Privacy Policy

Effective date: 20 Aug 2025
Legal entity: “Sondarya”, “we”, “us”, or “our” refers to the owner of Sondarya.in.

1) Scope

This Policy explains how we collect, use, disclose, and safeguard personal data when you visit Sondarya.in, create an account, browse products, place orders, or interact with us via email, chat, social media, or ads.

2) What we collect

  • Identity & contact: name, email, phone, billing/shipping address.
  • Order & payment: items purchased, order notes, UPI/credit/debit card last 4 digits, payment status, and transaction IDs (full card/UPI credentials are handled by PCI-compliant payment gateways; we do not store them).
  • Account data: login credentials (hashed), wishlist, saved addresses.
  • Technical & usage: device/browser type, IP address, pages viewed, session data, cookies, and similar identifiers (e.g., pixels/SDKs).
  • Marketing preferences: newsletter opt-ins, campaign interactions.
  • Support content: messages, call/chat recordings (where applicable).
  • UGC: product reviews, photos you submit.

3) How we use your data (lawful purposes)

  • To provide the service: create/manage accounts, process and deliver orders, provide customer support, handle returns/warranties.
  • Payments & fraud prevention: via third-party gateways and risk tools.
  • Personalisation & analytics: remember your preferences, improve site performance and product relevance (cookies, pixels, analytics).
  • Marketing with consent/legitimate interest: emails, SMS, web push, and ads about new launches, offers, and updates; you can opt out anytime.
  • Legal & security: comply with laws, tax/finance audits, enforce terms, and secure our platform.

4) Cookies, pixels, and analytics

We use cookies and similar technologies to keep you signed in, remember cart contents, measure traffic, and personalise content/ads. You can manage cookies in your browser settings; some features may not function without essential cookies.

5) Sharing your information

We share data with:

  • Payment processors & banks for transactions and fraud checks.
  • Logistics partners for shipping and returns.
  • Cloud hosting, analytics, and marketing providers that help run our site and campaigns.
  • Professional advisors and authorities when required by law.
    All vendors are bound by contracts to use data only per our instructions.

6) Your privacy rights

India (DPDP Act, 2023)

Indian users have the right to be informed, access, correct, erase, and withdraw consent for processing, subject to lawful grounds. You may also nominate another person to exercise rights in certain situations.

European Economic Area/UK (GDPR – if you visit from the EEA/UK)

You may request access, rectification, erasure, restriction, portability, and objection, and you can withdraw consent at any time. You also have the right to lodge a complaint with your local Data Protection Authority.

California, USA (CCPA/CPRA – if you are a California resident)

You have the rights to know, delete, correct, opt-out of sale/share for cross-context behavioural advertising, and non-discrimination. We provide a “Do Not Sell or Share My Personal Information” mechanism where required.

7) Legal bases we rely on

Depending on your location, we process data on one or more bases: consent, contractual necessity, legitimate interests (e.g., site security, prevention of fraud, improving services), and legal obligation.

8) Children’s privacy

Our site is intended for persons 18+. We do not knowingly collect personal data from children. If you believe a child provided data, contact us to delete it. (Indian rules and global best practice emphasise additional safeguards for children’s data.

9) International transfers

If data is transferred outside your country, we take steps to ensure an adequate level of protection using contractual safeguards and industry-standard security controls.

10) Data retention

We keep personal data only as long as necessary for the purposes described above—typically:

  • Orders and tax records: as required by applicable law;
  • Accounts/marketing: until you delete the account or opt out;
  • Security logs: for a limited period to detect abuse.

11) Security

We employ administrative, technical, and physical safeguards such as encryption in transit (HTTPS), access controls, and monitoring. Payment processing is handled by PCI-compliant gateways; we do not store full card details.

12) Your choices

  • Access/update: Log in to your account or contact us.
  • Opt-out of marketing: Use the unsubscribe link in emails/SMS or contact us.
  • Cookies & ads: Control via browser settings and platform ad preferences; you may also send Global Privacy Control (GPC) signals where supported.

13) Third-party links & social media

Our site may link to third-party websites or include social widgets/pixels. Their privacy practices are governed by their own policies.

14) Grievance redressal & contact

For questions, requests, or complaints, or to exercise your rights:

Grievance Officer:
Name: Ashvini Dutta
Email: sondarya.in@gmail.com
Working hours: Mon–Fri, 10:00–18:00 IST

15) Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or applicable laws. Material changes will be highlighted on this page and, where appropriate, notified by email or in-account messages.