Pre-launch preview — Mol is not live yet. Figures may include pilot and demo data.
mol
Request access

Privacy Policy

How Mol collects, uses, and protects your data

Effective date: June 2026

This policy is being updated to cover Mol Assured (our transaction-assurance layer) and to align with India’s Digital Personal Data Protection Act, 2023. The text below is provisional and under review. To exercise your data rights or raise a grievance, use our data request page.

1. Who we are

Mol is a B2B price intelligence platform for PVC polymer markets, operated by its founders as an India-based SaaS product. References to “Mol”, “we”, “us”, or “our” in this policy refer to Mol and its operators.

For questions about this policy or data-related requests, contact us via the contact form.

2. Data we collect

We collect only what is necessary to operate and improve the service.

Account and authentication data

  • Email address and display name provided at sign-up
  • Organisation or team name if you create a team account
  • Authentication tokens managed by Supabase Auth (hashed passwords or OAuth provider tokens — we never store plaintext passwords)
  • Billing contact information if you subscribe to a paid plan

Usage and query data

  • Queries you send to Munim, our AI assistant — including the text of your questions and the responses returned
  • Page views, feature interactions, and session timing (aggregated analytics, not individual keystroke tracking)
  • API request logs including endpoint, response status, and timestamp — retained for debugging and rate-limiting

Technical data

  • IP address and browser user-agent (collected by our hosting provider for security and performance)
  • Session cookies required for authentication (see Section 7 on cookies)

3. How we use your data

We use the data we collect for the following purposes only:

  • Authenticating you and securing your account
  • Delivering price intelligence, market analysis, and AI-assisted query responses
  • Processing payments and managing your subscription
  • Diagnosing errors, investigating abuse, and improving the reliability of the service
  • Improving the accuracy and relevance of Munim’s responses over time (query logs may be reviewed internally for quality assessment)
  • Sending transactional emails such as account confirmations, password resets, and billing receipts

We do not use your data for advertising. We do not build behavioural profiles for sale or trade. We do not use your data for any purpose unrelated to operating and improving Mol.

4. Third-party processors

We share data with the following sub-processors solely to operate the service. Each processor handles data only to the extent necessary for their function.

  • Supabase — authentication, database, and file storage. Your account data and query logs are stored in a Supabase project currently hosted in the AWS us-east-1 (Northern Virginia) region. See Section 6 for the data residency note.
  • Anthropic (Claude API) — the text of your Munim queries is sent to Anthropic’s API to generate responses. Anthropic’s API usage policy applies; query content is not used to train Anthropic’s models under their current API data use terms.
  • Vercel — hosting and edge delivery for the web application. Vercel may log request metadata (IP, path, status) for a short period for operational purposes.
  • Stripe — payment processing for paid subscriptions. Mol does not store raw card numbers; all card data is handled by Stripe directly.

We do not sell, rent, or otherwise disclose your personal data to any third party beyond the processors listed above, except where required by law.

5. Data retention

  • Account data — retained for the life of your account and deleted within 30 days of account closure or upon a verified deletion request
  • Query logs (Munim chat history) — retained for 12 months from the date of the query, then permanently deleted
  • Billing records — retained for 7 years where required by applicable tax and financial regulations
  • Aggregated analytics — retained indefinitely in anonymised, non-personal form

6. Data residency

Mol is an India-based product. At this time, our Supabase database project is hosted in AWS us-east-1 (United States). This means your account data and query logs are stored on servers located in the United States. We are evaluating a migration to an India or Asia-Pacific region and will update this policy when that changes.

By using Mol, you acknowledge that your data may be transferred to and processed in jurisdictions outside India, including the United States, subject to the data protection commitments of our sub-processors.

7. Cookies

Mol uses session cookies only. These are small tokens stored in your browser that identify your authenticated session. They are strictly necessary for the service to function — without them you cannot stay logged in.

We do not use advertising cookies, cross-site tracking cookies, or any third-party analytics scripts that place cookies in your browser. There are no tracking pixels or fingerprinting scripts on Mol.

Session cookies expire when you sign out or when your session lapses. You may clear cookies via your browser settings at any time, which will sign you out of the application.

8. Your rights (DPDP Act 2023)

Mol is committed to compliance with India’s Digital Personal Data Protection Act 2023 (DPDP Act). As a data principal, you have the following rights with respect to your personal data:

  • Right to access — request a summary of the personal data we hold about you
  • Right to correction — request correction of inaccurate or incomplete personal data
  • Right to erasure — request deletion of your personal data, subject to retention obligations described in Section 5
  • Right to grievance redressal — lodge a complaint or concern with us and receive a response within a reasonable time

To exercise any of these rights, use the data request form with the address associated with your Mol account. We will respond within 30 days. We may ask you to verify your identity before processing a request.

9. Security

We implement reasonable technical and organisational measures to protect your data, including TLS encryption in transit, bcrypt-hashed credentials, row-level security policies on our database, and access controls limiting who on our team can query production data.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately via the contact form.

10. Children

Mol is a B2B professional platform. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has registered, contact us and we will delete the account promptly.

11. Changes to this policy

We may update this policy as the product evolves. Material changes — such as new categories of data collected or new sub-processors — will be communicated by email to registered users at least 14 days before they take effect. The effective date at the top of this page will always reflect the date of the most recent revision.

Continued use of Mol after the effective date of a revised policy constitutes acceptance of the updated terms.

Questions: use the contact form. Data requests: use the data request form