Your privacy matters. VAIDHARA is committed to protecting your personal information. This policy explains what data we collect, why we collect it, and how you can control it. We comply with India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable e-commerce regulations.
1. Information We Collect
1.1 Information You Provide
- Account details: Name, email address, mobile number, date of birth, gender
- Delivery information: Postal address, pincode, city, state
- Payment details: We do not store card or UPI credentials โ all payment data is processed securely by Razorpay
- Communications: Messages sent via chat widget, support tickets, or email
- Reviews & feedback: Ratings, written reviews, product photos you submit
1.2 Information Collected Automatically
- IP address, browser type, device type, operating system
- Pages visited, time spent, clicks, scroll depth
- Referring URL and search keywords
- Cart activity, wishlist additions, products viewed
1.3 Information from Third Parties
- Delivery status updates from logistics partners (Delhivery, BlueDart, DTDC)
- Payment confirmation signals from Razorpay
- Analytics aggregates from Google Analytics 4
2. How We Use Your Information
| Purpose | Data Used | Basis |
|---|
| Process & fulfil orders | Name, address, phone, email | Contract |
| Send order updates via SMS/email | Mobile, email | Contract |
| Manage your account | Account details | Contract |
| Loyalty points & rewards | Purchase history | Legitimate interest |
| Personalised product recommendations | Browsing & purchase history | Consent |
| Marketing emails/SMS (opt-in only) | Email, phone | Consent |
| Fraud prevention & security | IP, device data, transaction patterns | Legal obligation |
| Improve our website & products | Analytics data | Legitimate interest |
3. Sharing & Disclosure
We do not sell, rent, or trade your personal data to third parties. We share information only in the following limited circumstances:
- Logistics partners (Delhivery, BlueDart): name, address, phone for delivery
- Payment processor (Razorpay): transaction data for payment processing
- SMS/Email gateways (MSG91, Nodemailer): for transactional notifications
- Analytics providers (Google Analytics 4): anonymised behavioural data
- Legal compliance: when required by Indian law, court order, or government authority
- Business transfer: in the event of a merger or acquisition, with user notice
All third-party partners are contractually bound to use your data solely for the purpose for which it was shared, and to maintain equivalent data protection standards.
4. Cookies & Tracking Technologies
We use cookies and similar technologies to enhance your experience:
| Cookie Type | Purpose | Duration |
|---|
| Strictly Necessary | Session management, cart, authentication | Session |
| Functional | Language preference, dark mode, remembered address | 1 year |
| Analytics (GA4) | Page views, conversion tracking | 2 years |
| Marketing | Retargeting, personalised ads (only with consent) | 90 days |
You may disable cookies via your browser settings. Note that disabling strictly necessary cookies may impair checkout functionality.
5. Data Security
We implement industry-standard security measures to protect your data:
- All data transmitted over HTTPS/TLS 1.3 encryption
- Passwords stored using bcrypt hashing (salted, one-way)
- MongoDB databases access-restricted and periodically backed up
- JWT tokens with short expiry and refresh token rotation
- Regular security audits and vulnerability scans
- Razorpay is PCI DSS Level 1 certified โ we never see raw card data
In the unlikely event of a data breach affecting your information, we will notify you within 72 hours as required by the DPDPA.
6. Your Rights
Under India's Digital Personal Data Protection Act (DPDPA) 2023, you have the following rights:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Correction: Correct inaccurate or incomplete information via your account profile
- Right to Erasure: Request deletion of your account and associated data (subject to legal retention obligations)
- Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer
- Right to Nomination: Nominate another individual to exercise your rights in case of death or incapacity
- Opt-out of Marketing: Unsubscribe via link in any email or SMS, or from Account โ Notifications
To exercise any right, email us at privacy@vaidhara.in or write to our Data Protection Officer. We respond within 30 days.
7. Payments via Razorpay
Important: VAIDHARA does not store, process, or transmit credit/debit card numbers or UPI credentials. All payment information is handled directly by Razorpay on their secure, PCI DSSโcertified infrastructure.
When you make a payment:
- You are redirected to or interact with Razorpay's secure payment interface
- Razorpay collects your payment details and processes the transaction
- VAIDHARA receives only a payment confirmation token (Razorpay Order ID)
- Your payment data is governed by Razorpay's Privacy Policy
8. Children's Privacy
VAIDHARA's services are intended for individuals aged 18 years and above. We do not knowingly collect personal information from minors. If you believe a child under 18 has provided us personal data, please contact us at privacy@vaidhara.in and we will promptly delete such information.
9. Third-Party Links
Our website may contain links to third-party websites (e.g., carrier tracking pages, social media). We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies. This Privacy Policy applies solely to information collected on vaidhara.in and associated subdomains.
10. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to registered users
- Display an in-app banner for 30 days following significant changes
Continued use of VAIDHARA after policy updates constitutes acceptance of the revised terms.