Privacy Policy

Last updated: [08-June-2026].

This Privacy Policy explains how Deepak Machado (“I”, “me”, “my”), who runs NRI Money Map at deepak.co (the “Site”) as a personal hobby blog, collects, uses, shares, and protects personal data. It also explains your rights and how to use them. By using the Site, you confirm that you have read and understood this Policy.

This Site is a personal project run out of interest and curiosity. It is not a business and not a registered company. Even so, when you subscribe or comment, I act as the person responsible for that data, so this Policy sets out how I handle it. If anything is unclear, write to me at [email].

1. Who is responsible, and how to reach me

The person responsible for personal data on the Site is Deepak Machado, an individual based in Dubai, United Arab Emirates, running this Site personally and not as a company. For any privacy question or request, write to [email].

2. Scope

This Policy covers personal data handled through the Site, the newsletter, the comment system, and direct messages. It does not cover other websites or services the Site links to. Those have their own policies, and I am not responsible for them.

3. The personal data collected

Data you give directly. Your email address when you subscribe. Your name, only if you choose to give it. The content of any comment, with the name and email you submit with it. Anything you send by email or through a form.

Data collected automatically. When you visit, the hosting service and analytics tools may record technical information such as your IP address, an approximate location from it, device and browser type, operating system, the page that referred you, pages viewed, and time on the Site. Some of this comes through cookies and similar technologies, described in the Cookie Policy.

What not to send. Please do not send sensitive personal data, such as government identifiers, financial account numbers, or health information, through comments or email. If you do, you do so at your own risk, and you accept that it will be handled as described here until it can be deleted.

4. How the data is used, and the legal grounds

Personal data is used to: send the newsletter you asked for; publish and manage your comments; reply to your messages; run, secure, and improve the Site; understand which content is useful; and meet legal duties.

Where data protection law needs a legal basis, the bases are these. Consent for marketing email, for non essential cookies, and wherever consent is the required basis, including under the UAE PDPL and India’s DPDP framework, which are consent first. Legitimate interests, where allowed, for keeping the Site secure and understanding usage, balanced against your rights. Legal obligation, where data must be kept or disclosed to comply with the law. You can withdraw consent at any time, which does not affect anything already done.

5. Email and the newsletter

Email goes only to people who opt in. Every email has a one click unsubscribe. A third party email platform (currently MailerLite, and this may change to another provider such as ConvertKit) is used to deliver and manage these emails. That provider handles your data on my behalf under its own terms and security.

6. Comments

If you comment, your name, your email, your IP address, and your comment are stored, and your name and comment are shown publicly. An anti spam service may screen comments. Do not post other people’s personal data without their permission.

7. Who data is shared with

Your personal data is not sold. It is shared only with: service providers that process data for the Site (hosting, email delivery, analytics, anti spam, and security), under terms that limit their use of it; authorities or advisers where required to comply with the law or protect rights and safety; and a successor if the Site is ever transferred, subject to this Policy.

8. International data transfers

The Site has a global audience and uses providers in different countries. Your data may be stored or processed outside your country, including outside the UAE, the EEA, the UK, and India, where laws may differ. Where required, lawful transfer mechanisms such as standard contractual clauses or your consent are used. By using the Site, you understand your data may be processed internationally.

9. How long data is kept

Subscriber data is kept until you unsubscribe or ask for deletion, plus a short period for suppression and basic records. Comment data stays with the post unless you ask for removal. Analytics data is kept for the period set in the tool. Limited data may be kept longer where the law requires.

10. Security

Reasonable technical and organisational measures are used to protect personal data. No website or internet transmission is fully secure, so absolute security cannot be guaranteed. You share information at your own risk.

11. Your rights

Depending on the law that applies to you, you may have the right to access your data, correct it, delete it, restrict or object to its use, receive a copy in a portable format, and withdraw consent. To use any right, email [your email]. I may need to verify your identity and will reply within the time the law requires. In most cases this is free.

11.1 If you are in the EEA or the UK (GDPR and UK GDPR)

You have the rights above and may complain to your local supervisory authority. In the UK that is the Information Commissioner’s Office. In the EEA it is the authority in your country.

11.2 If you are in the United Arab Emirates (PDPL)

The UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) gives rights including access, correction, deletion, restriction, objection, portability, and withdrawal of consent. You can send requests to me, and, once the federal regulator is fully operational, you may also be able to complain to it. The PDPL does not apply inside the DIFC or ADGM, which have their own regimes.

11.3 If you are in India (DPDP Act 2023 and DPDP Rules 2025)

India’s Digital Personal Data Protection framework gives you, as a Data Principal, the right to a summary of your data, to seek correction or erasure, to grievance redressal, and to nominate someone to act for you. Processing is consent first, and you can withdraw consent as easily as you gave it. Raise a grievance with me at [your email], and escalate to the Data Protection Board of India where the framework allows.

11.4 If you are in California (CCPA as amended by CPRA)

You may request the categories and specific pieces of personal information collected, the sources, the purposes, and what was shared. You may request deletion and correction, and opt out of any sale or sharing. Personal information is not sold or shared as those terms are defined under California law. You will not be treated differently for using these rights.

12. Children

The Site is for adults and is not aimed at children. Personal data is not knowingly collected from anyone under 18. If you believe a child has provided data, contact me and it will be deleted.

13. Automated decisions

No decisions that produce legal or similarly significant effects about you are made solely by automated processing.

14. Third party links and content

The Site links to and may embed third party content. I do not control those services and am not responsible for their privacy practices. Review their policies before sharing data with them.

15. Changes to this Policy

This Policy may be updated from time to time. The “Last updated” date shows the latest version. Material changes will be clear on this page. Continued use after a change means you accept the update.

16. Contact and complaints

Questions, requests, or complaints: [email]. I aim to resolve concerns directly. You also keep the right to contact the data authority that applies to you.

This Policy is general information, not legal advice.