Privacy Policy

Dulhan Sarees is a retailer of women’s ethnic wear and bridal jewellery based in Guwahati, Assam. For the purposes of the DPDP Act, we are the Data Fiduciary for the personal data we collect from you.

We collect only the information needed to operate the store and fulfil your orders:

• Account & profile — name, email address, phone number, password (stored as a one-way Argon2 hash), and any profile preferences you save.
• Order & address — billing address, shipping address, items ordered, order history, and (where applicable) measurements provided by you for made-to-order pieces.
• Payment metadata — order ID, payment ID, payment method type, amount, and Razorpay’s signature confirmation. We never store full card numbers, CVVs, UPI PINs, or net-banking credentials.
• Communications — chats on WhatsApp, support tickets, reviews, and any photos or messages you choose to share with us.
• Device & usage — IP address, browser type, OS, device model, pages visited, items added to cart, time on page, and similar diagnostic data.
• AI try-on uploads — see Section 6 below for the specific handling of try-on photographs.

We process your data for the following purposes:

• Processing orders, payments, shipping, returns, and refunds;
• Sending transactional updates over WhatsApp, email, and SMS;
• Sending abandoned-cart and back-in-stock reminders (you can disable these from your account settings);
• Operating our AI try-on, AI product imagery, and product recommendations;
• Preventing fraud, abuse, chargebacks, and protecting our infrastructure;
• Complying with tax, accounting, and other legal obligations under Indian law;
• Improving the site — measuring page performance, fixing bugs, and understanding which collections resonate with you.

The legal basis for our processing is performance of the contract you enter when you place an order, your consent (for optional marketing), and our legitimate interests in running a secure storefront.

All online payments are processed by Razorpay Software Private Limited, a PCI-DSS Level 1 certified payment gateway. When you check out, your card or UPI details are entered directly into Razorpay’s secure form — they never touch our servers. We receive only the order ID, payment ID, and a signature we use to verify the payment.

Razorpay’s own privacy policy describes their data handling and is available at razorpay.com/privacy.

We use the official WhatsApp Business Platform (Meta) to send order updates, delivery alerts, and (with your consent) drop announcements. By placing an order or starting a chat with us, you consent to receive these messages on the phone number you provided.

Transactional messages cannot be turned off while an order is in progress. Promotional broadcasts are optional — you may opt out at any time by replying STOP on WhatsApp, clicking Unsubscribe in any marketing email, or writing to hello@dulhansarees.in.

When you upload a photograph to our AI try-on tool, the image is sent to our AI provider (currently Replicate, hosting an open-source virtual try-on model) along with the chosen product image. The provider returns a composite image which we show you and discard immediately afterward.

We do not retain your uploaded photograph beyond the active session, we do not use your image to train any AI model, and we do not share it with third parties beyond the AI provider necessary to render the preview. If you want us to confirm deletion in writing, write to our Grievance Officer (Section 14).

We use first-party cookies and similar technologies for: keeping you logged in, holding your cart between visits, remembering your shipping address, and basic analytics (anonymous page-view counters). We do not use cross-site advertising cookies.

You can clear cookies at any time from your browser settings. Doing so may sign you out and clear your cart.

We share personal data with the following categories of processors, all bound by data processing agreements:

• Razorpay — payment processing.
• Shipping partners — name, address, phone, and order details for delivery and returns pickup.
• Meta / WhatsApp Business Platform — order notifications and (opt-in) marketing.
• Resend / SMS gateway — transactional emails and SMS.
• Cloudinary — image storage and delivery for your uploaded order photographs (if any) and our product catalogue.
• AI providers (Replicate, Google Gemini) — only the specific inputs required to render AI try-on or AI product imagery.
• Lawful authorities — when required by a valid court order, summons, or other legal process.

We do not sell, rent, or trade your personal information to anyone for marketing purposes.

We retain order records, invoices, and tax data for the periods required by the GST Act and the Income Tax Act (currently 6–8 years). Account and marketing data is retained while your account is active and for a reasonable cooling-off period after closure, after which it is anonymised or deleted.

AI try-on uploads are deleted at the end of the session and not retained beyond that.

• HTTPS / TLS encryption on every page and API call;
• Passwords stored as one-way Argon2id hashes — never plain text;
• HTTP-only, secure, same-site cookies for authentication;
• Role-based access control for our admin tooling, with audit trails on changes;
• Daily off-site backups with point-in-time recovery;
• Periodic security reviews of dependencies and infrastructure.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the Data Protection Board of India in line with the DPDP Act’s requirements.

You have the right to:

• Access a summary of the personal data we hold about you;
• Correct, update, or complete inaccurate or incomplete data;
• Erase data that’s no longer necessary for the purpose it was collected for;
• Withdraw consent for optional marketing at any time, without affecting the lawfulness of past processing;
• Nominate another individual to exercise your rights in case of incapacity or death;
• File a grievance with our Grievance Officer (see Section 14) or the Data Protection Board of India.

To exercise any right, email privacy@dulhansarees.in with the subject “Data Request — <your registered email>”. We respond within 30 days.

The service is intended for users aged 18 and above. We do not knowingly collect data from children under 18. If you believe a minor has provided us data, please write to us and we’ll delete it.

Some of our processors (e.g. Cloudinary, Meta / WhatsApp, Google Gemini) are headquartered outside India. Where data is transferred internationally we ensure contractual safeguards under the DPDP Act’s transfer rules and apply industry standard data protection clauses with each processor.

We may update this policy from time to time. Material changes are highlighted on this page; you’ll find the date of the last revision at the top.

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and Section 8 of the DPDP Act, our Grievance Officer can be reached at:

Grievance Officer
Dulhan Sarees, Guwahati, Assam · India
Email: privacy@dulhansarees.in
WhatsApp: +91 88220 20000

We acknowledge complaints within 48 hours and aim to resolve them within 15 days, as required by the DPDP Act.