Privacy Policy

Last Updated: March 15, 2025

1. Introduction

Welcome to RangMalā's Privacy Policy. This document outlines our commitment to protecting your personal information while you use our services. We comply with applicable data protection laws, including the Information Technology Act, 2000 and its associated rules in India.

This policy applies to all information collected through our website (www.rangmala.com), mobile applications, and any related services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agreed to be bound by all the terms of this Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that identifies you personally when you:

  • Create an account: Name, email address, phone number, password
  • Make purchases: Billing/shipping addresses, payment details, order history
  • Contact customer support: Communication records, problem descriptions
  • Participate in promotions: Survey responses, contest entries
  • Subscribe to newsletters: Email preferences, interaction data

2.2 Automated Information Collection

Our systems automatically collect:

  • Device information: IP address, browser type, operating system version, device identifiers
  • Usage data: Pages visited, time spent, clickstream patterns, search queries
  • Location data: Approximate geographic location derived from IP address
  • Cookies and tracking: Session cookies, persistent cookies, pixel tags

2.3 Information from Third Parties

We may receive information about you from:

  • Payment processors (transaction confirmations)
  • Shipping carriers (delivery confirmations)
  • Social media platforms (when you connect accounts)
  • Marketing partners (with your consent)
  • Fraud prevention services

3. How We Use Your Information

We process your data for the following lawful bases and purposes:

  • Contractual necessity:
    • Process and fulfill your orders
    • Provide customer support
    • Send order confirmations and shipping notifications
  • Legitimate interests:
    • Improve and personalize user experience
    • Prevent fraud and enhance security
    • Conduct business analytics
    • Send service-related communications
  • Legal compliance:
    • Maintain proper business records
    • Respond to legal requests
    • Enforce our terms and policies
  • Consent:
    • Send marketing communications
    • Use cookies requiring consent
    • Process sensitive personal data

4. Information Sharing and Disclosure

4.1 Service Providers

We engage trusted third parties to perform functions including:

  • Payment processing (Razorpay, PayPal)
  • Order fulfillment and shipping (Delhivery, FedEx)
  • Cloud storage and hosting (AWS, Google Cloud)
  • Customer support (Zendesk)
  • Marketing and analytics (Google Analytics, Facebook Pixel)

These parties only access data needed for their contracted functions and are bound by confidentiality agreements.

4.2 Legal Disclosures

We may disclose information when required by:

  • Court orders or subpoenas
  • Government investigations
  • Intellectual property disputes
  • Fraud prevention efforts

4.3 Business Transfers

In the event of a merger, acquisition, or asset sale, customer information may be transferred as a business asset, with notice provided as required by law.

5. Data Security Measures

We implement a comprehensive security program including:

  • Encryption: TLS 1.2+ for data transmission, AES-256 for storage
  • Access controls: Role-based permissions, multi-factor authentication
  • Network security: Firewalls, intrusion detection systems
  • Employee training: Annual privacy and security awareness programs
  • Incident response: Documented procedures for breach notification

While we employ industry-standard protections, no electronic transmission or storage is 100% secure. We encourage you to use strong passwords and keep login credentials confidential.

6. Your Rights and Choices

6.1 Access and Correction

You may review and update your account information through the "My Account" section or by contacting us.

6.2 Data Portability

Upon request, we will provide your personal data in a structured, commonly used format.

6.3 Deletion Requests

You may request deletion of personal data, subject to legal retention requirements for:

  • Completed transactions (7 years for tax records)
  • Active disputes or investigations
  • Fraud prevention needs

6.4 Marketing Preferences

Manage communication preferences by:

  • Clicking "unsubscribe" in emails
  • Adjusting notification settings in your account
  • Contacting our support team

6.5 Cookie Controls

Most browsers allow you to:

  • Delete existing cookies
  • Block future cookies
  • Set preferences for specific sites

Note that disabling cookies may affect website functionality.

7. International Data Transfers

As an India-based company, we primarily process data within India. When international transfers occur (e.g., to cloud servers or payment processors), we ensure adequate safeguards through:

  • Standard Contractual Clauses
  • Data Processing Agreements
  • Vendor security assessments

8. Retention Periods

We retain personal data only as long as necessary for:

  • Active customer accounts: Until deletion request or 3 years of inactivity
  • Order records: 7 years for tax and warranty purposes
  • Marketing data: Until consent withdrawal or 2 years from last interaction
  • Website analytics: 26 months aggregated

Anonymized data may be retained indefinitely for business analysis.

9. Children's Privacy

Our Services are not designed for children under 13. We do not knowingly collect personal information from children. If we discover such collection has occurred, we will promptly delete the information. Parents may contact us to review or delete any inadvertently collected data.

10. Third-Party Links

Our website may contain links to third-party sites. This Privacy Policy does not apply to those sites. We recommend reviewing their privacy policies before providing any personal information.

11. Policy Updates

We may periodically update this policy to reflect:

  • Changes in our practices
  • New legal requirements
  • Service enhancements

Material changes will be communicated through:

  • Website banners or pop-ups
  • Email notifications (for account holders)
  • Updated "Last Updated" date

Continued use after changes constitutes acceptance of the revised policy.

12. Contact Information

For privacy-related inquiries or to exercise your rights, please contact our Data Protection Officer:

For efficient handling, please include "Privacy Request" in your subject line and provide sufficient details to identify your account.