Privacy Policy

Last updated: July 2026

Note: This document has been drafted to reflect what Varnalayam actually collects and does with your data, but has not yet been reviewed by a qualified lawyer. Treat it as a solid working draft, not a final legal document — get it reviewed for compliance with India's DPDP Act and other applicable data protection laws before relying on it in a dispute.

1. Information We Collect

2. How We Use Information

3. Sharing

We share data only with processors necessary for service delivery — cloud infrastructure (AWS), email provider (AWS SES), and shipping partners. We do not sell personal data.

4. Security

Passwords are hashed (bcrypt). Data is transmitted via HTTPS and stored in encrypted databases hosted in the ap-south-1 (Mumbai) region.

5. Your Rights

You may request access, correction, or deletion of your data by emailing privacy@varnalayamarts.com.

6. Cookies

We use essential cookies for authentication and session management. No third-party tracking cookies are used in the MVP.

7. Data Retention

Account data is retained for the life of your account plus 30 days. Order records are retained for 7 years for tax/legal compliance.

8. Grievance Officer

In accordance with Indian IT Rules, complaints or concerns about how your data is handled can be directed to our Grievance Officer at privacy@varnalayamarts.com. We aim to acknowledge complaints within 48 hours and resolve them within 30 days.

Action needed: name a specific Grievance Officer (individual name, designation, and a direct phone number/postal address) here — a role-based email alone is a placeholder, not full compliance.