Privacy Policy

mystrix ("we," "us," or "our") is an e-commerce platform that lets you discover real physical products through surprise bundle reveals. We are committed to handling your personal data responsibly and transparently.

For any privacy-related enquiries, contact our team at info@mystrix.in.

A. Information you provide directly

• Account details: name, email address, phone number, password (hashed — never stored in plain text).
• Delivery address: street, city, state, pin code — required to ship your products.
• Payment information: processed entirely by Razorpay. mystrix never stores your card number, UPI ID, or bank details.

B. Information collected automatically

• Session data: login timestamps, device type, browser type.
• Usage data: which contests you viewed, spin history, orders placed — used to improve the experience.
• IP address: for fraud prevention and security monitoring.

C. Information we do NOT collect

• We do not collect government-issued ID numbers.
• We do not collect biometric data.
• We do not build advertising profiles or sell your data to third parties.

• Fulfil your orders — ship the products you won to the address you provided.
• Run your account — authentication, order history, wallet balance.
• Process payments — pass transaction data to Razorpay to charge the contest entry fee.
• Send transactional emails — order confirmations, shipping updates, password resets. These are not marketing emails.
• Prevent fraud and abuse — detect bot activity, duplicate accounts, and payment fraud.
• Improve the platform — analyse aggregate, anonymised usage patterns to improve contest design and product curation.

We do not use your data for targeted advertising. We do not sell or rent your personal data to any third party.

We share minimal data with the following trusted service providers, solely to operate the platform:

All third-party providers are contractually bound to process your data only for the purposes listed above.

We use minimal browser storage:

• Authentication session: a secure, HTTP-only cookie that keeps you logged in. Expires when you log out or after 30 days of inactivity.
• Cart & game state: stored in your browser's local storage so your cart survives a page refresh. This data never leaves your device except when you place an order.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

• Active accounts: data is retained for as long as your account exists.
• Order records: retained for 7 years for legal and accounting compliance.
• Deleted accounts: personal data is anonymised within 30 days of account deletion. Order records may be retained in anonymised form.
• Server logs: retained for 90 days for security purposes, then deleted.

• Passwords are hashed using bcrypt — we cannot see or recover your password.
• All data in transit is encrypted via HTTPS/TLS.
• Database data is encrypted at rest on MongoDB Atlas.
• Admin access requires a separate authentication token and cannot be obtained through normal user login.
• Payment data never touches our servers — Razorpay handles it end-to-end.

If you believe your account has been compromised, contact us immediately at security@mystrix.in.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data — update your name, email, or address from your profile page at any time.
• Delete your account and associated personal data — request via email or from your profile settings.
• Portability — request a copy of your data in a machine-readable format.
• Object to any use of your data beyond what is strictly necessary to provide the service.

To exercise any of these rights, email info@mystrix.in and we will respond within 14 days.

mystrix is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us and we will delete it promptly.

We may update this policy when our practices change or when required by law. The "Last updated" date at the top reflects the most recent revision. For significant changes, we will notify registered users by email at least 7 days before the change takes effect.

For privacy questions or requests: info@mystrix.in

For general support: info@mystrix.in