Privacy Policy

We collect the following categories of personal information:

Information You Provide Directly

• ✦Full name, email address, phone number, and delivery address when placing an order or creating an account.
• ✦Payment information — processed securely via Razorpay; we do not store your card details on our servers.
• ✦Communications you send us via email or contact forms.
• ✦Reviews, ratings, or other content you submit on our platform.

Information Collected Automatically

• ✦Device and browser information, IP address, and operating system.
• ✦Pages visited, time spent on pages, referring URLs, and clickstream data.
• ✦Cookies and similar tracking technologies (see Section 5 below).

Information from Third Parties

• ✦If you sign in with Google, we receive your name, email address, and profile picture from Google OAuth.
• ✦Shipping partners may provide us with delivery status updates associated with your order.

We use your personal information for the following purposes:

• ✦To process and fulfil your orders, including payment processing and delivery coordination.
• ✦To create and manage your account on our platform.
• ✦To send order confirmation, shipping updates, and customer service communications.
• ✦To send promotional emails and offers — only with your consent; you may opt out at any time.
• ✦To personalise your browsing and shopping experience.
• ✦To detect, prevent, and address fraud, security incidents, or technical issues.
• ✦To comply with applicable laws and legal obligations under the Information Technology Act, 2000 and Consumer Protection Act, 2019.
• ✦To improve our website, products, and services through analytics.

We do not sell or rent your personal information. We may share it with trusted third parties only as necessary:

• ✦Payment processors (Razorpay) to securely process transactions.
• ✦Shipping and logistics partners to deliver your orders.
• ✦Google (for OAuth sign-in) under their applicable Privacy Policy.
• ✦Analytics providers (e.g., Vercel Analytics) to understand website usage — data is anonymised.
• ✦Law enforcement or government authorities when required by law or court order.
• ✦Successor entities in the event of a merger, acquisition, or sale of assets — your information will remain subject to this policy.

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. Specifically:

• ✦Order data is retained for a minimum of 3 years for legal and tax compliance.
• ✦Account information is retained until you request deletion.
• ✦Marketing preferences and consent records are retained for as long as you remain subscribed.

We use cookies and similar technologies to enhance your experience. These include:

• ✦Essential cookies — required for the website to function (e.g., session management, shopping cart).
• ✦Analytics cookies — to understand how visitors interact with our website.
• ✦Marketing cookies — to show you relevant advertisements (only if you have consented).

You can control or disable cookies through your browser settings. Disabling essential cookies may affect website functionality.

As a user, you have the following rights regarding your personal data:

• ✦Right to access — request a copy of the personal data we hold about you.
• ✦Right to correction — request correction of inaccurate or incomplete data.
• ✦Right to deletion — request deletion of your personal data, subject to legal retention obligations.
• ✦Right to withdraw consent — withdraw marketing consent at any time by clicking “Unsubscribe” in any email or contacting us.
• ✦Right to data portability — request your data in a structured, machine-readable format.

To exercise any of these rights, please contact us at support@anaajewels.in. We will respond within 30 days.

We implement industry-standard technical and organisational measures to protect your personal information, including:

• ✦HTTPS encryption for all data transmitted on our website.
• ✦Secure, access-controlled storage on MongoDB Atlas with role-based access.
• ✦Payment data handled exclusively by PCI-DSS compliant payment processors.
• ✦Regular security reviews and vulnerability assessments.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach affecting your information.

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any third-party site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on this page with a revised “Last updated” date. Your continued use of our website after such changes constitutes your acceptance of the updated policy.

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Consumer Protection Act, 2019.