeguards are in place.

7. Cookies and similar technologies

We and our service providers use cookies, web beacons, local storage and similar technologies to operate the Services, remember preferences, measure performance and (with consent, where required) deliver relevant marketing. You can control cookies through your browser settings. Disabling certain cookies may impair functionality.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations (including tax, accounting and audit), to resolve disputes and to enforce our agreements. When data is no longer required, we securely delete or anonymise it.

9. Security

We implement reasonable security practices and procedures consistent with Rule 8 of the IT (Reasonable Security Practices) Rules, 2011, and as required under the DPDP Act. These include access controls, encryption in transit, secure development practices and periodic reviews. No method of transmission or storage is, however, completely secure, and we cannot guarantee absolute security.

10. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction or completion of inaccurate or incomplete data.
  • Request erasure of personal data, subject to our legal retention obligations.
  • Withdraw consent at any time, where processing is based on consent.
  • Nominate another individual to exercise your rights in the event of your death or incapacity, as permitted under the DPDP Act.
  • Lodge a grievance with our Grievance Officer (see Section 13) or, if unresolved, with the Data Protection Board of India.

Requests may be made to cmo@maxfate.com. We will respond within the timelines required by applicable law.

11. Children's data

The Services are not directed at children below the age of 18. We do not knowingly collect personal data from children without the verifiable consent of a parent or lawful guardian. If you believe a child has provided us personal data, please contact us and we will take appropriate action.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be notified through the Services or by email where appropriate. Your continued use of the Services after such changes constitutes acceptance of the revised Policy.

13. Grievance Officer

In compliance with the IT Rules, 2021, the DPDP Act and other applicable laws, the Grievance Officer for MaxFate Private Limited is:

Manvendra Chaudhary
Grievance Officer · MaxFate Private Limited
Email: cmo@maxfate.com
Address: Radha Valley, Mathura, Uttar Pradesh — 281004, India

We will acknowledge grievances within 48 hours and endeavour to resolve them within 15 (fifteen) days of receipt.

14. Contact

For any other queries regarding this Policy, please write to us at contact@maxfate.com.