Privacy policy

Last updated: April 2026

Shree Kriya Apparels operating Totli Tales (“we”) explains how we handle personal information for visitors and customers in India. This must match your real practices; have it reviewed with reference to the Digital Personal Data Protection Act, 2023 and rules as notified.

1. Who this applies to

Our store is aimed at adults buying for children. We do not knowingly invite children to open accounts or submit personal data for marketing. Order and delivery data may include a child’s first name or size only as needed to fulfil your purchase.

2. Data we collect

• Identity & order data: name, phone, email, billing/shipping address, order contents, and communications with support.
• Payment data: processed by Razorpay (and any other PSP you add). We do not store full card numbers on our servers; payment partners process card and UPI data under their agreements and compliance programmes (e.g. PCI-DSS where applicable).
• Technical & usage data: IP address, device/browser type, and cookies or similar technologies needed for security, cart functionality, and basic analytics if you enable them.

3. Purposes & legal bases

We use data to take and deliver orders, prevent fraud, respond to requests, run the website, comply with tax and company law, and (where permitted) send marketing. Under Indian law, grounds may include consent, legitimate uses for voluntary provision of data, or legal obligation — your counsel should map each processing activity.

4. Sharing

We use processors such as hosting (e.g. Vercel), payments (Razorpay), email/SMS, storage, and couriers. Some may process data outside India under contract and applicable law. We may disclose information if required by law or to protect rights and safety.

5. Retention

We keep order and invoice-related records for periods your accountants and statute require (often several years). Marketing preferences and idle account data should have shorter retention — document your actual schedules with your lawyer.

6. Your rights

Data principals in India may have rights to access, correction, erasure, grievance redressal, and withdrawal of consent where the DPDP framework applies. Contact us at totlitales5@gmail.com or use the Contact page. You may also use our grievance channel in Terms.

7. Security

We apply reasonable technical and organisational safeguards. No online transmission is completely secure.

8. Changes

We may update this policy; the “Last updated” line will change. Where the law requires notice or fresh consent, we will follow it.