Privacy Policy

Last Updated: 2026/04/24

At Old Monk Price ("we", "us", or "our"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you visit oldmonkprice.com (the "Site"). By using the Site, you agree to the practices described in this policy.

1. Information We Collect

We collect information in the following categories:

1.1 Information You Provide Voluntarily

Contact form submissions: name, email address, and message content.
Review submissions: display name, optional email address, rating, and review text.
Communications: any information you provide when contacting us directly via email.

1.2 Information Collected Automatically

Usage data: pages visited, time spent on pages, referral source, and general geographic region (country/state level only).
Device information: browser type, operating system, screen resolution, and device type (desktop/mobile).
IP address: collected temporarily for rate limiting and spam prevention, then hashed (SHA-256) and not stored in readable form.

2. How We Use Your Information

We use the information we collect for the following purposes:

To operate and maintain the Site, including displaying user-contributed reviews.
To respond to your inquiries, correction requests, and feedback submitted via the contact form.
To prevent spam, abuse, and unauthorized access (rate limiting via hashed IP addresses).
To analyze aggregated, anonymized traffic patterns to improve site performance and content relevance.
To comply with legal obligations and enforce our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Legal Basis	Purpose
Consent	When you submit a review or contact form, you consent to our processing your data for that specific purpose.
Legitimate Interest	Operating the Site, preventing abuse, analyzing anonymized traffic, and ensuring site security.
Legal Obligation	Complying with applicable laws, regulations, or valid legal requests from authorities.

4. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

Cookie / Tool	Purpose	Duration
Google Tag Manager	Analytics and performance measurement (anonymized IP).	Up to 2 years
Cloudflare Turnstile	Bot detection and spam prevention on forms.	Session-based
Essential cookies	Site functionality, session state, and security.	Session

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality. For more information on managing cookies, visit allaboutcookies.org.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Contact form submissions: retained for up to 12 months to track correspondence and resolve issues.
Published reviews: retained indefinitely unless you request deletion, as they form part of the Site's public content.
Pending reviews: retained for up to 90 days, then automatically deleted if not approved.
Hashed IP addresses: retained for 5 minutes for rate limiting, then discarded.
Analytics data: aggregated and anonymized; not linked to individual users.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

HTTPS encryption across the entire site (TLS 1.2+).
Content Security Policy (CSP) headers to prevent cross-site scripting (XSS) attacks.
Cloudflare Turnstile bot protection on all forms.
IP address hashing (SHA-256) — we never store readable IP addresses.
Server-side input validation and sanitization on all form submissions.
Regular security audits and dependency updates.

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under data protection law:

Right of AccessRequest a copy of the personal data we hold about you.

Right to RectificationRequest correction of inaccurate or incomplete personal data.

Right to ErasureRequest deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

Right to Restrict ProcessingRequest that we limit how we use your data in certain circumstances.

Right to Data PortabilityRequest your data in a structured, commonly used, machine-readable format.

Right to ObjectObject to processing based on legitimate interests, including for analytics purposes.

Right to Withdraw ConsentWithdraw consent at any time where processing is based on consent (e.g., review submissions).

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

8. International Data Transfers

Our Site is hosted on Vercel (United States) and uses Neon PostgreSQL (United States) for database storage. If you access the Site from outside these jurisdictions, your data may be transferred to and processed in countries that may not provide the same level of data protection as your home country. By using the Site, you consent to such transfers. We ensure that appropriate safeguards (such as standard contractual clauses) are in place where required by applicable law.

9. Third-Party Services

We use the following third-party services that may collect or process data:

Google Analytics / GTM: for anonymized traffic analytics. Google Privacy Policy.
Cloudflare: for CDN, security, and Turnstile bot protection. Cloudflare Privacy Policy.
Vercel: for site hosting and edge performance. Vercel Privacy Policy.
Neon: for PostgreSQL database hosting. Neon Privacy Policy.
Gravatar (Automattic): for user review avatars based on email hash. Automattic Privacy Policy.

10. Children's Privacy

The Site is not intended for individuals under the legal drinking age in their jurisdiction (typically 18–25 years depending on the Indian state). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Site after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a data concern, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

Response Time: Within 30 days for data rights requests.

If you are in the EEA and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.