Governed by Indian Law: This Privacy Policy is drafted in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA).
1. Information We Collect
1.1 Personal Information You Provide
When you register, place an order, or contact us, we collect:
- Identity data: Full name, date of birth
- Contact data: Email address, phone number, billing and delivery address
- Transaction data: Purchase details, order history, payment confirmation IDs (via Razorpay)
- Account credentials: Username and hashed password (never stored in plain text)
- Communications: Messages sent via support or WhatsApp
1.2 Automatically Collected Data
- IP address, browser type, device type, operating system
- Pages visited, time on site, referring URL
- Cookie identifiers and session data
Note: We do not store your full payment card details. All payment processing is handled by Razorpay, a PCI-DSS compliant payment gateway licensed by the Reserve Bank of India.
2. How We Use Your Information
We use your personal data for the following lawful purposes (as defined under DPDPA 2023):
- Processing and fulfilling your orders
- Sending order confirmations, invoices, and shipping updates via email/SMS
- Responding to your queries, complaints, and support requests
- Improving our website, products, and services through analytics
- Sending promotional communications (only with your explicit consent)
- Detecting and preventing fraud, abuse, and security threats
- Complying with applicable laws, regulations, and court orders
- Managing returns, refunds, and warranty claims
3. Sharing Your Information
We do not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:
- Delivery partners: Name, address, and phone to fulfil your order (e.g., Shiprocket, Delhivery, Blue Dart)
- Payment processors: Order amount and reference to Razorpay for payment settlement
- SMS/Email service providers: For transactional notifications only
- Legal authorities: Where required by Indian law, court order, or government direction under Section 69 of the IT Act, 2000
- Business transfer: In case of merger or acquisition, with prior notice to you
4. Data Security
We implement reasonable security practices as mandated by the IT (SPDI) Rules, 2011, including:
- SSL/TLS encryption for all data in transit
- Password hashing using bcrypt
- Regular security audits and vulnerability assessments
- Access controls limiting employee access to personal data
- Secure cloud infrastructure with regular backups
In the event of a data breach affecting your rights, we will notify you within 72 hours as required under DPDPA 2023.
5. Cookies & Tracking Technologies
We use cookies to enhance your experience:
- Essential cookies: Required for login, cart, and session management
- Analytics cookies: To understand how our site is used (e.g., Google Analytics)
- Preference cookies: To remember your settings and preferences
You may disable cookies via your browser settings; however, this may affect site functionality.
6. Your Rights Under DPDPA 2023
As a data principal under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access: Request a summary of your personal data we hold
- Correction: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data, subject to legal obligations
- Withdraw consent: Withdraw marketing consent at any time
- Grievance redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India
- Nomination: Nominate another person to exercise your rights in case of death or incapacity
To exercise these rights, please email our Grievance Officer at the address in Section 8.
7. Children's Privacy
Our services are not directed to children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, please contact us immediately and we will delete it promptly in accordance with DPDPA 2023 provisions on children's data.
8. Grievance Officer
In accordance with the Information Technology Act, 2000, and rules made thereunder, the name and contact details of our Grievance Officer are:
9. Changes to This Policy
We may update this Privacy Policy periodically. The updated version will be indicated by a revised "Last Updated" date at the top. We encourage you to review this Policy periodically. For material changes, we will notify you via email or a prominent notice on our website.
10. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us: