Privacy policy

Last updated: April 2026

Shree Kriya Apparels, operating Totli Tales (“we”), describes how we collect, use, and protect personal information for visitors and customers in India in line with the Digital Personal Data Protection Act, 2023 and related norms as applicable to our business.

1. Who this applies to

Our store is aimed at adults buying for children. We do not knowingly invite children to open accounts or submit personal data for marketing. Order and delivery data may include a child’s first name or size only as needed to fulfil your purchase.

2. Data we collect

• Identity & order data: name, phone, email, billing/shipping address, order contents, and communications with support.
• Payment data: processed by Razorpay (and any other PSP you add). We do not store full card numbers on our servers; payment partners process card and UPI data under their agreements and compliance programmes (e.g. PCI-DSS where applicable).
• Technical & usage data: IP address, device/browser type, and cookies or similar technologies needed for security, cart functionality, and basic analytics if you enable them.

3. Purposes & legal bases

We use data to take and deliver orders, prevent fraud, respond to requests, run the website, comply with tax and company law, and (where you have opted in or the law permits) marketing. Processing is carried out where we have an appropriate basis under Indian law, such as your consent where required, what you voluntarily provide so we can fulfil orders and support, performance of transactions you request, or compliance with legal duties.

4. Sharing

We use processors such as hosting (e.g. Vercel), payments (Razorpay), email/SMS, storage, and couriers. Some may process data outside India under contract and applicable law. We may disclose information if required by law or to protect rights and safety.

5. Retention

We retain order and tax-related records for as long as required under applicable statutes and sound accounting practice (commonly multi-year horizons). Marketing correspondence and ancillary logs are retained only as long as needed for the purpose stated when collected unless a longer period is justified by law.

6. Your rights

Data principals in India may have rights to access, correction, erasure, grievance redressal, and withdrawal of consent where the DPDP framework applies. Contact us at totlitales5@gmail.com or use the Contact page. You may also use our grievance channel in Terms.

7. Security

We apply reasonable technical and organisational safeguards. No online transmission is completely secure.

8. Changes

We may update this policy; the “Last updated” line will change. Where the law requires notice or fresh consent, we will follow it.