Privacy Policy

Last updated: 13/March/2026

  1. Who we are
    This Privacy Policy explains how MR‑NOVELS DIGITAL MEDIA (“MR‑NOVELS”, “we”, “us”, or “our”) collects, uses, shares and protects your information when you use our website https://mr-novels.com and related services (together, the “Services”).
    We are established and operate in India, with our principal place of business in Tamil Nadu:
    MR‑NOVELS DIGITAL MEDIA
    Registered address: 59/15C, T.S.No. 7, G.T.N.Salai, Thirunagar, Dindigul, Tamil Nadu, India – 624005
    Email: privacy@mr-novels.com
    For the purposes of:
    • India’s Digital Personal Data Protection Act, 2023 (“DPDPA”), we act as a Data Fiduciary when we decide how and why your personal data is processed.
    • The EU/UK General Data Protection Regulation (“GDPR” / “UK GDPR”), we act as a Data Controller for users in the EEA, UK and Switzerland.
    • The California Consumer Privacy Act (“CCPA/CPRA”), we act as a Business for eligible California residents, if and when the CCPA/CPRA applies to us.
    Our Services are available worldwide. By using them, you acknowledge your information may be processed in India and other countries (see Section 5).
  2. What information we collect
    We collect information you provide directly, information collected automatically, and information from third parties.
    2.1 Information you provide to us
    When you create an account, purchase a membership, use our features or contact us, we collect:
    • Account and profile data
    • Name
    • Email address
    • Username / display name
    • Password (stored in hashed form)
    • Optional profile details you choose to provide (e.g. avatar, bio).
    • Membership and transaction data
    • Billing name
    • Billing address (if collected by Razorpay or SureCart)
    • Payment method type (e.g. card, UPI, wallet; masked card details where visible to us)
    • Transaction amount, date/time, currency, status, order ID and payment gateway IDs
    • Plan type, renewal dates, coupons and benefits.
    • We do not store full card numbers, CVV, UPI PIN or similar sensitive payment data on our own servers; those are processed by third‑party payment providers such as Razorpay and the processors integrated via SureCart.
    • Content and community data
    • Reading lists, bookmarks, likes, ratings, comments, reviews and feedback you submit
    • Messages and support requests you send us.
    • Marketing and communication data
    • Newsletter subscriptions and email preferences
    • Tags and segments in Kit (ConvertKit) and SureMail, such as interests or onboarding status.
    2.2 Information collected automatically
    When you access or use the Services, we automatically collect certain information.
    • Usage and log information
    • Pages viewed, time spent, navigation paths, clicks and other interactions
    • Reading progress, scroll depth, reading‑time estimates and completion status
    • Referral URLs, campaign parameters and internal search queries.
    • Device and technical information
    • IP address and approximate location (e.g. city/country) derived from IP
    • Browser type and version, device type, operating system, language, screen resolution
    • Unique identifiers associated with cookies or similar technologies.
    • Cookies and similar technologies
We use cookies, local storage and similar technologies to:
    • Keep you signed in and remember your preferences (including dark mode)
    • Enable core site features and security
    • Measure site performance and traffic (e.g. Google Analytics, Flying Analytics, Google Tag Manager, Flying Pages, Flying Scripts, LiteSpeed Cache, QUIC.cloud)
    • Support marketing and email attribution (e.g. Kit (ConvertKit), SureMail).
    Where required by law (for example, for users in the EEA/UK), we use a consent tool such as CookieYes to obtain and manage cookie consent. You can adjust your preferences via the banner or your browser settings, though some features may not work correctly if certain cookies are disabled.
    2.3 Information from third parties
    We receive limited information about you from:
    • Payment processors (e.g. Razorpay and SureCart’s processors): confirmation of payments, masked card details, payment method type, fraud indicators and status.
    • Email and marketing tools (Kit (ConvertKit), SureMail): subscription status, email opens, link clicks and similar engagement metrics.
    • Analytics and SEO tools (Google Analytics, Google Search Console, Google Tag Manager, Rank Math SEO): aggregated data on traffic, search queries, and how you arrived at our site.
    • Security and hosting providers (Hostinger, QUIC.cloud, Solid Security Basic, WPvivid): security logs, IP addresses, user agent details and event metadata used to detect abuse and maintain availability.
  3. Why we process your information (purposes and legal bases)
    We only process personal data where we have a lawful basis under DPDPA, GDPR/UK GDPR and any other applicable laws.
    3.1 To provide and operate our Services
    We use your information to:
    • Create and manage your MR‑NOVELS account and profile
    • Provide free and paid content, including membership access and reading features
    • Track your reading progress, bookmarks and preferences
    • Process payments, renewals, refunds and invoices
    • Provide features such as reviews, ratings, comments, reading‑time and progress bars
    • Perform backups and recovery.
    Legal bases:
    • DPDPA: performance of our contract with you and our legitimate purposes consistent with your expectations, subject to your consent where needed.
    • GDPR/UK GDPR: performance of a contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)) in providing a stable service.
    3.2 Personalisation and user experience
    We process data to:
    • Recommend content based on your reading history and interests
    • Display reading progress and statistics
    • Remember your display preferences including WP Dark Mode settings and layout choices.
    Legal bases:
    • DPDPA: consent where required and legitimate uses consistent with your relationship with us.
    • GDPR/UK GDPR: legitimate interests to improve and personalise the experience, and consent for certain cookies or profiling activities.
    3.3 Communication and support
    We use your information to:
    • Send important service messages such as account activation, password resets, payment confirmations and updates to our terms or policies
    • Respond to your questions, bug reports and support requests
    • Notify you of changes to Services that could affect your account or content.
    Legal bases:
    • Contract performance (GDPR/UK GDPR) and legitimate interests (keeping you informed)
    • DPDPA: necessary to perform our services and respond to your requests.
    3.4 Marketing and newsletters
    With your consent where required, we may:
    • Send emails about new features, offers, recommendations and promotions
    • Run campaigns and special events
    • Measure the performance of our campaigns (for example, opens and clicks).
    You can opt out of marketing emails at any time by clicking “unsubscribe” in any email or updating your preferences. We will still send essential transactional or service emails.
    Legal bases:
    • DPDPA: consent for marketing communications and certain tracking.
    • GDPR/UK GDPR: consent and, for some existing customers, legitimate interests as allowed by local law.
    • CCPA/CPRA: right to opt out of certain marketing and data uses if the law applies to us.
    3.5 Analytics and service improvement
    We analyse usage data to:
    • Understand how our Services are used across different countries
    • Monitor and improve performance and stability (e.g. with LiteSpeed Cache, QUIC.cloud, Flying Pages, Flying Scripts, Flying Images)
    • Develop new features, content categories and layouts
    • Maintain aggregated statistics and internal reports.
    Legal bases:
    • Legitimate interests (continuous improvement of our Services)
    • Consent where local laws require it for analytics cookies.
    3.6 Security, fraud prevention and legal compliance
    We process certain data in order to:
    • Detect and prevent fraud, abuse, spam, and unauthorised access
    • Protect the integrity and availability of our systems and content
    • Comply with legal obligations, taxation and accounting rules applicable in India or other relevant jurisdictions
    • Respond to lawful requests from authorities, pursuant to applicable laws.
    Legal bases:
    • DPDPA: legal obligations and legitimate uses for security.
    • GDPR/UK GDPR: legal obligations and legitimate interests in ensuring security.
    • CCPA/CPRA: maintain reasonable security procedures and respond to verifiable consumer requests if the law applies.
  4. How we share your information
    We do not trade or sell your personal information. We share it only in the ways described below.
    4.1 Service providers
    We work with trusted third‑party service providers who process data on our behalf:
    • Hosting, infrastructure and CDN: Hostinger, QUIC.cloud, LiteSpeed Cache
    • Security and backups: Solid Security Basic, Hostinger security tools, WPvivid Backup Plugin
    • Payments and commerce: Razorpay, SureCart, SureMembers, SureDash, SureMail
    • Analytics and SEO: Google Analytics, Google Tag Manager, Google Search Console, Rank Math, Flying Analytics
    • UX and site functionality: WordPress, Astra Pro theme, Kadence Blocks, CookieYes, Site Reviews, Visual Portfolio, WP Dark Mode, Read Meter, WPCode Lite, Hostinger Tools.
    These providers are bound by contracts and process your data only to provide their services to us, following our instructions and appropriate safeguards.
    4.2 Legal and enforcement
    We may share information where we believe it is reasonably necessary to:
    • Comply with applicable laws, regulations or legal processes in India or other jurisdictions
    • Respond to lawful requests from public or government authorities
    • Protect our rights, property or safety, or that of our users or the public.
    4.3 Business transfers
    If we are involved in a merger, acquisition, reorganisation, sale of assets or similar transaction, your information may be transferred to the relevant third party, subject to this Policy and applicable law.
    4.4 Public content
    Content you choose to make public—such as reviews, ratings, comments, usernames and certain profile details—may be visible to other users and visitors worldwide. Please avoid sharing sensitive information in public areas.
  5. International data transfers
    We operate from India, but we may store and process your data using infrastructure and service providers located in India and in other countries (for example, data centres used by Hostinger, QUIC.cloud, Google, ConvertKit).
    If you are in the EEA/UK or another region with data‑transfer restrictions:
    • We rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses or equivalent arrangements offered by our providers, where required.
    • By using our Services, you understand that your data may be processed in these countries, subject to such safeguards and this Policy.
  6. Data retention
    We keep your personal data only as long as needed for the purposes described here or as required by law.
    In general:
    • Account and profile kept while your account is active and for a reasonable period after closure (for example, up to 24 months) to allow reactivation, resolve disputes, and maintain records, unless a longer period is required.
    • Transaction and payment records: retained for the period required by Indian tax and accounting law and other applicable rules (often several years).
    • Security logs and backups: kept for limited periods necessary for security, continuity and legal obligations, after which they are deleted or anonymised.
    • Marketing kept while you remain subscribed and for a period (for example, 12–24 months) after your last interaction or until you withdraw consent, whichever is earlier, or as permitted by law.
    We may retain anonymised or aggregated data that no longer identifies you for research or statistical purposes.
  7. Your rights
    Your rights depend on where you live, but we aim to address reasonable privacy requests from all users, regardless of location, in line with applicable law.
    7.1 Rights for users in India (DPDPA)
    As an Indian user, you may have the right to:
    • Access your personal data we hold about you
    • Request correction of inaccurate or incomplete data
    • Withdraw consent for processing where consent is the basis
    • Nominate another person to exercise your rights in case of death or incapacity, as allowed by law
    • Seek grievance redressal via our Grievance Officer and, if unresolved, escalate to the appropriate Data Protection Board or authority.
    7.2 Rights for users in the EEA/UK
    If you are in the EEA/UK, you may have the following rights under GDPR/UK GDPR:
    • Access to your personal data and a copy of it
    • Rectification of inaccurate or incomplete data
    • Erasure of your data in certain circumstances (“right to be forgotten”)
    • Restriction of processing in specific cases
    • Data portability for data you provided to us, where technically feasible
    • Objection to processing based on legitimate interests, including profiling, and to direct marketing
    • Withdrawal of consent at any time, where processing is based on consent.
    You also have the right to lodge a complaint with your local supervisory authority.
    7.3 Rights for California residents (CCPA/CPRA)
    If and when the CCPA/CPRA applies to MR‑NOVELS and you are a California resident, you may have rights to:
    • Request to know the categories and specific pieces of personal information we have collected about you
    • Request deletion of your personal information, subject to certain exceptions
    • Request correction of inaccurate personal information
    • Opt out of any “sale” or “sharing” of personal information, if we engage in such practices
    • Not be discriminated against for exercising your privacy rights.
    We do not currently sell your personal information as “sale” is defined under the CCPA/CPRA. If that changes, we will update this Policy and provide required opt‑out mechanisms.
    7.4 Exercising your rights
    To exercise any of these rights or to submit a privacy request, please contact us at ● with enough information to verify your identity.
    We will respond within the timeframes required by applicable law, and may need additional information to confirm your identity before acting on your request.
    You can also:
    • Access and update certain profile details directly in your account
    • Change your password at any time
    • Unsubscribe from marketing emails using the link provided in those emails
    • Manage cookie preferences via the cookie banner (where available) and browser settings.
  8. Children’s privacy
    Our Services are intended for users aged 18 and above and are not directed to children.
    We do not knowingly collect personal data from anyone under 18. If we learn that a child under 18 has provided us with personal information without appropriate consent, we will delete it and may close the associated account. If you believe a child has provided us data, please contact us immediately.
  9. Security
    We implement reasonable technical and organisational measures to protect your information from unauthorised access, loss, misuse or alteration.
    These include, among others:
    • Hosting with reputable providers (Hostinger) and use of CDN and caching (QUIC.cloud, LiteSpeed Cache)
    • HTTPS encryption where supported
    • Access controls and restricted access to administrative tools
    • Security plugins and monitoring (Solid Security Basic)
    • Regular software updates and vulnerability management
    • Encrypted and access‑controlled backups (WPvivid Backup Plugin).
    No method of transmission or storage is completely secure; you are responsible for keeping your password safe and for all activity under your account. If you suspect unauthorised use of your account, please change your password and contact us immediately.
  10. Third‑party links and services
    Our Services may link to or integrate with third‑party websites, apps or services (for example, payment gateways, email providers or social platforms).
    These third parties are responsible for their own privacy and security practices. We encourage you to review their privacy policies before providing them with any personal information.
  11. Contact and grievance redressal
    If you have any questions, concerns, or requests about this Privacy Policy or how we handle your information, please contact us at:
    • Email: privacy@mr-novels.com
    • Postal address: 59/15C, T.S.No. 7, G.T.N.Salai, Thirunagar, Dindigul, Tamil Nadu, India – 624005
    For users in India, you may also contact our designated Grievance Officer using the same contact details, with “Grievance” in the subject line, as required under the DPDPA.
    We aim to respond to verified requests within one month, or a shorter or longer period where required or allowed by applicable law, and will inform you if additional time is needed.
  12. Changes to this Privacy Policy
    We may update this Privacy Policy from time to time to reflect changes in laws, regulations, our Services or our practices.
    When we make material changes, we will:
    • Update the “Last updated” date at the top, and
    • Provide a prominent notice on the site and/or send you an email, where appropriate.
    Your continued use of the Services after changes take effect will mean you accept the updated Privacy Policy.
0 Shares
  • Facebook
  • X (Twitter)
  • Email
  • Copy Link
Copy link
CopyCopied