policy-data
Understanding how we collect, store, and manage your data in compliance with applicable regulations.
Policy Overview
This Data Retention Policy describes how we collect, retain, and dispose of personal and business data. We are committed to retaining data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate business interests.
This policy is governed by applicable Indian data protection laws including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, as well as international regulations including the GDPR for customers in the European Union.
Our Principle: We follow a data minimization approach — we collect only the data we need, retain it only as long as necessary, and delete it securely when it is no longer required.
Data We Collect
We collect and retain the following categories of data:
- Account Data: Name, email address, phone number, password (encrypted), and account preferences
- Order Data: Order history, product selections, quantities, pricing, and transaction records
- Shipping Data: Delivery addresses, shipping method preferences, and tracking information
- Payment Data: Payment method type, last four digits of card number, transaction IDs (full payment details are not stored)
- Communication Data: Customer service correspondence, email communications, chat transcripts, and feedback/reviews
- Technical Data: IP addresses, browser type, device information, pages visited, and click patterns
- Marketing Data: Newsletter subscription status, promotional preferences, and campaign interaction data
Retention Periods
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 3 years | Legal compliance, dispute resolution |
| Order & Transaction Records | 7 years from order date | Tax and accounting obligations (GST, Income Tax) |
| Payment Records | 7 years from transaction date | Financial regulatory compliance |
| Shipping & Delivery Data | 3 years from delivery date | Warranty claims, dispute resolution |
| Customer Support Tickets | 3 years after resolution | Quality assurance, training, evidence |
| Marketing Preferences | Until consent is withdrawn | Consent-based marketing |
| Website Analytics | 26 months | Performance optimization, trend analysis |
| Cookie Data | Up to 2 years | Site functionality, analytics, advertising |
| Server Logs | 90 days | Security monitoring, troubleshooting |
Legal Basis for Data Retention
We retain personal data based on the following legal grounds:
- Contract Performance: Data necessary to fulfill our contractual obligations (e.g., processing orders, managing your account)
- Legal Compliance: Data we are legally required to retain (e.g., GST records under Section 36 of the CGST Act for 7 years)
- Legitimate Interest: Data retained for fraud prevention, security, analytics, and improving our services
- Consent: Data retained based on your explicit consent (e.g., marketing communications), which you may withdraw at any time
Data Deletion & Secure Disposal
When data reaches the end of its retention period or is no longer needed, we ensure it is disposed of securely:
- Digital Data: Permanently deleted from our systems and databases, including backups within 90 days
- Anonymization: Where full deletion is not feasible, data is anonymized so it can no longer be linked to any individual
- Third-Party Data: We instruct our service providers and partners to delete your data in accordance with data processing agreements
- Physical Records: Any printed documents containing personal data are securely shredded
Exceptions: Data may be retained beyond the stated period if required by law, court order, or ongoing legal proceedings. In such cases, data will be deleted promptly after the legal requirement expires.
Your Data Rights
You have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Right to Data Portability: Request your data in a structured, commonly used format
- Right to Withdraw Consent: Withdraw consent for data processing activities based on consent
- Right to Object: Object to the processing of your data for certain purposes
- Right to Grievance Redressal: Lodge a complaint with the relevant data protection authority
We will respond to your request within 30 days as required by applicable law.
Data-related requests?
You have rights over your data. Contact our Data Protection team for any requests.
Submit Data Request