1. Introduction
PraMaan Print Studio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.pramaanstudio.in (the "Platform").
This policy is in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable Indian laws. Please read this policy carefully. By using our platform, you consent to the practices described in this policy.
2. Information We Collect
We collect information in the following ways:
A. Information You Provide Directly:
- Account Information: Name, email address, phone number, password (encrypted), date of birth (optional).
- Shipping/Billing Address: Complete address including street, city, state, pin code, and country.
- Payment Information: Payment method details (processed securely through Razorpay; we do not store complete card details).
- Order Information: Products ordered, customization preferences, design uploads.
- Communications: Messages sent to us via contact forms, email, or chat.
- Reviews & Feedback: Product reviews, ratings, and feedback you provide.
B. Information Collected Automatically:
- Device Information: Browser type, operating system, device identifier, and device characteristics.
- Usage Data: Pages visited, time spent on pages, click patterns, and navigation paths.
- Location Data: General location (city/region) based on IP address.
- Log Data: Access times, error logs, and other diagnostic data.
C. Information from Third Parties:
- Payment Gateway: Transaction status and confirmation from Razorpay.
- Authentication Providers: Information from Google sign-in (if used).
- Shipping Partners: Delivery status and tracking information.
3. How We Use Your Information
We use collected information for the following purposes:
- Processing and fulfilling your orders
- Creating and managing your account
- Communicating order updates, shipping status, and delivery confirmations
- Sending transactional emails (order confirmations, invoices, cancellation notices)
- Responding to your queries, feedback, and support requests
- Personalizing your experience on our platform
- Improving our products, services, and user experience
- Conducting market research and analytics
- Preventing and detecting fraud or unauthorized activities
- Enforcing our Terms & Conditions and preventing prohibited activities
- Sending promotional communications (only with your consent, which you can withdraw anytime)
- Complying with legal obligations and authorities
- Processing refunds and managing returns/exchanges
4. Legal Basis for Processing (DPDPA Compliance)
Under the Digital Personal Data Protection Act, 2023, we process your personal data based on:
- Consent: You have provided clear consent for processing your data for specific purposes.
- Legitimate Uses: Processing necessary for the performance of a contract with you or for providing services.
- Legal Obligation: Processing required to comply with applicable laws.
- Vital Interest: Processing necessary to protect life or safety.
5. Data Sharing & Disclosure
We do not sell your personal data. We may share your information with:
- Payment Processors:
- Razorpay Payment Gateway for processing transactions
- Banks and financial institutions for payment settlement
- Shipping & Logistics Partners:
- Courier and delivery services for order fulfillment
- Tracking services for delivery updates
- Technology Service Providers:
- Firebase (Google) for authentication and database
- Cloudinary for image storage
- Analytics services (Google Analytics) for platform improvement
- Legal & Government Authorities:
- When required by law, court orders, or government requests
- To enforce our Terms & Conditions
- To protect our rights, privacy, safety, or property
- To investigate fraud or security issues
- Business Transfers:
- In case of merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
6. Payment Data Handling
Your payment security is our priority:
- All payment transactions are processed through Razorpay, a PCI-DSS Level 1 compliant payment gateway.
- We do not store your complete credit/debit card numbers, CVV, or PIN on our servers.
- Payment details entered by you are directly transmitted to the payment processor via secure encryption (SSL/TLS).
- We store only transaction IDs and payment status received from the payment gateway.
- For Cash on Delivery (COD) orders, we collect minimal payment information for order confirmation.
- Refund transactions are processed through the same payment method used for the original transaction.
- Your bank may have additional terms and conditions for payment processing; please refer to your bank's policies.
7. Cookies & Tracking Technologies
We use cookies and similar technologies to enhance your experience:
- Essential Cookies: Required for platform functionality, authentication, and security.
- Preference Cookies: Remember your settings and preferences.
- Analytics Cookies: Help us understand how visitors use our platform.
- Marketing Cookies: Used for promotional communications (only with consent).
You can manage cookie preferences through your browser settings. Disabling cookies may affect some platform features.
8. Data Retention
We retain your personal data for the following periods:
- Account Data: Retained until you delete your account or for 3 years after last activity, whichever is earlier.
- Order Data: Retained for 8 years as per tax and legal requirements (including GST compliance).
- Communication Data: Retained for 2 years for customer service purposes.
- Marketing Preferences: Retained until you withdraw consent.
After the retention period, data is securely deleted or anonymized in accordance with applicable laws.
9. Data Security
We implement robust security measures to protect your data:
- Encryption: SSL/TLS encryption for data in transit; encryption for data at rest.
- Access Controls: Strict access controls limiting who can access personal data.
- Secure Infrastructure: Firebase Cloud Firestore with built-in security rules.
- Regular Audits: Periodic security reviews and updates.
- Employee Training: Our team is trained on data protection practices.
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. International Data Transfers
Your data may be processed on servers located outside India. When we transfer data internationally, we ensure appropriate safeguards are in place in compliance with the DPDPA.
11. Your Rights Under DPDPA
As a user, you have the following rights:
- Right to Access: Request a summary of your personal data we hold.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data (subject to legal retention requirements).
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Withdraw Consent: Withdraw consent for processing at any time (this will not affect processing done before withdrawal).
- Right to Grievance Redressal: Raise complaints and expect timely resolution.
- Right to Nominate: Nominate a representative to exercise rights in case of death or incapacity.
To exercise your rights, contact us at the details provided in Section 16.
12. Children's Privacy
Our platform is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we discover that we have collected data from a minor, we will take steps to delete that information promptly.
13. Third-Party Links
Our platform may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.
14. User-Generated Content
If you submit product reviews, feedback, or other content, you grant us a non-exclusive, royalty-free license to use, reproduce, modify, and distribute such content on our platform and in our marketing materials.
15. Data Breach Notification
In the event of a data breach that may affect your rights and freedoms, we will notify the Data Protection Board of India and affected users within the timeframe prescribed under the DPDPA. We will also take immediate steps to mitigate the breach and prevent future incidents.
16. Grievance Officer
In accordance with the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address any concerns or complaints regarding your data.
We will endeavor to respond to your grievance within 48 hours of receipt. For urgent matters, please include "URGENT" in the subject line.
17. Consumer Protection Information
As a consumer, you are protected under:
- Consumer Protection Act, 2019: Right to safety, right to be informed, right to choose, right to be heard, and right to seek redressal.
- Digital Personal Data Protection Act, 2023: Rights regarding your personal data.
- Information Technology Act, 2000: Protection of electronic records and cybersecurity.
For consumer complaints, you may also approach the appropriate Consumer Forum under the Consumer Protection Act, 2019.
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on this page
- Updating the "Last updated" date
- Sending an email notification (for significant changes)
- Displaying a notice on our platform
Your continued use of our platform after changes constitutes acceptance of the updated policy.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
