Privacy policy
Effective date: [DD Month YYYY]
Legal owner: Veil &Vers (“we”, “our”, “us”)
Website: www.veilandvers.com
Quick Summary
- We collect only what we need to serve you (orders, delivery, support, personalization).
- We never sell your personal data.
- You control your data: access, correct, delete, opt-out of marketing, manage cookies.
- We use trusted processors (Shopify, payment gateways, logistics, analytics, email/SMS tools).
- Disputes are rare—we’re reachable and responsive.
1) Who we are & how to contact us
Controller: Veil &Vers, [Registered entity & address].
Privacy contact: submission@veilandvers.com
Customer Care: support@veilandvers.com
Grievance Officer (India IT Rules 2021 / DPDP 2023):
Name: Akash Lakhotia • Email: support@veilandvers.com • (We acknowledge complaints within 48 working hours and aim to resolve within 15 days.)
2) What data we collect
Data you provide
- Account & identity: name, email, phone, shipping/billing address.
- Orders & payments: items purchased, order history, partial card/payment tokens via PCI-compliant processors (we don’t store full card data).
- Support: messages, returns/replacement info, photos (for quality issues).
- Preferences: size, fit, style, wishlist, notification preferences.
- Marketing consent: email/SMS/WhatsApp opt-ins (and your opt-outs).
Data we generate/collect automatically
- Device & usage: IP, device type, browser, app & page interactions, referring URLs, approximate location (city/region), session logs.
- Cookies & similar tech: for cart, checkout, analytics, ads, fraud prevention, and preferences.
Optional/special contexts
- Creator/designer onboarding (KYC/Bank details) when applicable.
- UGC (photos/reviews).
- Social sign-in/profile handles (if you choose).
We do not intentionally collect children’s data; our site is 18+.
3) Why we use your data (purposes & legal bases)
- Purchase &fulfillment: process orders, payments, shipping, returns, warranty. (Contract necessity)
- Customer care: respond, troubleshoot, after-sales. (Contract necessity / Legitimate interest)
- Fraud & security: detect abuse, chargebacks, bots, account safety. (Legitimate interest / Legal obligation)
- Personalization & analytics: recommend sizes/styles, improve UX. (Legitimate interest / Consent, where required)
- Marketing: emails/SMS/WhatsApp, on-site and off-site ads. (Consent; or Legitimate interest where allowed, with opt-out)
- Legal compliance: taxes, bookkeeping, regulatory requests. (Legal obligation)
4) Who we share data with (processors & partners)
We share minimal necessary data with trusted service providers under data-processing agreements:
- Commerce platform: Shopify (storefront, checkout, hosting).
- Payments: Razorpay / Stripe / PayPal / Shopify Payments (PCI-DSS).
- Logistics: Delhivery, Blue Dart, DTDC, Shiprocket (labels, tracking, delivery).
- Analytics & A/B testing: Google Analytics, Shopify analytics, [Hotjar/FullStory—if used].
- Marketing & CRM: Klaviyo / Mailchimp, Meta (Facebook/Instagram), Google Ads, WhatsApp Business/SMS providers, review & UGC tools (e.g., Okendo/Loox).
- Fraud & risk: Shopify Fraud Protect / third-party anti-fraud as applicable.
- Professional services: auditors, legal advisors (only if necessary).
We do not sell personal data. “Share” for cross-context behavioral advertising (CPRA) is opt-out-able (see §9).
5) International transfers
Your data may be processed in India, the EU, the US, Canada, or other locations where our processors operate.
We rely on contractual safeguards (e.g., Standard Contractual Clauses / DPAs) and vendor certifications.
6) Cookies & tracking
We use:
- Essential cookies: cart, checkout, security.
- Performance/analytics: site usage to improve experience.
- Functional: remember preferences.
-
Advertising: measure & show relevant ads.
Manage preferences anytime via “Cookie Settings” in the footer. You can also clear or block cookies in your browser.
7) Data retention
- Orders, invoices, taxes: 7–10 years (legal requirement varies by jurisdiction).
- Accounts & preferences: while your account is active, or 24 months after last activity.
- Marketing data: until you withdraw consent / opt-out; we periodically prune inactive subscribers.
- Support tickets/UGC: 24–36 months after resolution unless legally required longer.
When no longer needed, we delete or irreversibly anonymize data.
8) Your rights
India (DPDP Act, 2023): Access, correction, erasure, grievance redressal, consent withdrawal.
EU/UK (GDPR/UK GDPR): Access, rectification, erasure, restriction, portability, objection, and consent withdrawal; lodge a complaint with your supervisory authority.
US (CPRA/State laws): Know/access, correct, delete, limit use of sensitive data (if any), and opt-out of “sale”/“sharing” for cross-context advertising.
Request via support@veilandvers.com (we’ll verify identity).
Marketing opt-outs: Unsubscribe links in emails; reply STOP to SMS/WhatsApp.
9) Ads, “sale”/“sharing,” and opt-outs (CPRA/Global)
We do not sell your data.
We may “share” identifiers and online activity with advertising partners to measure and improve ads.
You can opt-out anytime: “Do Not Sell or Share My Personal Information” link in the footer (and honor GPC signals where supported).
10) WhatsApp/SMS/Email consent
By subscribing, you consent to receive messages about orders, delivery, and marketing.
- Frequency: variable (launches, updates).
- Charges: standard carrier rates apply.
- Opt-out: use unsubscribe links, reply STOP, or email privacy@veilandvers.com.
11) Security
We use industry-standard safeguards: HTTPS/TLS, access controls, encryption at rest by key vendors, least-privilege access, and staff training.
No method is 100% secure; we’ll notify you and regulators of any data breach as required by law.
12) Third-party links & UGC
External links (press, social, payment pages) have their own policies.
If you submit reviews/photos, you grant us a non-exclusive license to display them (you can request removal at any time).
13) Changes to this policy
We’ll post updates here and revise the Effective date.
Material changes may also be communicated via email or an on-site banner.
14) Contact