Privacy Policy

Last updated · 17 May 2026

This Policy explains what personal data we collect about you, why we collect it, who else sees it, and what rights you have. It is written to comply with the Digital Personal Data Protection Act 2023 of India, the rules under the Information Technology Act 2000, and — for readers in the EU and the UK — the General Data Protection Regulation (GDPR) and UK GDPR.

We collect the minimum amount of data we need to ship you a book, send you a receipt, and improve the website. We do not sell your data. Ever.

1. Who We Are

This Website is operated by Parbir Advisory Services (PHS) LLP — a Limited Liability Partnership incorporated under Indian law. We are the Data Fiduciary under the DPDP Act 2023, and the Data Controller under GDPR, for any personal data we collect through this Website.

• · Registered office: F-23/6-A, Krishna Nagar, New Delhi 110051, India
• · GSTIN: 07ABAFP7003M1Z7 (Delhi · State code 07)
• · Contact: hello@themanwhostayed.com

2. What Data We Collect

Depending on what you do on the Website, we collect:

• · Order data: your name, email address, phone number, shipping address, billing address, and GSTIN (only if you provide it for a business invoice).
• · Payment metadata: the order amount, payment method, transaction ID, and status, sent to us by Razorpay or Stripe after a payment. We never see or store your full card number, CVV, UPI PIN, or net-banking credentials.
• · Communication data: the contents of messages you send through our contact form or by email.
• · Technical data: IP address, browser type and version (user agent), device type, language, referrer URL, UTM parameters from marketing links, and pages viewed on the Website.
• · Cookies and similar technologies: see our Cookie Policy for the full list.
• · Newsletter and marketing data: your email address, name, and preferences if you opt in to our newsletter or event updates.
• · User submissions: reviews, testimonials, photographs, and any content you voluntarily send us.

3. Why We Collect It

• · Order fulfilment: to process your payment, ship the book, hand off your address to our courier partner, and confirm delivery.
• · Communication: to send order confirmations, shipping updates, invoices, replies to your messages, and — only if you opt in — newsletters or event invites.
• · Compliance: to meet our obligations under Indian tax law (GST), accounting standards, and lawful requests from authorities.
• · Fraud prevention: to detect and prevent fraudulent orders, chargeback abuse, and misuse of the Website.
• · Analytics and product improvement: to understand how readers find and use the site, in aggregate, so we can improve it.

4. Lawful Basis for Processing

Under the DPDP Act 2023 and GDPR, we rely on the following lawful bases:

• · Consent — for newsletter subscription, non-essential cookies, and marketing.
• · Performance of a contract — to take and fulfil your order.
• · Legal obligation — to keep tax records under the CGST/SGST/IGST Acts and the Income-tax Act 1961, and to respond to lawful requests.
• · Legitimate interest — to keep the Website secure, prevent fraud, and analyse aggregate usage trends.

5. Third-Party Processors

We share the minimum amount of personal data needed with the following processors. Each one has its own privacy policy and is contractually bound to handle your data securely:

• · Razorpay Software Private Limited (India) — payments. See razorpay.com/privacy.
• · Stripe, Inc. (USA) — international payments. See stripe.com/privacy.
• · Shiprocket (BigFoot Retail Solutions Pvt. Ltd.) (India) — shipping aggregation and tracking. See shiprocket.in/privacy-policy.
• · Resend, Inc. (USA) — transactional email. See resend.com/legal/privacy-policy.
• · MSG91 (India) — DLT-compliant SMS for order updates. See msg91.com/in/privacy-policy.
• · Interakt / Wati (India) — WhatsApp Business updates. See interakt.shop/privacy-policy.
• · Vercel Inc. (USA) — website hosting and edge delivery. See vercel.com/legal/privacy-policy.
• · Google Analytics (Google LLC, USA) — only if enabled, for aggregate website analytics. See policies.google.com/privacy.

6. Data Retention

• · Orders and invoices: retained for at least 8 years from the end of the relevant financial year, as required by Indian tax and accounting law.
• · Newsletter and marketing data: kept until you unsubscribe or ask us to delete it.
• · Server and access logs: 90 days, unless we need to retain them longer to investigate a security incident.
• · Support emails: 3 years from the last interaction, then deleted unless they relate to an ongoing matter.

7. Your Rights under the DPDP Act 2023

As a Data Principal whose personal data we hold, you have the right to:

• · access a summary of the personal data we hold about you;
• · correct or update inaccurate or incomplete data;
• · request erasure of data we no longer need to keep;
• · withdraw consent (where consent is our lawful basis), at any time;
• · nominate another individual to exercise your rights in the event of your death or incapacity;
• · lodge a grievance with us, and — if unresolved — with the Data Protection Board of India.

Send your request to hello@themanwhostayed.com with the email and phone number used for your order so we can verify you. We will respond within the timelines prescribed by the DPDP Act.

8. Data Protection / Grievance Officer

Under the DPDP Act 2023 and the Information Technology (Intermediary Guidelines) Rules 2021, our Grievance Officer is:

• · Name: Sarabjeet Singh
• · Designation: Designated Partner & Grievance Officer
• · Email: hello@themanwhostayed.com
• · Address: Parbir Advisory Services (PHS) LLP, F-23/6-A, Krishna Nagar, New Delhi 110051, India

We will acknowledge your grievance within 48 hours and aim to resolve it within 15 days.

9. International Transfers

Some of our processors — including Stripe, Resend, and Vercel — are located outside India. When we share your data with them, we rely on the contractual terms each provider offers (such as Standard Contractual Clauses or equivalent safeguards) to ensure your data receives an adequate level of protection, and we transfer only the minimum information needed. The Indian government may, under the DPDP Act, restrict transfers to specific countries; we will respect any such restrictions.

10. Children’s Privacy

Our Website and the book are intended for adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data without parental consent, please contact us and we will delete it.

11. GDPR Addendum (for EU and UK readers)

If you access this Website from the European Economic Area or the United Kingdom, you have additional rights under the EU GDPR and UK GDPR, including the right to:

• · access, rectify, or erase your personal data;
• · restrict or object to processing, including direct marketing;
• · data portability — receive your data in a structured, machine-readable format;
• · not be subject to decisions based solely on automated processing;
• · lodge a complaint with your local supervisory authority (for example, the UK Information Commissioner’s Office or your national Data Protection Authority).

Where we process EU/UK personal data, our lawful basis is one of those described in Section 4 above. Transfers from the EU/UK to India and other third countries are made under appropriate safeguards (such as Standard Contractual Clauses) and only where necessary to fulfil your order or where we have your consent.

12. Cookies

We use a small number of cookies — most are essential for the Website to work, and a few are used for analytics if you consent. The full list, what each cookie does, and how to turn them off lives in our Cookie Policy.

13. Security Measures

We take reasonable technical and organisational measures to protect your personal data, including:

• · HTTPS / TLS encryption in transit for all Website traffic;
• · encryption at rest for our production database;
• · role-based access controls and audit logging for our admin tools;
• · payment processing fully delegated to PCI-DSS-certified providers;
• · regular review of dependencies and infrastructure for security vulnerabilities.

No system is perfectly secure. If we ever experience a personal-data breach that is likely to result in significant harm to you, we will notify you and the Data Protection Board of India in the manner and within the timelines prescribed under the DPDP Act 2023.

14. Changes to this Privacy Policy

We may update this Policy as our practices or the law evolve. When we do, we will revise the “Last updated” date at the top. For material changes that affect how we use your data, we will give you reasonable notice — usually via email if you are a recent customer.

15. Contact

Questions, requests, or complaints about this Privacy Policy should be sent to hello@themanwhostayed.com or by post to Parbir Advisory Services (PHS) LLP, F-23/6-A, Krishna Nagar, New Delhi 110051, India.