Privacy Policy
What we collect, why we collect it, who else sees it, and how to get it removed. We collect the minimum needed to sell you a garment and deliver it.
Last updated — 18 July 2026
01What we collect
When you order or create an account we collect:
- Contact details — name, email address, phone number
- Delivery address — street address, city, state, PIN code
- Order details — what you bought, size, colour, amount, order status
- Account credentials — your email and a securely hashed password (we never store the password itself)
We also collect basic technical data such as your IP address and browser type through ordinary server logs, which we use for security and troubleshooting.
02What we never collect
We do not see or store your card number, CVV, UPI PIN, netbanking credentials or any other payment credential. Payments are processed entirely by Razorpay on their own PCI-DSS compliant infrastructure. We receive only a payment reference and a success or failure result.
03Why we use it
We use your data only to:
- process, pack and deliver your order
- send transactional email — order confirmation, dispatch, tracking, returns and password resets
- handle returns, exchanges and refunds
- answer your questions when you contact us
- meet our tax, accounting and legal obligations
- detect and prevent fraud
We do not sell your personal data. We do not send marketing email unless you have asked us to, and any marketing email carries a one-click unsubscribe.
04Who we share it with
We share the minimum necessary with:
- Razorpay — to take payment and process refunds
- Courier partners — your name, address and phone number, so they can deliver the parcel
- Our hosting and database providers — who store the data on our behalf under contract
- Government authorities — where we are legally required to
Each of these acts on our instructions and is not permitted to use your data for its own purposes.
05Cookies
We use only what the store needs to function: a secure, HTTP-only session cookie that keeps you signed in, and browser local storage that remembers your cart between visits. We do not run third-party advertising or cross-site tracking cookies. Clearing your browser data removes both.
06How long we keep it
Order records are kept for as long as required by Indian tax and accounting law (currently eight financial years). Account data is kept until you ask us to delete it. Server logs are kept for a short period for security purposes.
07Security
The site is served over HTTPS. Passwords are stored as bcrypt hashes, never in plain text. Sessions use signed, HTTP-only cookies. Access to the admin back office is restricted and role-gated. No system is perfectly secure, but we take these measures seriously and review them.
08Your rights
You can ask us to show you the personal data we hold about you, correct anything inaccurate, or delete your account and its data. To do any of these, email sadastudio.in@gmail.com from the address on the account. We respond within 30 days.
Note that we may need to retain order and invoice records even after an account is deleted, where tax law requires it.
09Children
This store is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has given us personal data, contact us and we will delete it.
10Changes
If we change this policy we will update the date at the top of this page. Material changes will be announced on the site.
Questions about this policy? Write to sadastudio.in@gmail.com — or see the contact page.