Mad Brains Technologies LLP
Last Updated
March 30, 2026
Mad Brains Technologies LLP ("Company," "we," "us," or "our") is a Limited Liability Partnership registered under the Limited Liability Partnership Act, 2008, with its registered office in Mohali, Punjab, India. We operate the website www.themadbrains.com (hosted on Framer) and provide UI/UX design, custom web and mobile development, e-commerce, SEO, and related digital services to clients in India, the USA, UK, Australia, and the Middle East.
This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you visit our website, download our resources, sign up for our newsletter, use our tools, engage our services, or interact with us in any capacity.
This policy is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act") along with the Digital Personal Data Protection Rules, 2025 ("DPDP Rules").
By accessing our website or engaging our services, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our website or services.
Definitions
"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023.
"Data Principal" means the individual to whom the personal data relates. In the context of this policy, it refers to you: the website visitor, newsletter subscriber, lead magnet user, prospective client, or active client.
"Data Fiduciary" means the entity that determines the purpose and means of processing personal data. Mad Brains Technologies LLP is the Data Fiduciary for data collected through its website and services.
"Data Processor" means any person or entity that processes personal data on behalf of the Data Fiduciary, including our third-party service providers.
"Sensitive Personal Data or Information (SPDI)" means personal data relating to passwords, financial information, health conditions, sexual orientation, medical records, and biometric data, as defined under Rule 3 of the SPDI Rules, 2011.
"Processing" means any operation performed on personal data, including collection, storage, use, modification, disclosure, transfer, and erasure.
Personal Data We Collect
We collect personal data through several channels depending on how you interact with us:
2.1 Data You Provide Directly
Contact forms and inquiry forms: Full name, email address, phone number, company name, project description, and website URL.
Newsletter signup (The Conversion Clinic): Email address and name, collected via GoHighLevel opt-in forms.
Ebook and lead magnet downloads: Email address, name, and company details, collected through landing page forms hosted on GoHighLevel. Free UX Audit Tool signups: Email address, website URL, and company name.
Project onboarding: Business briefs, design files, brand assets, login credentials for staging environments, content, and project-specific documentation.
Billing and contracts: GST numbers, business addresses, bank details for wire transfers, and payment references.
Job applications: Resume/CV, portfolio links, employment history, salary expectations, and interview responses.
Testimonials and reviews: Name, company, designation, and feedback content provided voluntarily on Clutch, DesignRush, Upwork, or directly to us.
2.2 Data Collected Automatically
IP address, browser type, device type, operating system, and screen resolution.
Pages visited, time spent on pages, click patterns, scroll depth, and referral source (tracked via Google Analytics 4 and Microsoft Clarity). Heatmap and session recording data collected through Microsoft Clarity (anonymized session replays).
Cookies and similar tracking technologies (see Section 9 for detailed Cookie Policy).
Meta Pixel and Conversions API (CAPI) data for ad performance tracking, including page views, form submissions, and conversion events shared with Meta Platforms.
2.3 Data from Third-Party Sources
Apollo.io: We use Apollo.io to research and source publicly available business contact information (name, email, job title, company) of potential clients for outreach purposes. If you receive a cold outreach email from us, your data was sourced from Apollo.io's public business database. You can opt out of further communication at any time.
Freelance marketplaces: Upwork, Clutch, DesignRush, and similar platforms where clients engage us.
Referral partners and industry directories where your business information is publicly listed.
Purpose of Data Collection and Processing
We process your personal data for the following specific and lawful purposes:
Purpose
Details
Service Delivery
To fulfill project requirements, communicate updates, deliver design and development work, and provide ongoing support.
Client Communication
To respond to inquiries via contact forms, email, WhatsApp, or platforms like Upwork and Clutch.
Billing and Invoicing
To generate invoices, process payments via Wise or SWIFT bank transfers, and maintain financial records under applicable tax laws (Income Tax Act, GST).
Newsletter and Content
To send The Conversion Clinic newsletter (weekly CRO-focused content), case studies, and service updates via GoHighLevel. Sent only with your opt-in consent.
Lead Magnets
To deliver ebooks, free tools, and downloadable resources you request, and to follow up with related content via email sequences managed through GoHighLevel.
Website Analytics
To analyze website traffic, user behavior, and conversion data using Google Analytics 4, Microsoft Clarity, and Meta Pixel to improve our services and website.
Advertising
To run and measure targeted advertising campaigns on Meta (Facebook/Instagram) using Pixel and CAPI data, and to create custom and lookalike audiences.
Business Development
To research and contact potential clients using publicly available data sourced via Apollo.io and LinkedIn for legitimate business outreach.
Recruitment
To evaluate job applications, conduct interviews, and manage hiring using our structured evaluation process.
UX Research
To conduct user research, usability testing, and analytics analysis for client projects, always with appropriate consent mechanisms in place.
Workflow Automation
To automate internal business processes (lead routing, email sequences, notifications) using n8n, our self-hosted automation platform.
Legal Compliance
To comply with legal obligations, respond to lawful requests, and protect our legal rights.
Important: We do not process your personal data for any purpose beyond what is specified above. Any new processing purpose will require fresh consent from you as the Data Principal.
Use of Artificial Intelligence
We believe in transparency about our use of AI tools. Mad Brains Technologies LLP uses artificial intelligence in the following areas of its operations:
4.1 Hiring and Recruitment
We use AI-powered tools (including Claude by Anthropic and custom GPT models) to assist in evaluating job applications. This includes structured CV scoring, interview question generation, and candidate assessment. AI outputs are used as decision-support tools only. All final hiring decisions are made by humans.
4.2 UX Audits and Analysis
Our UX audit process uses AI tools to analyze website performance data, accessibility scores, and user behavior patterns. AI assists in generating recommendations and identifying conversion issues. All audit findings are reviewed and validated by our UX team before being presented to clients.
4.3 Content Generation
We use AI tools to assist in drafting blog posts, newsletters, email sequences, and marketing content. All AI-generated content is reviewed, edited, and approved by our team before publication.
4.4 Your Rights Regarding AI Processing
You have the right to know when AI is being used to process your data. If you have concerns about AI-based processing of your personal data, you can contact us at abhinav@themadbrains.com to request human-only processing where feasible.
Transparency commitment: AI tools process data on our instructions and under our supervision. We do not use AI for fully automated decision-making that produces legal effects or similarly significant outcomes for individuals without human review.
Consent
In accordance with Section 6 of the DPDP Act, 2023, we collect and process your personal data only after obtaining your free, specific, informed, and unambiguous consent through a clear affirmative action.
Consent is obtained through the following mechanisms:
Click-through consent when you submit a contact form, download an ebook, sign up for the newsletter, or fill any form on our website.
Cookie consent banner displayed upon your first visit, allowing you to accept or reject non-essential cookies.
Written consent through service agreements, NDAs, and project contracts.
Email opt-in checkboxes for marketing communications via GoHighLevel.
Opt-out links in all outreach emails sent via Apollo.io or direct outreach.
5.1 Withdrawal of Consent
You have the right to withdraw your consent at any time. The process for withdrawing consent is as simple as the process for giving it. You may withdraw consent by:
Emailing us at abhinav@themadbrains.com with the subject line "Withdraw Consent"
Using the unsubscribe link in any marketing email or newsletter
Replying "STOP" or "Unsubscribe" to any outreach email
Contacting our Grievance Officer (details in Section 14)
Upon withdrawal, we will cease processing your data for the specified purpose within 72 hours. However, withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. We may also retain certain data where legally required (e.g., tax and accounting records under the Income Tax Act, 1961, and GST regulations).
Disclosure and Third-Party Data Sharing
We do not sell, rent, or trade your personal data to any third party. We share your data only in the following limited and documented circumstances:
6.1 Service Providers and Data Processors
We engage the following categories of third-party service providers who process data on our behalf, strictly under our instructions and bound by contractual data protection obligations:
Category
Provider(s)
Data Shared
Website Hosting
Framer, Vercel
Website content, form submissions, visitor analytics
CRM and Email
GoHighLevel
Name, email, phone, interaction history, email engagement data
Analytics
Google Analytics 4, Microsoft Clarity
IP (anonymized), page views, session recordings, device data
Advertising
Meta Platforms (Pixel + CAPI)
Page views, conversions, hashed email/phone for audience matching
Prospecting
Apollo.io
Publicly available business contact data for outreach
Automation
n8n (self-hosted)
Lead data, form submissions, workflow triggers (processed on our own servers)
Cloud and Infra
Hostinger, AWS
Server data, backups, application data
AI Processing
Anthropic (Claude), OpenAI
Anonymized project data, application data for structured evaluation
Payments
Wise, SWIFT banking
Invoice details, transaction references (no card data stored by us)
Project Mgmt
ClickUp, Slack, Figma
Project files, task data, communication logs
6.2 Other Disclosure Scenarios
Legal Obligations: Where required by law, court order, or government authority under applicable Indian law.
Business Transfers: In the event of a merger, acquisition, or restructuring, your data may be transferred to the successor entity with equivalent data protection safeguards.
With Your Consent: Where you have explicitly authorized us to share your information with a specific third party.
7. Cross-Border Data Transfer
As we serve clients globally and use service providers headquartered outside India (including Google, Meta, Anthropic, Wise, and others), your personal data may be transferred to and processed in countries outside India, including the United States, European Union, and United Kingdom.
Such transfers are conducted in accordance with Section 16 of the DPDP Act, 2023, and are limited to countries not restricted by notification of the Central Government of India. Where data is transferred outside India, we ensure adequate safeguards through contractual data protection clauses with our service providers.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required under applicable law:
Data Type
Retention Period
Client project data
3 years from project completion, unless SOW specifies otherwise
Financial and invoicing records
8 years (Income Tax Act, 1961 and GST regulations)
Newsletter subscriber data
Until you unsubscribe or withdraw consent
Lead magnet download data
2 years from collection, or until consent withdrawal
Cold outreach contact data
1 year from last interaction, or until opt-out
Job application data
1 year from application date (longer if hired)
Website analytics (GA4)
14 months (GA4 default retention setting)
Session recordings (Clarity)
30 days (Microsoft Clarity default)
Cookie data
Varies by cookie type (see Section 9)
Upon expiry of the retention period, personal data is securely erased or irreversibly anonymized.
Cookies and Tracking Technologies
Our website (hosted on Framer) uses cookies and similar tracking technologies. Here is a detailed breakdown:
9.1 Essential Cookies
Required for basic website functionality: navigation, form submissions, security tokens, and session management. These do not require consent under the DPDP Act as they are necessary for the service you requested.
9.2 Analytics Cookies
Google Analytics 4 (_ga, _ga_*): Tracks page views, sessions, traffic sources, and user journeys. Retention: 14 months. IP anonymization is enabled.
Microsoft Clarity (_clck, _clsk, CLID): Records anonymized session replays, heatmaps, and click data. Retention: 30 days.
9.3 Advertising and Tracking Cookies
Meta Pixel (_fbp, _fbc): Tracks page views, form submissions, and conversion events. Shares hashed data with Meta for ad optimization and custom audience creation via both browser Pixel and server-side Conversions API (CAPI).
Google Tag Manager: Manages deployment of analytics and marketing tags.
9.4 Preference Cookies
Used to remember your language, region, and cookie consent preferences.
9.5 Managing Cookies
You can manage cookie preferences through the cookie consent banner on our website, or through your browser settings. Blocking analytics and advertising cookies will not affect core website functionality.
10. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights:
Right to Access: You may request a summary of the personal data we hold about you and the processing activities associated with it.
Right to Correction and Erasure: You may request correction of inaccurate data, completion of incomplete data, or erasure of data no longer necessary for the stated purpose.
Right to Withdraw Consent: You may withdraw consent at any time, and such withdrawal shall be as easy as the process of giving consent.
Right to Grievance Redressal: You may raise a complaint with our Grievance Officer. If unsatisfied, you may escalate to the Data Protection Board of India.
Right to Nominate: You may nominate another individual to exercise your rights in case of your death or incapacity.
Right to Object to AI Processing: You may request that your data not be processed by automated AI tools where human-only processing is feasible (see Section 4.4).
To exercise any of these rights, email abhinav@themadbrains.com with the subject line "Data Principal Rights Request." We will respond within 72 hours and resolve requests within 30 days.
Data Security
We implement reasonable security practices and procedures as required under Section 8 of the SPDI Rules, 2011, and the DPDP Act, 2023:
SSL/TLS encryption for all data transmitted through our website.
Access controls restricting data access to authorized personnel only, with role-based permissions.
Encrypted storage for sensitive client data and credentials.
Self-hosted automation infrastructure (n8n on Hostinger) keeping workflow data within our controlled environment.
Non-Disclosure Agreements (NDAs) with all employees, contractors, and sub-processors.
Regular security assessments and dependency audits of our codebase.
Data backup and disaster recovery procedures.
Secure file transfer protocols for exchanging client assets and deliverables.
Data Breach Notification
In the event of a personal data breach, we will:
Notify the Data Protection Board of India promptly, in accordance with Section 8(6) of the DPDP Act, 2023, and Rule 7 of the DPDP Rules, 2025.
Notify affected Data Principals without unreasonable delay, providing details of the nature of the breach, categories of data affected, likely consequences, and remedial measures taken.
Document the breach and all response actions in our internal breach register.
Children's Data
Our services are not directed at individuals below the age of 18 years. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor without appropriate parental or guardian consent, we will delete such data within 72 hours.
In accordance with Section 9 of the DPDP Act, 2023, we will not process children's data in any manner that is likely to cause detrimental effect to the well-being of the child, and we will not undertake tracking, behavioral monitoring, or targeted advertising directed at children.
Grievance Officer
In accordance with Section 11(2) of the DPDP Act, 2023, and Rule 5(5) of the SPDI Rules, 2011, we have designated the following Grievance Officer:
Name
Abhinav
Designation
Founder, Mad Brains Technologies LLP
abhinav@themadbrains.com
Address
Mad Brains Technologies LLP, Mohali, Punjab, India
Response Time
Acknowledgment within 48 hours, resolution within 30 days
If your complaint is not resolved to your satisfaction, you have the right to file a complaint with the Data Protection Board of India under Section 13 of the DPDP Act, 2023.
15. Third-Party Links
Our website contains links to third-party platforms including Clutch, Behance, Dribbble, LinkedIn, DesignRush, Upwork, and client project platforms. We are not responsible for the privacy practices of these external sites. Review their respective privacy policies before providing personal data.
16. International Compliance Note
While this Privacy Policy is primarily governed by Indian law, we recognize that our clients in the USA, UK, EU, and Australia may be subject to additional data protection regulations (including GDPR, CCPA, and the Australian Privacy Act). We commit to working with clients to meet reasonable data protection requirements under their local laws as part of our service agreements.
If you are a client based in the EU/UK, we can execute Standard Contractual Clauses (SCCs) or Data Processing Agreements (DPAs) upon request.
17. Updates to this Privacy Policy
We may update this Privacy Policy to reflect changes in our data practices, tool stack, applicable laws, or regulatory requirements. All updates will be posted on this page with a revised "Last Updated" date.
Material changes will be communicated through a prominent notice on our website and, where applicable, via email to active subscribers and clients. We encourage you to review this policy periodically.
18. Governing Law and Jurisdiction
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.
Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Mohali, Punjab, India.
Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Mad Brains Technologies LLP
Website
Registered Office
Mohali, Punjab, India