Privacy Policy
Your privacy matters to us. We are committed to protecting your personal data.
Last Updated: [INSERT DATE]
This Privacy Policy is issued in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 and the Digital Personal Data Protection Rules, 2025 (notified 14 November 2025), the Information Technology Act, 2000, and applicable rules framed thereunder. ShopGenie acts as a Data Fiduciary in respect of the personal data processed through this Site.
2.1 Introduction and Scope
ShopGenie ('we', 'us', 'Data Fiduciary') is deeply committed to protecting the privacy, security, and integrity of the personal data of all users of this Site ('you', 'Data Principal'). This Privacy Policy describes the personal data we collect, the purposes for which we process it, the basis of our processing, your rights as a Data Principal under the DPDP Act 2023, and how to exercise them. This Policy applies to all personal data collected through the Site, through our customer support channels, and through any other digital interaction with ShopGenie.
By accessing the Site and providing express consent through the consent interface presented upon your first visit, you authorise the data processing practices described herein. Consent is free, specific, informed, unconditional, and based on a clear affirmative action as required by Section 6 of the DPDP Act, 2023. You may withdraw consent at any time; the process is described in Section 2.6 below.
2.2 Personal Data We Collect
Information You Provide Directly
When you make a purchase, register an account, subscribe to our newsletter, or contact our support team, we may collect:
- Full name
- Email address
- Shipping and billing address (including PIN code and state)
- Phone number
- Payment information – note: we do not store full payment credentials on our servers; all payment data is processed by PCI-DSS compliant third-party gateways
- Purchase history and order details
- GSTIN (for business customers, where applicable)
- Communications you send to us, including support queries and product reviews
Information Collected Automatically
When you visit the Site, we automatically collect:
- Internet Protocol (IP) address
- Browser type, version, and language setting
- Device type and operating system
- Browsing behaviour: pages visited, time spent, click paths, search queries on the Site
- Referring URL and exit pages
- Cookie identifiers and usage data (see Section 2.5)
2.3 Purposes of Processing
| Purpose | Description |
|---|---|
| Order Fulfilment | Processing orders, arranging logistics, customs clearance, shipment tracking, and payment confirmation. |
| Customer Support | Responding to queries, resolving disputes, managing returns and warranty claims. |
| Fraud Prevention | Detecting, preventing, and mitigating fraudulent transactions, account takeovers, and security breaches. |
| Legal Compliance | Meeting obligations under tax law (Income Tax Act, GST Act), customs law, consumer protection law, and orders of competent courts. |
| Platform Improvement | Analysing anonymised usage data to improve Site performance, user interface, and product offerings. |
| Marketing & Promotions | Sending personalised promotional emails, discount codes, and product recommendations – strictly subject to your express, opt-in consent. You may opt out at any time (see Section 2.6). |
| Customs Coordination | Sharing your name, address, and order details with customs brokers and government agencies where required to import goods on your behalf. |
2.4 Data Sharing with Third Parties
ShopGenie does not sell, trade, or transfer your personal data to data brokers or unaffiliated third parties. We share data strictly on a need-to-know, minimal-data basis with the following categories of vetted sub-processors:
- •Logistics and Courier Partners (e.g., Delhivery and international freight carriers): name, address, and phone number required to execute physical delivery.
- •Payment Gateways (e.g., Razorpay, PayPal, and partner banks): encrypted transaction data required to authorise and process payments.
- •Cloud Infrastructure Providers: services that host our encrypted databases on servers located in India or in jurisdictions that provide data protection standards comparable to those under the DPDP Act, 2023.
- •Customs Brokers: name, address, and order details shared only where required to clear imported goods through Indian customs.
- •Marketing Platforms: email address and purchase history shared only if you have provided explicit opt-in consent for marketing communications.
- •Analytics Providers (e.g., Google Analytics): anonymised, aggregated usage data only.
- •Legal and Regulatory Authorities: personal data disclosed only when compelled by a valid court order, statutory mandate, or direction from a competent government authority under applicable Indian law.
All third-party sub-processors are contractually bound to process personal data only for the specified purpose, maintain confidentiality, and implement appropriate security safeguards consistent with the DPDP Act, 2023.
2.5 Cookie Policy
ShopGenie uses cookies, web beacons, and similar tracking technologies to provide, protect, and improve the Site. Upon your first visit, you will be presented with a Cookie Consent Manager that allows you to accept or reject each category of cookie independently.
| Cookie Type | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary | Enable core Site functions: secure login, shopping cart state, session management. | No – essential for operation |
| Analytical / Performance | Aggregate, anonymised visitor statistics via Google Analytics to improve Site performance. | Yes – opt-in required |
| Functionality | Remember language/currency preferences and personalise returning user experience. | Yes – opt-in required |
| Marketing / Targeting | Deliver personalised advertisements and promotional content based on browsing behaviour. | Yes – opt-in required |
You may withdraw consent for non-essential cookies at any time by accessing the Cookie Consent Manager in the Site footer, or by configuring your browser to refuse cookies. Disabling strictly necessary cookies will impair core Site functionality. Disabling other categories will not affect your ability to browse or purchase.
2.6 Your Rights as a Data Principal
In accordance with the DPDP Act, 2023 and the DPDP Rules, 2025, you hold the following rights in respect of your personal data:
- •Right to Access and Information: You may request a summary of the personal data we hold about you, the purposes for which it is processed, and the identities of third parties with whom it has been shared.
- •Right to Correction: You may request rectification of inaccurate, incomplete, or outdated personal data we hold about you. Corrections will be processed within 30 days of a valid request.
- •Right to Erasure (Right to be Forgotten): You may request permanent deletion of your personal data when it is no longer necessary for the purpose for which it was collected, subject to our obligations to retain data under applicable law (see Section 2.7). You will receive a notice at least 48 hours before the scheduled date of erasure.
- •Right to Withdraw Consent: You may withdraw consent for any or all processing activities at any time by: (a) using the Consent Management portal within your account settings; (b) using the unsubscribe link in any marketing email; or (c) emailing our Data Protection Officer at shopgenie.info@gmail.com. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal. Processing necessary to fulfil existing orders or comply with legal obligations will continue unaffected.
- •Right to Grievance Redressal: You may lodge a privacy grievance with our Data Protection Officer. If not resolved within 30 days, you may escalate the matter to the Data Protection Board of India.
- •Right to Nominate: You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity, as provided under Section 14 of the DPDP Act, 2023.
To exercise any of the above rights, contact our Data Protection Officer at shopgenie.info@gmail.com with the subject line 'DATA RIGHTS REQUEST – [YOUR NAME]'. We will acknowledge your request within 72 hours and resolve it within 30 days.
2.7 Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes stated in this Policy, or as required by applicable law. Our retention schedule is as follows:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Transaction and order records | 7 years from transaction date | Income Tax Act 1961; GST Act 2017 |
| Customer account data | Duration of active account + 2 years after account deletion | Contractual necessity; consumer dispute resolution window |
| Marketing consent records | Until consent is withdrawn + 1 year for audit trail | DPDP Act 2023, Section 6; DPDP Rules 2025 |
| Security and access logs | 1 year minimum | DPDP Rules 2025 (security safeguards) |
| Customs and import documentation | 5 years from date of import | Customs Act 1962 |
| Support communications | 3 years from closure of query | Consumer Protection Act 2019 |
2.8 Data Security
ShopGenie implements industry-standard technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- •Transport Layer Security (TLS 1.2 and above) for all data transmitted between your browser and our servers
- •Encryption and tokenisation of stored payment credentials
- •Access controls restricting data access to authorised personnel on a need-to-know basis
- •Firewall configurations and intrusion detection systems
- •Regular security audits and vulnerability assessments
- •Minimum one-year retention of security and access logs for forensic purposes, as required by the DPDP Rules, 2025
No method of transmission over the Internet is 100% secure. In the event of a verified personal data breach that is likely to cause harm to Data Principals, ShopGenie will: (a) notify the Data Protection Board of India within 72 hours of becoming aware of the breach; and (b) notify all affected Data Principals without undue delay, providing a plain-language explanation of the nature of the breach, its likely impact, and the steps we have taken to address it, including a contact point for further assistance. This commitment is made in accordance with Rule 7 of the DPDP Rules, 2025.
2.9 Children's Privacy
The Site is not directed at individuals under the age of 18 ('children'). ShopGenie does not knowingly collect personal data from children. If we become aware that a child has provided us with personal data without verifiable parental or guardian consent, we will delete that data promptly. Before processing the personal data of a child, ShopGenie will obtain verifiable consent from the child's parent or legal guardian through appropriate technical and organisational measures, as required by Rule 10 of the DPDP Rules, 2025. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us immediately at shopgenie.info@gmail.com.
2.10 Third-Party Links
The Site may contain links to third-party websites. These sites operate under separate and independent privacy policies. ShopGenie has no responsibility or liability for the content, activities, or privacy practices of linked sites. We encourage you to review the privacy policy of every website you visit.
2.11 Cross-Border Data Transfers
Personal data may be transferred to and processed in countries outside India by our international logistics partners, customs brokers, and cloud service providers. Such transfers are made only where necessary to fulfil your order and are subject to contractual protections requiring the recipient to maintain data protection standards at least equivalent to those required by the DPDP Act, 2023, as required by the applicable provisions of the DPDP Rules, 2025.
2.12 Data Protection Officer
| Data Protection Officer | Bharat Sonawane |
| shopgenie.info@gmail.com | |
| Phone | +91 9022970269 |
| Availability | Monday to Saturday, 10:00 AM – 8:00 PM IST |
| Response | Acknowledgement within 72 hours; resolution within 30 days |
2.13 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational processes. We will notify you of material changes by posting the revised Policy on this page and, where required, by email. Your continued use of the Site after the effective date of any changes constitutes acceptance of the updated Policy.