# Privacy Policy
**OrderMonk — E-Commerce Management Platform**
*Effective Date: March 4, 2026*
*Last Updated: March 4, 2026*
---
## Introduction
FutureMarx Group Private Limited ("Company", "We", "Us", "Our"), operating the OrderMonk platform, is committed to protecting the privacy and security of Your personal information. This Privacy Policy ("Policy") describes how We collect, use, store, share, and protect the personal data of users ("You", "Your", "User", "Seller", "Merchant") of the OrderMonk platform, including the website at [https://ordermonk.com](https://ordermonk.com), the web application at [https://app.ordermonk.com](https://app.ordermonk.com), and any associated mobile applications (collectively, the "Platform"), as well as all products, services, features, and functionalities offered through the Platform (collectively, the "Services").
This Policy constitutes an integral part of Our [Terms and Conditions](https://ordermonk.com/terms-and-conditions). In case of any conflict between this Policy and the Terms and Conditions, the terms of this Policy shall prevail with respect to matters relating to personal data.
This Policy is published in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, as applicable.
**BY ACCESSING OR USING THE PLATFORM OR SERVICES, YOU CONSENT TO THE COLLECTION, USE, STORAGE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH THIS POLICY, PLEASE DO NOT ACCESS OR USE THE PLATFORM OR SERVICES.**
---
## 1. What Personal Data Do We Collect?
### 1.1 Information You Provide to Us
When You register for an account, use Our Services, or communicate with Us, You may provide the following categories of personal data:
- **(a) Account Information** — Name, business name, email address, phone number, username, password, billing address, and GST Identification Number (GSTIN).
- **(b) Business Information** — Business type, industry category, registered business address, company registration details, and other details relevant to Your e-commerce operations.
- **(c) Payment and Billing Information** — Credit or debit card details, bank account information, UPI IDs, billing name and address, subscription details, invoicing information, and payment transaction records.
- **(d) Customer Data** — Information about Your customers that You process through the Platform, including customer names, addresses, phone numbers, email addresses, order histories, product details, pricing information, returns, and complaints.
- **(e) Third-Party Account Credentials** — API keys, tokens, login credentials, and authentication details for third-party marketplaces (such as Amazon, Flipkart, Myntra), shipping carriers (such as Shiprocket, ClickPost, Delhivery), CMS platforms (such as Shopify, WooCommerce, Wix), and advertising platforms that You connect through the Platform.
- **(f) Communication Data** — Any information You provide when contacting Our support team via email, chat, phone, or other communication channels, including the content of messages, attachments, and call recordings (where consented to).
- **(g) Feedback and Survey Data** — Responses to surveys, reviews, testimonials, feature requests, and other feedback provided by You.
### 1.2 Information We Collect Automatically
When You access or use the Platform, We automatically collect the following data:
- **(a) Device Information** — Internet Protocol (IP) address, browser type and version, operating system, device type, device identifiers, screen resolution, language preferences, and plug-in details.
- **(b) Usage Information** — Pages viewed, features used, search queries, click patterns, session duration, date and time stamps, referring URLs, and interaction patterns with the Services.
- **(c) Log Data** — Server logs, access logs, error logs, API call logs, and system performance data.
- **(d) Cookies and Tracking Technologies** — Data collected through cookies, web beacons, pixels, local storage, and similar tracking technologies (see Section 5 below).
- **(e) Service Metrics** — Feature usage statistics, sync activity logs, integration performance data, error rates, and system response times.
### 1.3 Information from Third-Party Sources
We may receive information about You from the following third-party sources:
- **(a) Marketplace and CMS Platforms** — When You connect third-party platforms (such as Amazon, Flipkart, Shopify, or WooCommerce), We receive order data, product information, inventory data, and other operational data through their APIs.
- **(b) Shipping Carriers** — When You connect shipping carrier accounts (such as Shiprocket, ClickPost, Delhivery), We receive shipment tracking data, delivery status updates, and logistics information.
- **(c) Payment Processors** — Our payment processing partners may share transaction confirmation details, payment status, and fraud prevention data.
- **(d) Social Media and Public Sources** — If You interact with Us through social media, We may receive profile information consistent with Your privacy settings on those platforms.
- **(e) Authorized Representatives** — An authorized representative of Your organization may provide Your information to Us for account creation and access management purposes.
### 1.4 Sensitive Personal Data
We may collect sensitive personal data or information ("SPDI") as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including financial information such as bank account details, credit/debit card details, and payment instrument details. We collect SPDI only when necessary for the provision of Services and with Your explicit consent.
---
## 2. How Do We Use Your Personal Data?
We collect, process, and use Your personal data for the following purposes:
### 2.1 Service Delivery and Operations
- **(a)** Creating, maintaining, and managing Your account on the Platform.
- **(b)** Providing access to the Platform and delivering the Services, including order management, inventory synchronization, product listing management, shipping and logistics, analytics, and AI-powered tools.
- **(c)** Processing and managing Your subscriptions, billing, invoicing, and payments.
- **(d)** Integrating with third-party marketplaces, shipping carriers, CMS platforms, and other external services on Your behalf.
- **(e)** Providing customer support, responding to inquiries, and resolving technical issues.
### 2.2 Service Improvement and Development
- **(a)** Analyzing usage patterns to improve, optimize, and enhance the Platform and Services.
- **(b)** Developing new features, products, and services based on usage trends and user feedback.
- **(c)** Conducting internal reviews, research, and data analysis to improve service quality, content, and functionality.
- **(d)** Training and improving artificial intelligence and machine learning models used in Our Services (using aggregated and anonymized data).
- **(e)** Debugging, testing, and quality assurance activities.
### 2.3 Communication
- **(a)** Sending transactional communications related to Your account, orders, subscriptions, and service updates.
- **(b)** Sending promotional communications, newsletters, product announcements, feature updates, and marketing materials (subject to Your consent and preferences).
- **(c)** Conducting satisfaction surveys and collecting feedback.
- **(d)** Communicating via email, SMS, push notifications, in-app messages, or phone calls for the purposes specified in this Policy.
### 2.4 Security and Compliance
- **(a)** Detecting, preventing, and addressing fraud, security breaches, unauthorized access, and other harmful activities.
- **(b)** Monitoring and enforcing compliance with Our Terms and Conditions and acceptable use policies.
- **(c)** Complying with applicable legal obligations, regulatory requirements, court orders, and governmental requests.
- **(d)** Establishing, exercising, or defending legal claims.
### 2.5 Analytics and Personalization
- **(a)** Generating aggregated analytics, reports, and benchmarks.
- **(b)** Personalizing Your experience on the Platform based on Your preferences and usage history.
- **(c)** Measuring the effectiveness of Our marketing campaigns and communications.
---
## 3. Legal Basis for Processing
We process Your personal data on the following legal bases:
- **(a) Contractual Necessity** — Processing that is necessary for the performance of Our agreement with You or to take steps at Your request before entering into an agreement.
- **(b) Consent** — Processing based on Your explicit consent, which You may withdraw at any time.
- **(c) Legitimate Interests** — Processing that is necessary for Our legitimate interests, including improving Our Services, ensuring security, and marketing, provided that such interests are not overridden by Your data protection rights.
- **(d) Legal Obligations** — Processing that is necessary for compliance with applicable laws, regulations, and legal requirements.
---
## 4. Who Do We Share Your Personal Data With?
We share Your personal data only as described below and with parties who follow data protection practices consistent with or more protective than those described in this Policy:
### 4.1 Service Providers
We engage third-party service providers for the following purposes:
- Cloud hosting and infrastructure services
- Payment processing and billing
- Customer support tools
- Email and communication services
- Analytics and business intelligence
- Marketing and advertising platforms
- AI and machine learning service providers
- Security and fraud prevention services
These service providers are contractually bound to use Your data only for the purposes for which it was disclosed and to maintain appropriate security measures.
### 4.2 Third-Party Integrations
When You connect third-party platforms through the Services (such as Amazon, Flipkart, Shopify, Shiprocket, ClickPost, etc.), We share and receive data with these platforms as necessary to provide the integrated Services. Your use of Third-Party Services is subject to their respective privacy policies and terms.
### 4.3 Business Partners and Affiliates
We may share Your data with Our affiliates, subsidiaries, and business partners for the purposes described in this Policy, including service improvement, marketing, and analytics.
### 4.4 Legal and Regulatory Authorities
We may disclose Your personal data to regulatory authorities, law enforcement agencies, courts, or governmental bodies when:
- Required by applicable law, regulation, or legal process.
- Necessary to protect Our rights, property, or safety, or the rights of Our users or the public.
- Required in connection with the prevention, detection, or investigation of fraud, security breaches, or other potentially illegal activities.
### 4.5 Business Transfers
In the event of a merger, acquisition, reorganization, asset sale, or similar corporate transaction, Your personal data may be transferred to the acquiring entity, subject to the same privacy commitments described in this Policy.
### 4.6 Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified data that does not identify You individually with third parties for analytics, benchmarking, research, industry reports, and marketing purposes.
---
## 5. Cookies and Tracking Technologies
### 5.1 What Are Cookies?
Cookies are small text files stored on Your device when You visit a website. We use cookies and similar technologies (web beacons, pixels, local storage) to collect information about Your interactions with the Platform.
### 5.2 Types of Cookies We Use
| Cookie Type | Purpose | Required Consent? |
|-------------|---------|-------------------|
| **Essential Cookies** | Necessary for the Platform to function, including session management, authentication, and security. | No (strictly necessary) |
| **Functional Cookies** | Remember Your preferences (language, timezone, display settings) and provide enhanced features. | Yes |
| **Analytics Cookies** | Help Us understand how You use the Platform, which pages are most visited, and where errors occur. | Yes |
| **Marketing Cookies** | Used to deliver relevant advertisements and measure the effectiveness of marketing campaigns. | Yes |
### 5.3 Third-Party Cookies
We may use third-party analytics and marketing tools that place their own cookies on Your device, including:
- **Google Analytics** — For website traffic analysis and user behavior tracking.
- **Google Tag Manager** — For managing marketing and analytics tags.
- **Facebook/Meta Pixel** — For advertising measurement and audience targeting.
- **Other Analytics Tools** — As specified in Our cookie consent management tool.
### 5.4 Managing Cookies
You can manage Your cookie preferences through:
- **Cookie Consent Banner** — Displayed when You first visit the Platform, allowing You to accept or reject non-essential cookies.
- **Browser Settings** — You can configure Your browser to block or delete cookies. Instructions for popular browsers:
- [Google Chrome](https://support.google.com/chrome/answer/95647)
- [Mozilla Firefox](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop)
- [Apple Safari](https://support.apple.com/en-gb/guide/safari/sfri11471/mac)
- [Microsoft Edge](https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd)
Please note that blocking certain cookies may affect the functionality of the Platform.
---
## 6. Data Security
### 6.1 Security Measures
We implement and maintain reasonable administrative, technical, and physical safeguards to protect Your personal data from unauthorized access, use, alteration, disclosure, or destruction. Our security measures include:
- **(a)** Encryption of data in transit using industry-standard SSL/TLS protocols (HTTPS).
- **(b)** Encryption of sensitive data at rest, including API keys, tokens, and payment information.
- **(c)** Access controls and role-based authentication mechanisms.
- **(d)** Regular security assessments and vulnerability testing.
- **(e)** Secure server infrastructure with firewall protection and intrusion detection.
- **(f)** Employee access restrictions on a need-to-know basis.
- **(g)** Regular data backup and disaster recovery procedures.
### 6.2 Your Security Responsibilities
You are responsible for:
- Maintaining the confidentiality of Your login credentials and API keys.
- Restricting access to Your account to authorized persons only.
- Promptly notifying Us at [[email protected]](mailto:[email protected]) of any unauthorized access, security breach, or suspicious activity involving Your account.
- Ensuring that devices used to access the Platform are adequately secured.
### 6.3 No Absolute Guarantee
While We take reasonable measures to protect Your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of Your personal data and shall not be liable for any unauthorized access or breach that occurs despite Our reasonable security efforts.
---
## 7. Data Retention
### 7.1 Retention Period
We retain Your personal data for as long as it is necessary to:
- **(a)** Provide the Services and maintain Your account.
- **(b)** Fulfil the purposes described in this Policy.
- **(c)** Comply with applicable legal, regulatory, tax, and accounting obligations.
- **(d)** Resolve disputes and enforce Our agreements.
### 7.2 Post-Termination Retention
Upon termination or deletion of Your account:
- Your Customer Data will be retained for thirty (30) days, during which You may request export of Your data.
- After the 30-day period, Your Customer Data will be deleted or anonymized, except as required by law.
- Certain data may be retained in anonymized or aggregated form for analytics, research, and service improvement purposes.
### 7.3 Deletion Requests
You may request deletion of Your personal data at any time by contacting Us at [[email protected]](mailto:[email protected]). We will process Your request in accordance with applicable law, subject to any legal obligations requiring Us to retain certain data.
---
## 8. Cross-Border Data Transfers
### 8.1 Transfer of Data
Your personal data may be transferred to, stored in, and processed in locations outside of India where Our service providers, cloud infrastructure, or integrated third-party services operate.
### 8.2 Safeguards
When We transfer Your personal data outside of India:
- **(a)** We comply with applicable data transfer laws and guidelines issued by the Central Government of India.
- **(b)** We ensure that the receiving party maintains appropriate safeguards and data protection standards comparable to those required under applicable Indian laws.
- **(c)** We implement contractual protections with Our service providers requiring them to protect Your data in accordance with this Policy.
### 8.3 EU/UK Data Subjects
If You are located in the European Economic Area (EEA) or the United Kingdom, and Your personal data is transferred outside these regions, We ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), by relying on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.
---
## 9. Your Rights
### 9.1 Rights You May Exercise
Subject to applicable law, You have the following rights regarding Your personal data:
- **(a) Right to Access** — You have the right to request access to the personal data We hold about You and to obtain a copy of such data.
- **(b) Right to Rectification** — You have the right to request correction or update of any inaccurate or incomplete personal data.
- **(c) Right to Erasure** — You have the right to request deletion of Your personal data, subject to applicable legal retention requirements.
- **(d) Right to Restrict Processing** — You have the right to request that We restrict the processing of Your personal data in certain circumstances.
- **(e) Right to Data Portability** — You have the right to request that Your personal data be provided in a structured, commonly used, and machine-readable format, and to transfer such data to another controller, where technically feasible.
- **(f) Right to Withdraw Consent** — Where processing is based on Your consent, You have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- **(g) Right to Object** — You have the right to object to the processing of Your personal data for direct marketing purposes.
- **(h) Right to Nominate** — Under the Digital Personal Data Protection Act, 2023, You have the right to nominate another individual who may exercise Your rights in the event of Your death or incapacity.
### 9.2 Your Duties
In accordance with applicable data protection laws, You have the duty to:
- **(a)** Comply with the provisions of applicable laws when exercising Your rights.
- **(b)** Not impersonate another person or suppress any material information.
- **(c)** Not register false or frivolous grievances.
- **(d)** Furnish only verifiably authentic information.
### 9.3 How to Exercise Your Rights
You may exercise Your rights by:
- Contacting Us at [[email protected]](mailto:[email protected]).
- Using the account settings within the Platform to update or manage Your information.
- Contacting Our Grievance Officer (see Section 13).
We will respond to Your request within thirty (30) days of receiving it, or within the time period required by applicable law.
### 9.4 Marketing Preferences
You may opt out of receiving promotional communications by:
- Clicking the "Unsubscribe" link at the bottom of Our marketing emails.
- Updating Your notification preferences in the Platform settings.
- Contacting Us at [[email protected]](mailto:[email protected]).
Please note that even after opting out of marketing communications, You will continue to receive transactional notifications related to Your account and the Services.
---
## 10. Children's Privacy
The Platform and Services are intended for use by individuals who are at least 18 years of age and are designed for business purposes. We do not knowingly collect personal data from children under the age of 18. If You believe that We have inadvertently collected personal data from a child, please contact Us immediately at [[email protected]](mailto:[email protected]), and We will take steps to delete such data promptly.
---
## 11. Third-Party Links and Services
The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Us. This Privacy Policy does not apply to such third-party services. We encourage You to review the privacy policies of any third-party services You access through the Platform. We are not responsible for the privacy practices, content, or security of any third-party services.
---
## 12. Changes to This Privacy Policy
### 12.1 Updates
We may update this Privacy Policy from time to time to reflect changes in Our practices, technologies, legal requirements, or other factors. When We make material changes, We will:
- **(a)** Update the "Last Updated" date at the top of this Policy.
- **(b)** Notify You via email or through a prominent notice on the Platform at least thirty (30) days before the changes take effect.
### 12.2 Continued Use
Your continued use of the Platform after the effective date of any changes to this Policy constitutes Your acceptance of the updated Policy. If You do not agree to the revised Policy, You should discontinue use of the Platform.
---
## 13. Grievance Officer
In accordance with the Information Technology Act, 2000 and the rules made thereunder, including the Digital Personal Data Protection Act, 2023, the details of the Grievance Officer are as follows:
**Grievance Officer**
FutureMarx Group Private Limited
- **Email:** [[email protected]](mailto:[email protected])
The Grievance Officer shall address and resolve any complaints or grievances regarding the processing of personal data in a timely manner, and in any event within thirty (30) days of receipt of such complaint.
If You have any discrepancies or grievances related to the collection, processing, storage, use, disclosure, or transfer of Your personal data under this Policy, please contact the Grievance Officer at the email address provided above. You are encouraged to exhaust the opportunity of redressing Your grievance through Us before pursuing any other course of action.
---
## 14. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or Our data practices, please contact Us:
**FutureMarx Group Private Limited**
Operating as **OrderMonk**
- **Email:** [[email protected]](mailto:[email protected])
- **Website:** [https://ordermonk.com](https://ordermonk.com)
- **Platform:** [https://app.ordermonk.com](https://app.ordermonk.com)
Skip to content