1. Information we collect
Account information: When you create an account, we collect your name, email address, and password (stored as a one-way hash).
Order information: When you place an order, we collect your shipping address, phone number, and payment details. Payment data is processed by Razorpay or Stripe — we never store raw card numbers.
Usage data: We collect information about how you browse the site — pages visited, search terms, products viewed, and click events — to improve recommendations and product listings.
Device & technical data: IP address, browser type, operating system, and referring URLs. This is used for security, analytics, and debugging.
Cookies: We use cookies for authentication, cart persistence, and analytics. You can control cookies in your browser settings, though some features may not work without them.
2. How we use your information
We use your data to:
- Process and fulfil orders, and send order confirmations and shipping updates.
- Manage your account and authenticate your identity.
- Send transactional emails (receipts, returns, support replies).
- Send marketing emails if you opted in — you can unsubscribe at any time.
- Detect and prevent fraud, abuse, and security incidents.
- Improve our product catalogue, search results, and personalised recommendations.
- Comply with legal obligations including tax records and consumer-protection regulations.
3. Sharing your information
We do not sell your personal data. We share it only with:
- Payment processors (Razorpay, Stripe) to complete transactions.
- Logistics partners (courier companies) to deliver your orders.
- Email service providers (Brevo) to send order and marketing emails.
- Analytics tools (Vercel Analytics) in anonymised, aggregated form.
- Law enforcement if required by a valid legal order.
4. Data retention
We retain your account data for as long as your account is active. Order records are kept for 7 years for tax and legal compliance. You may request deletion of your account at any time — see Section 6.
5. Security
We use industry-standard encryption (TLS 1.3) for all data in transit. Passwords are hashed with bcrypt. Access to production databases is restricted to authorised team members. Despite these measures, no system is perfectly secure — please use a strong, unique password.
6. Your rights
Depending on your location (India — DPDP Act 2023; UAE — PDPL; EU — GDPR), you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data ("right to erasure").
- Object to or restrict certain processing.
- Withdraw consent for marketing emails.
To exercise these rights, email privacy@milaaj.com. We respond within 30 days.
7. Cookies & tracking
We use strictly necessary cookies (authentication, cart), functional cookies (preferences, language), and analytics cookies (Vercel, Google Analytics). No advertising or third-party tracking cookies are set by default. You can withdraw analytics consent at any time via our Cookie Settings link in the footer.
8. Children
Milaaj is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with data, contact us at privacy@milaaj.com and we will delete it promptly.
9. Changes to this policy
We may update this Privacy Policy from time to time. Significant changes will be notified by email or a prominent banner on the site. The "Last updated" date at the top always reflects the current version.
10. Contact
For privacy-related questions or requests, contact us at privacy@milaaj.com or via our contact page.