MiceStack ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard data when you use micestack.in and app.micestack.in (together, the "Platform").

1. Who we are

MiceStack is a SaaS platform for MICE (Meetings, Incentives, Conferences, Exhibitions) operators in India. Our registered address is India. For privacy-related enquiries, contact us at privacy@micestack.in.

2. What data we collect

Account data: Name, work email address, company name, and password (hashed) when you sign up.

Business data: Enquiries, quotations, client details, supplier information, invoices, and run sheets that you create within the Platform. This data belongs to you.

Usage data: Pages visited, features used, and session information collected automatically to improve the product.

Payment data: Billing is processed by Stripe. We do not store card numbers. We receive confirmation of payment and subscription status only.

Contact form data: Name, email, company, and message when you contact us via the website.

3. How we use your data

To provide and maintain the Platform
To send transactional emails (quotation shares, invoice notifications, account alerts)
To respond to your support and sales enquiries
To improve the Platform through anonymised usage analytics
To comply with applicable law and prevent fraud

We do not sell your data to third parties. We do not use your business data to train AI models without your explicit consent.

4. Legal basis for processing

We process your data on the basis of: (a) contractual necessity — to deliver the service you have subscribed to; (b) legitimate interest — to improve the Platform and prevent abuse; and (c) legal obligation — where required by applicable Indian law.

5. Data sharing

We share data only with trusted sub-processors required to operate the Platform:

Supabase — database and authentication hosting (EU/US)
Vercel — application hosting (US/EU edge)
Resend — transactional email delivery
Stripe — payment processing
OpenAI / Anthropic — AI features (your prompts are not used for model training)
Cloudflare — bot protection and CDN

All sub-processors are bound by data protection obligations consistent with this policy.

6. Data retention

We retain your account and business data for as long as your account is active and for 90 days after account closure, after which it is permanently deleted. You may request deletion at any time.

7. Your rights

You have the right to: access your data; correct inaccurate data; delete your account and data; export your data in a portable format; and withdraw consent where processing is based on consent. To exercise these rights, email privacy@micestack.in.

8. Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage, row-level security on all database tables, and regular security reviews. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Cookies

We use only essential cookies necessary to keep you logged in and maintain session state. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of the Platform after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or requests: privacy@micestack.in