Privacy Policy

 

Introduction

Welcome to My Upalmart (“we”, “our”, “us”), operated by Upalmart Private Limited, a company incorporated under the Companies Act, 2013, with its registered office at Varanasi, Uttar Pradesh, India.

This Privacy Policy governs the collection, use, storage, and disclosure of personal information when you visit or make a purchase from myupalmart.in (the “Website”) and any related services, applications, or tools (collectively, the “Platform”).

This policy complies with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA).

By accessing or using our Platform, you consent to the collection and use of information as described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.
02

Information We Collect

We collect information to provide and improve our services. The types of information we collect include:

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, and password when you register or log in.
  • Order & Payment Information: Billing address, shipping address, and transaction details (we do not store full card numbers; payments are processed by PCI-DSS-compliant third-party gateways).
  • Profile Information: Optional profile photo, date of birth, and saved addresses.
  • Communications: Messages you send through our contact form, customer support emails, or chat — including the content of those communications.
  • Reviews & Ratings: Product reviews, ratings, and photos you voluntarily submit.

2.2 Information Collected Automatically

  • Device Information: IP address, browser type and version, operating system, device identifiers.
  • Usage Data: Pages visited, time spent, links clicked, search queries, and referring URLs.
  • Location Data: Approximate geographic location derived from your IP address, or precise location if you grant permission for delivery-related features.
  • Cookies & Trackers: See Section 5 — Cookies & Tracking for full details.

2.3 Information from Third Parties

  • Social Login: If you log in via Google or Facebook, we receive your name, email, and profile picture from that provider, subject to your settings there.
  • Payment Gateways: Transaction status and payment method type (e.g., “UPI”, “Card”) from our payment partners.
  • Delivery Partners: Shipment status and delivery confirmation from logistics providers.
Sensitive Personal Data: We do not intentionally collect sensitive personal data such as health information, caste, religion, sexual orientation, or financial data beyond what is necessary to complete a transaction.
03

How We Use Your Information

We use your personal information for the following purposes:

Order Fulfillment

Processing orders, coordinating with artisans and logistics partners, sending order confirmations, and tracking deliveries.

Account Management

Creating and managing your account, authenticating logins, enabling wishlist and order history features.

Customer Support

Responding to queries, resolving disputes, processing returns and refunds, and improving service quality.

Communications

Sending order updates, shipping notifications, and — with your consent — promotional emails, SMS alerts, and offer notifications.

Analytics & Improvement

Understanding how users interact with our platform to improve features, fix bugs, and personalise your experience.

Fraud Prevention & Security

Detecting and preventing fraudulent transactions, unauthorised access, and other harmful activity on our platform.

Legal Compliance

Complying with applicable Indian laws, regulatory requirements, tax obligations, and responding to lawful requests from authorities.

Personalisation

Showing you products, offers, and content relevant to your browsing history and preferences on our platform.

04

Sharing & Disclosure of Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information only in the following limited circumstances:

Recipient Purpose Data Shared
Artisan Partners Order fulfillment and packaging Name, shipping address, order details
Logistics / Courier Partners Delivering your order Name, address, phone number, order ID
Payment Gateway (Razorpay, etc.) Processing secure payments Transaction amount, payment method type
Analytics Providers (Google Analytics) Platform performance analytics Anonymised usage data
Email / SMS Service Providers Order and marketing communications Email address, phone number
Legal Authorities Compliance with court orders or law enforcement As required by applicable law
All third-party service providers are contractually bound to process your data only as instructed by us and to maintain appropriate security measures.
05

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Platform. Cookies are small data files stored on your device by your browser.

Types of Cookies We Use

Essential

Strictly Necessary

Required for the Platform to function — including login sessions, shopping cart persistence, and security tokens. These cannot be disabled.

Functional

Functional

Remember your preferences — such as language, currency, saved addresses, and wishlist — to personalise your experience between visits.

Analytics

Analytics

Collect anonymised data (via Google Analytics) on how users navigate our site — helping us improve page performance and usability.

Marketing

Marketing

Used to display personalised advertisements on third-party platforms based on your browsing behaviour. You can opt out at any time.

Managing Cookies

You can control or delete cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Platform. You can also opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.

06

Data Security

We take the security of your personal information seriously and implement industry-standard technical and organisational measures to protect it, including:

  • 256-bit SSL/TLS encryption for all data transmitted between your browser and our servers.
  • PCI-DSS-compliant payment processing — we never store full credit or debit card numbers on our servers.
  • Passwords are stored using one-way cryptographic hashing (bcrypt).
  • Access to personal data is restricted to authorised personnel on a need-to-know basis.
  • Regular security audits and vulnerability assessments of our infrastructure.
  • Two-factor authentication options for customer accounts.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you suspect any unauthorised access to your account, please contact us immediately.
07

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by Indian law:

  • Account Data: Retained for the duration of your active account, plus 3 years after account closure (for legal and dispute resolution purposes).
  • Order Records: Retained for 7 years to comply with GST and tax record-keeping requirements under Indian law.
  • Customer Support Records: Retained for 2 years from the date of resolution.
  • Marketing Data: Retained until you withdraw consent or unsubscribe, whichever is earlier.
  • Server Logs: Retained for 90 days for security and debugging purposes.

After the applicable retention period, data is securely deleted or anonymised.

08

Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian regulations, you have the following rights regarding your personal data:

 

Right to Access

Request a copy of the personal data we hold about you.

 

Right to Correction

Request correction of inaccurate or incomplete personal data.

 

Right to Erasure

Request deletion of your personal data where it is no longer necessary, subject to legal obligations.

 

Right to Withdraw Consent

Withdraw your consent to data processing at any time (e.g., unsubscribe from marketing emails).

 

Right to Nominate

Nominate a person to exercise your data rights in the event of your death or incapacity (per DPDPA 2023).

 

Right to Grievance

Lodge a complaint with our Grievance Officer (see Section 12) or with the Data Protection Board of India.

To exercise any of these rights, please email privacy@myupalmart.in with the subject “Data Rights Request”. We will respond within 30 days of receiving your request.

09

Third-Party Links

Our Platform may contain links to third-party websites, social media platforms, or partner services (e.g., Instagram, YouTube, payment gateways). These links are provided for your convenience only.

We have no control over the content, privacy practices, or data handling of third-party websites. Once you leave our Platform by clicking an external link, this Privacy Policy no longer applies. We strongly encourage you to review the privacy policies of any third-party sites you visit.

Clicking “Pay via Razorpay” or similar payment buttons will take you to that provider’s secure environment, governed by their own privacy policy.
10

Children’s Privacy

Our Platform is not directed at children under the age of 18 years. We do not knowingly collect personal information from minors.

As per the Digital Personal Data Protection Act, 2023, we will seek verifiable parental consent before collecting or processing data of individuals under 18 years. If you believe that a minor has provided us personal information without parental consent, please contact our Grievance Officer immediately so that we may delete the data.

Purchases on our Platform must be made by individuals aged 18 or above, or by a parent/guardian on behalf of a minor.
11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, legal requirements, or for any other reason. All changes are effective immediately upon posting on this page.

When we make significant changes, we will notify you by:

  • Posting a prominent notice on our homepage or account dashboard.
  • Sending an email to your registered email address.
  • Updating the “Last Updated” date at the top of this page.

Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy. If you disagree with the changes, please discontinue use and contact us to close your account.

12

Grievance Officer

In accordance with the Information Technology Act, 2000 and the Consumer Protection (E-Commerce) Rules, 2020, My Upalmart has appointed a Grievance Officer to address your data-related concerns:

GO

Grievance Officer

Name: Mr. Arjun Krishnan
Designation: Chief Technology Officer & Grievance Officer
Company: Upalmart Private Limited
Address: Varanasi, Uttar Pradesh — 221001, India
Email: info@myupalmart.in
Phone: +91 +91 80047 66648 (Mon–Sat, 10AM–7PM IST)
Resolution Time: Grievances will be acknowledged within 48 hours and resolved within 30 days.
If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once constituted under the Digital Personal Data Protection Act, 2023.

Related Policies & Documents

Terms of ServiceReturn & Refund PolicyShipping PolicyContact Support
Shopping Cart
Cart
Checkout - ₹0.00
  • 0
  • 1
Scroll to Top