Privacy Policy

1. Introduction

Welcome to Melonkode's Privacy Policy. Melonkode ("we", "us", "our") is committed to protecting the privacy and security of personal information provided by participants in our Startup Co-Building Partnership Program ("Program", "Challenge").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

• Apply to participate in our Startup Collaboration Challenge 2025
• Enter into a Memorandum of Understanding (MoU) with Melonkode
• Engage with us throughout the co-building partnership
• Use our websites, applications, and services

2. Information We Collect

2.1 Personal Information During Application

When you apply to the Startup Collaboration Challenge, we collect:

Category	Information Collected
Identity	Full name, date of birth, photographs, government-issued ID details (PAN, Aadhaar)
Contact	Email address, phone number, postal address, city, state, country
Professional	Educational background, work experience, startup experience, domain expertise, current employment status
Business Idea	Project details, problem statement, proposed solution, target market, business model, competitive analysis
Team	Co-founder information, team composition, roles and responsibilities, equity distribution

2.2 Information During Partnership

Throughout the 5-year co-building partnership, we collect:

• Business Information: Financial statements, revenue data, user metrics, business plans, strategic documents
• Intellectual Property: Source code, designs, technical documentation, trade secrets, proprietary methodologies
• Communication Data: Emails, meeting notes, chat messages, video recordings, feedback submissions
• Performance Data: Milestone achievements, KPIs, progress reports, work hours logged
• Compliance Data: Legal documents, contracts, regulatory filings, licenses, certifications
• Customer/User Data: Data collected by your startup that we may access for development purposes

2.3 Automatically Collected Information

When you use our digital platforms, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, feature usage
• Technical Data: Cookies, log files, server logs, error reports
• Location Data: General location based on IP address

2.4 Information from Third Parties

We may receive information about you from:

• Public databases and records
• Social media platforms (LinkedIn, Twitter)
• Credit bureaus and financial institutions
• Background verification services
• References provided by you
• Co-founders and team members

3. How We Use Your Information

3.1 Program Administration

• Evaluating Challenge applications and selecting winners
• Conducting due diligence and background verification
• Executing and managing the MoU partnership
• Processing commitment fee payments and refunds
• Tracking milestones and deliverables
• Conducting quarterly reviews and assessments

3.2 Service Delivery

• Developing MVP and technical solutions
• Providing design, branding, and UI/UX services
• Offering mentorship and strategic guidance
• Facilitating network access and investor introductions
• Supporting launch and marketing activities
• Providing ongoing technical support and updates

3.3 Legal and Compliance

• Complying with statutory obligations (tax, company law, etc.)
• Maintaining accurate records as per Companies Act, 2013
• Protecting intellectual property rights
• Enforcing terms of the MoU and related agreements
• Resolving disputes and conducting arbitration
• Responding to legal process and government requests

3.4 Business Operations

• Managing equity allocation and vesting schedules
• Conducting board meetings and governance activities
• Coordinating with investors, partners, and stakeholders
• Preparing financial reports and valuations

3.5 Marketing and Promotion

• Showcasing your startup in our portfolio
• Creating case studies and success stories
• Publishing testimonials and reviews (with consent)
• Promoting the Challenge program to future applicants
• Using your name and project details in marketing materials

3.6 Analytics and Improvement

• Analyzing program performance and success rates
• Improving our services and methodologies
• Conducting research and developing new offerings
• Understanding user behavior and preferences

4. Information Sharing and Disclosure

4.1 When We Share Information

A. With Service Providers

We may share your information with trusted third-party service providers who assist us in:

• Cloud hosting and infrastructure (AWS, GCP, Azure)
• Payment processing (Razorpay, Stripe, PayU)
• Communication tools (email, SMS, video conferencing)
• Analytics and monitoring tools
• Legal, accounting, and consulting services
• Background verification agencies

Safeguard: All service providers are bound by confidentiality agreements and data protection obligations.

B. With Investors and Partners

We may disclose your information to:

• Strategic partners for business collaborations
• Accelerators and incubators for program admissions
• Industry mentors and advisors

Safeguard: Disclosure requires your prior consent and recipients must sign NDAs.

C. For Legal Compliance

We may disclose information when legally required or necessary to:

• Comply with court orders, subpoenas, or legal processes
• Respond to government or regulatory requests
• Enforce our rights under the MoU
• Protect against fraud, security threats, or illegal activities
• Defend against legal claims

D. Business Transfers

If Melonkode undergoes a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before any transfer.

E. With Your Consent

We may share your information for any other purpose with your explicit consent.

4.2 What We Do NOT Share

5. Data Security

We implement robust security measures to protect your information:

5.1 Technical Measures

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication (MFA)
• Secure Infrastructure: Enterprise-grade cloud hosting with regular security audits
• Firewalls: Network-level and application-level firewalls
• Intrusion Detection: Real-time monitoring and threat detection
• Regular Backups: Automated daily backups with disaster recovery plans

5.2 Organizational Measures

• Employee Training: Regular security awareness and confidentiality training
• NDAs: All employees and contractors sign confidentiality agreements
• Limited Access: Information accessible only on need-to-know basis
• Incident Response: Documented procedures for security breach management
• Vendor Management: Due diligence and security audits of third-party providers

5.3 Your Responsibilities

6. Data Retention

6.1 Retention Periods

Data Category	Retention Period	Reason
Application Data (Unsuccessful)	2 years	Future opportunities, analytics
Application Data (Successful)	Duration of partnership + 7 years	Legal compliance, tax records
Financial Records	7 years after contract end	Tax and audit requirements
Intellectual Property	As per equity ownership	IP rights protection
Communication Logs	Duration of partnership + 5 years	Dispute resolution
Confidential Information	Duration of partnership + 5 years	Confidentiality obligations
Marketing Materials	Until consent withdrawal	Promotional purposes

6.2 Data Deletion

After retention periods expire, we will:

• Securely delete or anonymize personal information
• Maintain only aggregated, non-identifiable data for analytics
• Retain only what's required by law or legitimate business interests

Early Deletion Request: You may request deletion of your data before the retention period expires, subject to our legal and contractual obligations. Contact us at legal@melonkode.in.

7. Your Rights Under DPDP Act 2023

As a data principal under India's Digital Personal Data Protection Act, 2023, you have the following rights:

7.1 Right to Access

• Request confirmation of whether we process your personal data
• Obtain a copy of your personal data in a structured, commonly used format
• Receive details about how your data is being used

7.2 Right to Correction

• Request correction of inaccurate or incomplete personal data
• Update your contact information, professional details, etc.

7.3 Right to Erasure

• Request deletion of personal data after contract termination
• Request removal from marketing communications

Limitations: We may retain data required for legal compliance, contract enforcement, or legitimate business interests.

7.4 Right to Grievance Redressal

• Lodge complaints regarding data processing
• Contact our Data Protection Officer (DPO)
• Escalate to the Data Protection Board of India

7.5 Right to Nominate

• Nominate another individual to exercise your rights in case of death or incapacity

7.6 How to Exercise Your Rights

8. Confidentiality Obligations

As outlined in the MoU (Clause 8), both parties have mutual confidentiality obligations:

8.1 What is Confidential

The following information is considered confidential:

• Business plans, strategies, and financial projections
• Technical architecture, source code, and algorithms
• Customer data, user information, and business metrics
• Trade secrets and proprietary methodologies
• Terms of the MoU (unless disclosure required by law)
• Internal communications and strategic discussions

8.2 Permitted Disclosures

Confidential information may be disclosed to:

• Employees and contractors under NDA
• Legal and financial advisors under professional confidentiality
• Investors and partners with prior consent and under NDA
• Government authorities if legally mandated

8.3 Duration

Confidentiality obligations survive termination of the MoU and continue for 5 years thereafter.

9. Intellectual Property Data

9.1 Ownership of Data

As per the MoU (Clause 5):

• Jointly Developed IP: Owned by the Startup entity in proportion to equity stakes
• Pre-Existing IP: Remains with the original owner (Founder or Melonkode)
• User/Customer Data: Owned by the Startup entity

9.2 License Grants

• To Startup: Perpetual, royalty-free license to use Melonkode's proprietary frameworks
• To Melonkode: Non-exclusive license to use Founder's Pre-Existing IP for building the Startup
• Portfolio Rights: Right to showcase Startup in portfolio, case studies, and marketing materials

9.3 Data Processing for Development

During the co-building process, Melonkode may process:

• User data collected by your startup for development and testing purposes
• Analytics data to improve product performance
• Anonymized/aggregated data for research and benchmarking

Safeguard: All processing is done in accordance with applicable data protection laws and industry best practices.

10. Third-Party Services

10.1 Third-Party Integrations

During the development and operation of your startup, we may integrate with third-party services including:

Service Type	Examples	Data Shared
Payment Gateways	Razorpay, Stripe, PayU	Transaction data, bank details
Cloud Hosting	AWS, GCP, Azure	Application data, user data, technical logs
Communication	SendGrid, Twilio, Zoom	Email addresses, phone numbers, meeting data
Analytics	Google Analytics, Mixpanel	Usage data, device information, behavior patterns
Social Media	LinkedIn, Facebook, Twitter	Profile information, authentication tokens
CRM	Salesforce, HubSpot, Zoho	Customer contact info, interaction history

10.2 Third-Party Responsibilities

Each third-party service provider:

• Has its own privacy policy governing data processing
• Is responsible for its own security measures and compliance
• May collect and use data according to their own terms

10.3 Links to External Websites

Our communications and platforms may contain links to external websites. We are not responsible for the content or privacy practices of these sites.

11. Cookies and Tracking Technologies

11.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our services.

11.2 Types of Cookies We Use

A. Essential Cookies

• Purpose: Enable core functionality (login, session management)
• Duration: Session or persistent
• Can be disabled: No (required for service operation)

B. Performance Cookies

• Purpose: Collect analytics data on site usage
• Duration: Persistent (up to 2 years)
• Can be disabled: Yes

C. Functional Cookies

• Purpose: Remember preferences and settings
• Duration: Persistent (up to 1 year)
• Can be disabled: Yes

D. Marketing Cookies

• Purpose: Track effectiveness of marketing campaigns
• Duration: Persistent (up to 90 days)
• Can be disabled: Yes

11.3 Managing Cookies

You can control cookies through:

• Browser settings (Chrome, Firefox, Safari, etc.)
• Our cookie consent banner (when available)
• Browser extensions for cookie management

11.4 Other Tracking Technologies

• Web Beacons/Pixels: Track email opens and page visits
• Local Storage: Store data locally on your browser
• Session Storage: Temporary storage during your session
• Device Fingerprinting: Identify devices for security purposes

12. International Data Transfers

12.1 Data Location

Your data is primarily stored and processed in India. However, some data may be transferred to and stored in other countries where:

• Our cloud service providers have data centers
• Third-party tools and services are hosted
• Business partners or investors are located

12.2 Cross-Border Transfer Safeguards

When transferring data internationally, we ensure:

• Adequate Protection: Countries with adequate data protection laws
• Standard Contractual Clauses: EU-approved contracts for data protection
• Service Provider Agreements: Binding data protection obligations
• Compliance: GDPR, DPDP Act, and other applicable regulations

12.3 International Startup Operations

If your startup plans international operations:

• Additional compliance requirements may apply (GDPR, CCPA, etc.)
• Data localization requirements must be assessed
• Consent for international transfers may be required

13. Children's Privacy

If you are under 18:

• You are not eligible to participate in the Challenge
• You should not submit any personal information to us
• Parental/guardian consent does not override this restriction

If we discover: If we learn that we have collected information from someone under 18, we will delete it immediately. Contact us at legal@melonkode.in if you believe we have inadvertently collected such information.

14. Changes to Privacy Policy

14.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

• Changes in applicable laws and regulations
• New features, services, or business practices
• Improvements in data protection measures
• Feedback from users and stakeholders

14.2 Notification of Changes

When we make material changes to this Privacy Policy:

• We will update the "Last Updated" date at the top
• We will send email notification to all active partners
• We will post a prominent notice on our website
• For significant changes, we may require renewed consent

14.3 Effect on Existing Partnerships

14.4 Your Options

If you do not agree with material changes:

• You may terminate the partnership as per MoU terms (Clause 11)
• You may request data deletion (subject to retention requirements)
• You may withdraw consent for specific processing activities

15. Contact Us

15.1 What to Include in Your Request

When contacting us about privacy matters, please include:

• Your full name and contact details
• MoU reference number (if applicable)
• Specific nature of your request or complaint
• Any relevant documentation
• Preferred method of response

15.2 Escalation to Data Protection Board

If you are not satisfied with our response, you have the right to lodge a complaint with:

16. Additional Information

16.1 Language

This Privacy Policy is executed in English. In case of any translation, the English version prevails.

16.2 Severability

If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

16.3 Governing Law

This Privacy Policy is governed by the laws of India and subject to the exclusive jurisdiction of courts in Patna, Bihar.

16.4 Relationship to MoU

This Privacy Policy is incorporated by reference into the Memorandum of Understanding (Clause 14.1). In case of conflict between this Privacy Policy and the MoU, the MoU provisions shall prevail.

16.5 Survival

Confidentiality, data retention, and security obligations survive the termination of the partnership as specified in respective sections.

17. Acknowledgment and Consent

18. Glossary

Term	Definition
Personal Data	Any information relating to an identified or identifiable individual
Processing	Any operation performed on personal data (collection, storage, use, disclosure, deletion)
Data Principal	The individual to whom the personal data relates (You)
Data Fiduciary	Entity that determines the purpose and means of processing personal data (Melonkode)
Consent	Freely given, specific, informed, and unambiguous agreement to data processing
Sensitive Personal Data	Financial information, biometric data, health records, sexual orientation, etc.
Anonymization	Process of removing identifying information to prevent re-identification
Data Breach	Unauthorized access, disclosure, alteration, or destruction of personal data