Privacy Policy

Last updated: TODO

TODO — Replace this scaffold with reviewed legal copy. The text below describes the data practices implemented in the current codebase. Have it reviewed before publishing.

1. What we collect

• Account info: name, email, password hash (via Firebase Authentication).
• Order info: shipping address, phone, items, payment method, payment reference (Razorpay), shipment tracking (Shiprocket).
• Browsing data: wishlist, recently viewed, cart contents.
• Communications: emails you send us and order-related emails we send you.

2. How we use it

To process orders, deliver them via Shiprocket, communicate about orders, prevent fraud, and improve the store. We do not sell your data.

3. Sharing

We share the minimum necessary data with the following processors:

• Firebase (Google) — authentication, database, file storage.
• Razorpay — online payment processing.
• Shiprocket — shipping label generation and tracking.
• Resend — transactional email delivery.

4. Retention

We retain order records as long as required for accounting and tax compliance. You can request deletion of marketing data; order history cannot be deleted while statutory retention applies.

5. Your rights

You can access, update, or request deletion of your data by emailing our support.

6. Security

We use TLS in transit, Firebase security rules, and signed payment verification. No system is perfectly secure — please use a strong, unique password.

7. Children

The Site is not directed at children under 13. We do not knowingly collect data from children.

8. Contact

Questions about this policy? Contact us.