Last updated: January 1, 2025
Mango ("Company," "we," "our," or "us") operates the mangxo.org website and the Mango construction materials procurement and trade credit platform (collectively, the "Platform"). This Privacy Policy describes how Mango collects, uses, stores, shares, and protects personal information when you visit mangxo.org, create an account, place orders, apply for trade credit, or otherwise interact with our Platform.
Mango is incorporated and operates primarily in Mexico City, Mexico. Our services are directed at contractors, developers, construction companies, and suppliers operating in Mexico. If you are located outside Mexico, certain provisions of this Privacy Policy may apply differently to you.
By using the Mango Platform or accessing mangxo.org, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of the Platform and contact us to request deletion of any data we may hold.
The data controller for personal information collected through mangxo.org and the Mango Platform is:
Mango
Mexico City, Mexico
Email: contact@mangxo.org
Contact for data inquiries: luis@mangxo.org
For questions about how your personal data is processed, or to exercise your rights under applicable privacy law, please contact us at the email addresses above. We will respond to all verified data requests within 20 business days.
We collect information you provide directly, information generated automatically through your use of the Platform, and information obtained from third-party sources where applicable.
Account registration information: When you create a Mango account, we collect your full name, business name, email address, phone number, RFC (Registro Federal de Contribuyentes), and business address. For businesses, we may also collect information about authorized users, business registration documents, and proof of identity for the account holder.
Order and transaction information: When you place orders through the Platform, we collect details of each order including product specifications, quantities, delivery addresses, project information, and any special delivery instructions. We also collect information about your suppliers, subcontractors, and project team members that you enter into the Platform.
Trade credit application information: When you apply for trade credit through Mango, we collect financial information including project scope and estimated value, construction permit details, payment history (including previous Mango orders), business financial statements where requested, information from the Buró de Crédito and other credit bureaus, and banking information for payment processing.
Project data: You may provide construction project details including site addresses, project type, floor area, estimated cost, permit numbers (Manifestación de Construcción or equivalent), and project timelines. This information is used for logistics coordination and credit underwriting.
Communication data: We collect the content of messages you send us through the Platform's support system, email, or any other channel, including inquiries, dispute submissions, and delivery reports.
Usage data: We collect information about how you use the Platform, including pages visited, features accessed, order flows completed or abandoned, search queries within the Platform, and time spent on various sections. This data is used to improve the Platform and understand user behavior.
Device and connection information: We collect IP addresses, browser type and version, operating system, device type (desktop, mobile, tablet), and device identifiers where applicable. For the Mango mobile application, we may collect device model information and mobile operating system version.
Location data: If you use location-based features of the Platform (such as tracking delivery locations or finding nearby suppliers), we may collect GPS coordinates or network-based location data with your consent. Delivery tracking uses location data associated with the delivery vehicle, not your device.
Cookie data: We use cookies and similar tracking technologies as described in our Cookie Policy (see mangxo.org/legal/cookies.html). Cookies help us maintain session state, remember preferences, and analyze usage patterns.
Credit bureau data: With your consent as part of the trade credit application process, we obtain credit information from the Buró de Crédito (Sociedad de Información Crediticia). This information is used solely for underwriting decisions and is not shared with third parties beyond what is required to process the credit application.
SAT and government databases: To verify RFC compliance and tax registration status for suppliers and account holders, we query public SAT (Servicio de Administración Tributaria) databases. This verification is performed using publicly available information.
Payment processors: When you make payments through the Platform, our payment processor (currently Conekta) receives and processes payment card data. Mango does not store full card numbers on our systems. Payment processor data handling is governed by the processor's own privacy policy.
We use the information we collect for the following purposes:
Platform operation and order fulfillment: Processing your orders, coordinating supplier deliveries, providing delivery tracking information, and managing your account. This is the core purpose for which your data is collected and is necessary for the performance of our services.
Trade credit underwriting: Evaluating trade credit applications, setting credit limits, and making credit decisions. Data used in underwriting includes your project information, payment history, RFC compliance status, and credit bureau data. We retain underwriting data for the duration of your credit relationship with Mango and for 5 years thereafter to comply with financial recordkeeping requirements under Mexican law.
Fraud prevention and security: Detecting and preventing fraudulent orders, unauthorized account access, and misuse of trade credit. We analyze behavioral patterns on the Platform to identify potentially fraudulent activity and may use third-party fraud detection services.
Communications: Sending order confirmations, delivery notifications, invoice documents, and credit decisions. We also send service announcements when there are material changes to the Platform or this Privacy Policy. These communications are necessary for service delivery and cannot be opted out of while your account is active.
Customer support: Responding to your inquiries, processing disputes, and resolving delivery or product issues. Support interactions are logged and retained for 2 years to maintain service continuity across interactions.
Platform improvement: Analyzing usage patterns to improve the Platform's user experience, identifying features that are underused or confusing, and developing new features. Analytical data used for this purpose is aggregated where possible.
Legal compliance: Meeting obligations under Mexican tax law (including CFDI invoice requirements), financial regulation, anti-money laundering requirements under the LFPIORPI (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita), and any applicable foreign law for transactions involving foreign counterparties.
For users in Mexico, our data processing is governed by the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). We process your personal data under the following legal bases:
Contractual necessity: Processing required to provide the Platform services you have requested, including order fulfillment, delivery coordination, and account management.
Consent: Processing you have affirmatively consented to, including credit bureau queries, marketing communications (where applicable), and optional platform features such as location sharing.
Legitimate interests: Processing for fraud prevention, security monitoring, and service improvement where our legitimate business interest does not override your privacy rights.
Legal obligation: Processing required by applicable Mexican law, including tax recordkeeping, anti-money laundering compliance, and financial regulatory requirements.
We do not sell your personal information. We share information only in the following circumstances:
Suppliers on the Mango platform: When you place an order, your delivery address, project site details, and relevant contact information are shared with the fulfilling supplier to enable delivery coordination. Suppliers receive only the information necessary to process and deliver your order. They are contractually prohibited from using this information for any purpose other than fulfilling your order.
Logistics partners: Delivery vehicle operators and logistics coordinators receive shipping details including delivery address, delivery window, and order weight/volume information for routing and scheduling purposes.
Payment processors: Conekta and other payment processors receive payment information necessary to process transactions. These processors operate under their own privacy and security certifications and are PCI-DSS compliant.
Credit bureaus: With your explicit consent during the credit application process, we report payment history to the Buró de Crédito. This reporting is required for maintaining our registration as a participating institution and for building your credit history within the formal credit system.
Service providers: We use third-party service providers for cloud hosting (AWS, GCP), email delivery, customer support tools, and analytics. These providers process data on our behalf under data processing agreements that restrict their use of your data to providing the contracted service.
Legal requirements: We disclose information when required by Mexican law, court order, or regulatory requirement. We also disclose information when necessary to protect the rights, property, or safety of Mango, our users, or the public.
Business transfers: In the event of a merger, acquisition, or sale of substantially all assets, personal data may be transferred to the acquiring entity. We will notify users of any such transfer and the acquiring entity will be required to honor this Privacy Policy or provide notice of any changes.
We retain different categories of data for different periods based on the purpose of collection and applicable legal requirements:
Account information: Retained for the duration of your active account and for 3 years after account closure, unless a longer retention period is required by law.
Order and transaction records: Retained for 5 years from the date of each transaction to comply with Mexican tax law requirements for CFDI records and financial documentation.
Trade credit application data: Retained for 5 years from the date of application or last active credit relationship, in compliance with financial recordkeeping requirements under Mexican banking regulation.
Payment records: Retained for 5 years in compliance with SAT recordkeeping requirements for commercial transactions.
Support communications: Retained for 2 years from the date of the last interaction in a support thread.
Usage and analytics data: Retained in aggregated form for up to 3 years. Non-aggregated usage logs are deleted or anonymized after 12 months.
Marketing consent records: Retained for 3 years from the date consent was given or withdrawn, to demonstrate compliance with opt-in requirements.
Under the LFPDPPP (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) and applicable privacy law, you have the following rights regarding your personal data:
Access (Acceso): The right to know what personal data we hold about you, the purposes for which it is processed, and to obtain a copy of that data.
Rectification (Rectificación): The right to correct inaccurate or incomplete personal data. You may update most account information directly through the Platform. For data corrections related to credit records, contact us at luis@mangxo.org.
Cancellation (Cancelación): The right to request deletion of your personal data. Note that we may be required to retain certain data for legal compliance purposes even after a deletion request. Where full deletion is not possible, we will restrict the processing of your data to the minimum required for compliance purposes.
Opposition (Oposición): The right to object to the processing of your personal data for specific purposes, including marketing communications and certain analytical processing.
Portability: The right to receive a copy of your personal data in a structured, commonly used format for portability to another service. We will provide order history, account information, and transaction records in CSV format upon verified request.
To exercise any of these rights, submit a written request to luis@mangxo.org with the subject line "Data Rights Request." Include your full name, account email address, and a description of the right you wish to exercise. We will verify your identity before processing any data request. We respond to all verified requests within 20 business days.
Mango implements technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
All data transmitted between your browser or device and the Mango Platform is encrypted using TLS 1.2 or higher. Data stored in our databases is encrypted at rest. Access to production systems is restricted to authorized personnel and requires multi-factor authentication. We conduct periodic access reviews and remove access when personnel no longer require it.
Payment card data is handled by our PCI-DSS certified payment processor and is not stored on Mango servers. Full card numbers are never transmitted to or stored by Mango. We store only tokenized payment references provided by the payment processor.
We engage third-party security assessments periodically and maintain an incident response procedure for data security events. In the event of a data breach that poses a risk to your rights, we will notify affected users within the timeframe required by applicable law.
No data transmission over the internet or storage system is completely secure. While we maintain reasonable security measures, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.
Mango uses cookies and similar technologies on mangxo.org. For detailed information about the specific cookies we use, their purposes, and how to manage them, please see our Cookie Policy at mangxo.org/legal/cookies.html.
In summary, we use session cookies (which expire when you close your browser), persistent cookies (which remain for a set period), and third-party analytics cookies. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality.
The Mango Platform is intended for use by business professionals and is not directed at persons under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor has provided us personal data, contact us at contact@mangxo.org.
Mango stores and processes data primarily within Mexico and on cloud infrastructure operated by Amazon Web Services (AWS) and Google Cloud Platform (GCP), which have data centers in multiple regions including North America. Data may be processed in the United States by our service providers. When data is transferred outside Mexico, we ensure appropriate safeguards are in place, including data processing agreements with our service providers that incorporate standard contractual clauses.
We may update this Privacy Policy periodically to reflect changes in our data practices, new legal requirements, or updates to the Platform. When we make material changes, we will post the updated policy at mangxo.org/legal/privacy.html with a revised "Last updated" date and send a notification to your registered email address if the changes materially affect your rights or the way we process your data.
Your continued use of the Platform after a Privacy Policy update constitutes acceptance of the revised policy. If you disagree with the updated policy, please discontinue use and contact us to request account closure and data deletion.
For privacy-related questions, data access requests, or concerns about how Mango handles your personal data, contact:
Mango — Data Privacy
Email: luis@mangxo.org
General inquiries: contact@mangxo.org
Website: mangxo.org
Mexico City, Mexico
We will acknowledge receipt of your inquiry within 3 business days and provide a substantive response within 20 business days. For urgent matters involving a potential data breach or serious privacy concern, please indicate "URGENT" in the subject line of your email.