Privacy Policy

• "We", "Us", "Our", "Company": Refers to Dhaga, operating out of Gondal, Gujarat.
• "You", "Your", "User", "Customer": Refers to any individual accessing our website or purchasing our products.
• "Personal Data": Any information that can be used to identify you directly or indirectly, such as your name, contact details, or financial routing data.

We collect data through direct interactions with you and automated tracking technologies.

A. Information You Provide to Us Directly:

• Account Registration Data: Mandatory full name, valid email address, mobile number, and a secure password.
• Profile Data: Optional information you may add, such as gender, date of birth, or saved clothing size preferences.
• Transaction & Billing Data: Billing address, shipping/delivery address, landmark details, and postal code.
• Communication Data: Records of all correspondence when you contact us via our website contact form, direct email, or WhatsApp Business, including audio notes, text, and images shared for sizing or return disputes.

B. Information We Collect Automatically:

• Device & Technical Data: Your IP (Internet Protocol) address, browser type and version, operating system, and device identifiers (e.g., mobile device IDs).
• Usage & Log Data: Time and date of your visit, the specific pages or clothing categories you viewed, time spent on pages, and clickstream data (how you navigate the site).
• Cookies & Tracking Technologies: We utilize session cookies (which expire when you close your browser) and persistent cookies (which stay on your device) to maintain your logged-in status, retain items in your shopping cart, and track user behavior for our analytics.

We will only process your Personal Data for the following explicitly defined purposes:

• Service Delivery (Contractual Necessity): To process your orders, generate invoices, coordinate delivery with courier partners, and handle returns or refunds.
• Account Management: To secure your account and verify your identity upon login.
• Customer Support: To provide rapid responses via WhatsApp, email, or forms regarding order tracking, product quality, or sizing issues.
• Marketing & Promotions (Consent Based): To send you targeted newsletters, SMS alerts, and WhatsApp messages regarding seasonal sales, new dress collections, or cart abandonment reminders. You may withdraw this consent at any time.
• Platform Optimization (Legitimate Interest): To analyze traffic using third-party analytics tools, fix website bugs, and improve the overall User Interface (UI) and User Experience (UX).
• Fraud Prevention & Legal Compliance: To detect and prevent fraudulent transactions, cyber-attacks, and to comply with legal requests from Indian authorities.

We are the "Data Fiduciary," but we must share specific data with "Data Processors" to run our store. We strictly do not sell or rent your data. We share data only with the following verified categories:

• Payment Aggregators (Razorpay & PhonePe): When you check out, your transaction is processed securely by Razorpay or PhonePe. Dhaga does NOT collect, store, or process your credit/debit card numbers, CVV, or UPI PINs. All financial data goes directly to these PCI-DSS compliant gateways. We only receive a confirmation token and transaction ID.
• Shipping & Logistics Partners: We share your Name, Complete Delivery Address, and Mobile Number with various dynamic courier aggregators and delivery partners to calculate precise shipping charges and ensure the physical delivery of your clothing.
• Cloud Hosting & Database Providers: Your account and order data are hosted securely on our cloud infrastructure (including Vercel and our backend database providers).
• Analytics & Advertising Partners: We share anonymized or pseudonymized browsing data with tools (like Google Analytics or Meta Pixels) to track ad performance and website health.
• Law Enforcement: We may disclose your data if required to do so by law, court order, or formal request from government agencies in India.

We adhere to strict data retention schedules:

• Account Data: Retained as long as your account remains active.
• Financial & Order Records: To comply with Indian taxation laws (e.g., GST requirements) and the Companies Act, all invoices, order histories, and transaction records will be securely retained for a minimum period of seven (7) years, even if you delete your account.
• Support Logs: WhatsApp and email support logs are retained for up to 2 years to resolve ongoing disputes or quality control.

While no system is 100% secure, we implement robust commercial standards to protect your data, including:

• Encryption: Secure Socket Layer (SSL) / Transport Layer Security (TLS) encryption for all data transmitted between your browser and our website (https).
• Access Controls: Strict internal access controls ensuring only authorized personnel can view sensitive customer data.
• Password Hashing: Your account passwords are cryptographically hashed and salted; we cannot see your actual password.

As an Indian resident, you are legally entitled to the following rights regarding your personal data:

• Right to Access: You may request a summary of the personal data we hold about you and the identities of all third parties with whom it has been shared.
• Right to Correction: You can update or correct inaccurate data directly through your account dashboard.
• Right to Erasure (Right to be Forgotten): You may request the deletion of your personal data. (Note: This does not override our legal obligation to retain financial transaction data for 7 years.)
• Right to Grievance Redressal: You have the right to legally register a complaint regarding data mismanagement.
• Right to Nominate: You may nominate another individual to exercise your privacy rights in the event of your death or incapacity.

You have the right to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline them. If you choose to decline all cookies, you may not be able to add items to your cart or log into your account securely.

In accordance with the Information Technology Act, 2000, and the Consumer Protection (E-Commerce) Rules, 2020, the name and contact details of our Grievance Officer are provided below. The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days.

We reserve the right to modify this Privacy Policy at any time to reflect changes in legal requirements or our business practices. Any changes will be immediately posted on this page, and the "Last Updated" date at the top will be revised. We encourage you to review this policy periodically.