Privacy policy

Privacy Policy

Last updated: 17 Jan 2026

This Privacy Policy describes how Upahaar Studio LLP ("Upahaar", "we", "us", or "our") collects, processes, stores, and protects your personal data when you visit, use our services, or make a purchase from upahaarstudio.in (the "Platform") or otherwise communicate with us.

This Privacy Policy is prepared in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"). For purposes of this Privacy Policy, "you" and “your" means you as the Data Principal (user of our services), whether you are a customer, website visitor, or another individual whose personal data we have collected.

By using and accessing our Platform and Services, you consent to the collection, processing, and use of your personal data as described in this Privacy Policy.

1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by:

  • Posting the revised Privacy Policy on our Platform
  • Updating the "Last updated" date
  • Sending you a notification via email or through the Platform (for significant changes)

Your continued use of our services after such changes constitutes your acceptance of the updated Privacy Policy.

2. Personal Data We Collect

Under the DPDP Act, "personal data" means any data about an individual who is identifiable by or in relation to such data. We collect the following categories of personal data:

2.1 Information You Provide Directly

Basic Contact Information:

  • Name
  • Email address
  • Phone number
  • Postal address

Order and Transaction Information:

  • Billing address
  • Shipping address
  • Payment information (processed securely through our payment partners)
  • Order history and preferences

Account Information:

  • Username and password (encrypted)
  • Security questions and answers
  • Account preferences

Shopping Preferences:

  • Items you view, add to cart, or Wishlist
  • Product reviews and ratings
  • Gift preferences and customization requests

Customer Support Communications:

  • Messages, queries, and feedback you share with us
  • Call recordings (with prior notice and consent)

Corporate/B2B Information:

  • Company name and GST details
  • Business contact information
  • Purchase order details

2.2 Information Collected Automatically

Device and Usage Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Referring website
  • Click patterns and navigation paths

Cookies and Similar Technologies: We use cookies, pixels, and similar technologies to improve your experience. See Section 5 for details.

2.3 Information from Third Parties

We may receive personal data from:

  • Payment processors (transaction verification only)
  • Logistics and delivery partners (for order fulfillment)
  • Our platform provider (Shopify)
  • Marketing and analytics partners
  • Social media platforms (if you choose to connect your account)

3. Purpose and Lawful Basis for Processing

We process your personal data only for lawful purposes with your consent or as permitted under the DPDP Act:

3.1 To Provide Products and Services

  • Process and fulfill your orders
  • Manage payments and issue invoices
  • Arrange shipping and delivery
  • Handle returns, exchanges, and refunds
  • Maintain your account
  • Enable product reviews and customer support

3.2 For Marketing and Communication

  • Send promotional emails, SMS, or WhatsApp messages (with your consent)
  • Share product recommendations and offers
  • Conduct customer surveys and feedback requests
  • Display personalized advertisements

You can withdraw consent for marketing communications at any time by clicking "unsubscribe" in our emails or contacting us.

3.3 For Business Operations

  • Improve our Platform and services
  • Conduct data analytics and research
  • Detect and prevent fraud
  • Comply with legal and regulatory obligations
  • Enforce our terms and conditions
  • Protect our rights and security

3.4 For Corporate/B2B Services

  • Manage corporate accounts and bulk orders
  • Process GST invoices and compliance documents
  • Coordinate with procurement teams

4. How We Share Your Personal Data

We do not sell your personal data. We may share your information with the following categories of recipients:

4.1 Service Providers and Business Partners

  • Payment processors (Razorpay, PayU, etc.)
  • Logistics and courier services
  • Platform and hosting providers (Shopify, AWS, Lovable)
  • Customer support tools
  • Marketing and analytics services
  • SMS and email service providers

These parties process data only on our behalf and under strict confidentiality obligations.

4.2 Legal and Regulatory Authorities

We may disclose personal data to comply with:

  • Legal obligations under Indian law
  • Court orders and legal processes
  • Government authorities and regulatory bodies
  • Law enforcement agencies (when legally required)

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity, subject to the same privacy commitments.

4.4 With Your Consent

We may share data with third parties when you explicitly authorize us to do so.

5. Cookies and Tracking Technologies

We use cookies to enhance your experience on our Platform. Cookies are small text files stored on your device.

Types of Cookies We Use:

  • Essential Cookies: Required for Platform functionality (e.g., shopping cart, login)
  • Analytics Cookies: Help us understand user behavior and improve our services
  • Marketing Cookies: Enable personalized advertising and track campaign effectiveness

Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect Platform functionality.

For Shopify-specific cookies, visit: https://www.shopify.com/legal/cookies

6. Data Security and Retention

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of sensitive data (SSL/TLS)
  • Secure payment gateways (PCI-DSS compliant)
  • Access controls and authentication
  • Regular security audits
  • Employee training on data protection

However, no system is completely secure. We cannot guarantee absolute security of data transmitted over the Internet.

6.2 Data Retention

We retain your personal data only as long as necessary for the purposes stated in this Policy:

  • Account data: Until you delete your account or request erasure
  • Transaction records: As required by tax and accounting laws (typically 7 years)
  • Marketing data: Until you withdraw consent
  • Legal compliance: As required by applicable Indian laws

7. Your Rights as a Data Principal (DPDP Act)

Under the DPDP Act 2023, you have the following rights:

7.1 Right to Access

You can request information about the personal data we hold about you.

7.2 Right to Correction

You can request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You can request deletion of your personal data, subject to legal obligations that require us to retain certain data.

7.4 Right to Withdraw Consent

You can withdraw consent for data processing at any time (this won't affect processing done before withdrawal).

7.5 Right to Grievance Redressal

You can file a grievance if you believe your rights have been violated. See Section 9.

7.6 Right to Nominate

You can nominate another individual to exercise your rights in the event of your death or incapacity.

How to Exercise Your Rights

Contact us at: support@upahaarstudio.in

We will respond to your request within the timelines specified under the DPDP Act (typically within 30 days).

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children without verifiable parental consent as required under the DPDP Act. If we discover we have collected such data, we will delete it promptly.

9. Grievance Redressal Mechanism

If you have any concerns or complaints regarding your personal data or this Privacy Policy:

Contact Our Grievance Officer:

  • Name: Ketan Suthar
  • Email: support@upahaarstudio.in
  • Address: Upahaar Studio LLP, B1, 10B, Giridhama Layout, BEML 3RD Stage, Gattigere, Raja Rajeshwari Nagar, Bangalore - 560098
  • Response Time: We will acknowledge your complaint within 24 hours and resolve it within 30 days

If you are not satisfied with our response, you may approach the Data Protection Board of India as established under the DPDP Act.

10. Cross-Border Data Transfers

Your personal data may be transferred to and stored on servers located outside India (e.g., cloud services). We ensure such transfers comply with the DPDP Act and that adequate safeguards are in place to protect your data.

Countries and entities we may transfer data to include:

  • Shopify (Canada/USA) - Platform hosting
  • Cloud service providers with servers in approved jurisdictions

11. User-Generated Content

If you post product reviews, testimonials, or other content on our Platform, this information will be publicly visible. Please do not share sensitive personal data in public areas. We are not responsible for how others use publicly available information.

12. Third-Party Websites and Links

Our Platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing your data.

13. Marketing Communications

We may send you promotional communications via email, SMS, or WhatsApp. You can opt out at any time by:

  • Clicking "unsubscribe" in our emails
  • Replying "STOP" to SMS messages
  • Contacting us at support@upahaarstudio.in

Note: You will continue to receive transactional messages (order confirmations, shipping updates, etc.) even if you opt out of marketing.

14. GST and Tax Compliance

For B2B and corporate orders, we collect and process GST details as required under Indian tax laws. This information is used solely for invoicing and regulatory compliance.

15. Consent Management

By using our Platform, you provide consent for data processing as described in this Policy. You can withdraw consent at any time, though this may limit your ability to use certain features.

For specific processing activities requiring explicit consent (e.g., marketing), we will obtain separate opt-in consent.

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Upahaar Studio LLP

  • Email: support@upahaarstudio.in
  • Address: B1, 10B, Giridhama Layout, BEML 3RD Stage, Gattigere, Raja Rajeshwari Nagar, Bangalore - 560098

17. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of courts in Bengaluru, Karnataka, India.

Acknowledgment: By continuing to use Upahaar's services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the collection, processing, and use of your personal data as described herein.