Your Privacy
Matters to Us
We are a family-owned workshop in Jaipur, and we treat the information you share with us the same way we treat the people we make things for — with care, honesty, and respect. This page explains exactly what we collect, why we need it, and how we protect it.
No legal walls of text. No hidden clauses. Plain language, honest answers.
Effective date: 7 June 2026 · Version 2.0
The Short Version
Here is the honest summary before the full detail. We use your information to make and deliver your orders — nothing more.
What We Collect
- Your name and contact details
- Shipping and billing address
- Order history and preferences
- Personalisation instructions you provide
- Messages you send us
- Basic browser and device information
What We Do With It
- Fulfil and deliver your orders
- Send shipping and order updates
- Create personalised products from your instructions
- Improve your shopping experience
- Respond to your questions and support requests
- Send occasional news (you can unsubscribe anytime)
What We Never Do
- Sell or rent your personal information
- Share data with advertisers
- Use your personalisation files for any other purpose
- Send you marketing without your consent
- Store payment card details on our servers
- Transfer your data internationally without safeguards
The full details of each point are explained in the sections below.
Information We Collect
We collect only what we genuinely need to make and deliver your order. Click any category below for full detail on what is collected and why.
Our data minimisation principle
We only collect information that has a clear, specific purpose. If we cannot explain why we need something, we do not collect it.
How We Use
Your Information
Every use of your data has a specific, stated reason. We also note the legal basis so you understand your rights in relation to each use.
Legal basis key
Necessary to complete your order
Reasonable operational need
You explicitly opted in
Processing Your Orders
Your name, address, order details, and personalisation instructions are used to build, inspect, pack, and dispatch what you ordered. Without this, we physically cannot make your product or send it to you. This is the primary reason we collect any information at all.
Customer Support
When you contact us with a question, a change request, or a problem, we access your order history and previous communications so we can give you accurate, personalised help. We do not use a call centre — the person who responds knows your order.
Shipping & Delivery Updates
We share your name and delivery address with our courier partners (Delhivery and Blue Dart) to enable delivery. We use your email or phone number to send you dispatch notifications and tracking links. These communications are transactional — they are not marketing.
Creating Personalised Products
For engraved or customised items, we use the names, dates, messages, and images you provide solely to create your product. These files are not used for any other purpose, not shared, and are deleted from our production system after your order is fulfilled.
Improving Our Website
Anonymised browsing data (pages visited, time on site, device type) helps us understand which sections of the website are useful and which need improvement. We use Google Analytics with IP anonymisation enabled. You can opt out via cookie preferences.
Marketing Communications
We only send promotional emails, festival announcements, or new product updates if you have explicitly opted in — at checkout or via our newsletter signup. Every marketing email contains a one-click unsubscribe link. Unsubscribing does not affect your ability to place orders or receive transactional emails.
Personalised Products
& Your Private Content
When you share something personal — a name, a photograph, a meaningful date — to create a custom product, that content deserves extra care. Here is exactly how we handle it.
Our personalisation data protections
Personalisation data is access-restricted to production staff only
Uploaded images are deleted within 30 days of order fulfilment
Files are never used for AI training, advertising, or marketing
We never share personalisation content with any third party
Names, Dates & Messages
Text you provide for engraving — names, wedding dates, short messages — is used solely to produce the engraving. It is visible to the artisan who processes your order and no one else. We do not analyse, catalogue, or use this text for any other purpose.
Uploaded Images & Logos
If you upload a photograph or logo for a custom product, that file is stored securely in our order management system until your order is fulfilled. It is used only for production. After fulfilment, images are deleted within 30 days. We do not retain your personal photographs.
Custom Design Requests
Design briefs submitted for custom corporate orders (e.g., logo placement, colour specifications) are shared only with the artisans and production staff handling your order. Design files are retained for the duration of the order and any applicable warranty period (2 years), then deleted.
Personalisation Forms
Details entered through our personalisation forms at checkout (font choices, layout preferences, special instructions) are stored as part of your order record. This ensures we can reproduce the same product if you reorder, or address any quality concerns within the warranty period.
Important note
When ordering a gift with personalisation and shipping directly to a recipient, you are confirming that you have permission to share their name and any details you provide for the personalisation. We will use those details only to make the product.
Payments &
Your Financial Data
We take payment security very seriously. Here is a plain-language explanation of how your payment information is handled — and why your card data is safer than you might think.
We never see your full card number
All card processing is handled by Razorpay (India) and PayPal (international). When you enter your card details on our checkout, those details go directly to the payment processor — they never pass through our servers. We receive only a transaction reference and the last four digits of your card.
SSL encryption on every page
All data sent between your browser and our website is encrypted using TLS 1.3 — the same standard used by banks. You will see the padlock icon in your browser address bar. Never enter payment details on a page without it.
PCI DSS compliant processors
Our payment processors (Razorpay and PayPal) are certified to PCI DSS Level 1 — the highest level of payment card industry security. They conduct regular third-party security audits. We chose them specifically for their security track record.
What we do store (and what we do not)
We store: your order amount, currency, transaction reference, and last 4 card digits (provided by the processor). We do not store: your full card number, CVV/CVC, expiry date, or bank account details. If you save a card for future orders, it is stored as a secure token by the payment processor, not by us.
Our payment processors
| Processor | Region | Security | Payment Methods |
|---|---|---|---|
| Razorpay | India | PCI DSS Level 1 | Cards, UPI, Net Banking, Wallets |
| PayPal | International | PCI DSS Level 1 | PayPal balance, Cards |
Shipping & Delivery
Partners
To deliver your order, we must share some of your details with our courier partners. Here is exactly what we share, and what we do not.
We share only the minimum data required for delivery — nothing more.
Courier partners are contractually prohibited from using your data for any purpose other than completing delivery.
For gift orders, we use the recipient address you provide. We never contact the recipient for marketing.
International orders may require your name and a customs description of the contents — this is a legal requirement, not a choice.
Delhivery
Primary courier — India
Data shared
- Recipient name
- Delivery address
- Phone number
- Order weight / dimensions
Not shared
- Order value
- Product details
- Payment information
Privacy policy: delhivery.com/privacy-policy
Blue Dart (DHL)
Premium courier — India & International
Data shared
- Recipient name
- Delivery address
- Phone number
- Customs description (international)
Not shared
- Order value (unless required by customs)
- Payment information
Privacy policy: bluedart.com/legal
International
Customers
We ship to customers in 8+ countries. Here is how cross-border orders affect how your data is handled.
Currently shipping internationally to
Same privacy protections apply regardless of country.
Where Your Data May Travel
When you place an order from outside India, your personal data (name, address, order details) is processed on our servers located in India. By placing an order, you consent to your data being transferred to India for order processing. We apply the same data protections regardless of your country of origin.
International Shipping & Customs
For international orders, we are legally required to provide customs authorities with the recipient name, address, and a description of the contents (e.g., "handcrafted wooden decorative item"). We do not include the monetary value on the customs form unless required by the destination country. This is a legal obligation, not a choice.
GDPR & UK Customers
If you are based in the European Union or United Kingdom, you have specific rights under GDPR and the UK GDPR — including the right to access, correct, restrict, or delete your data. We honour all these rights regardless of the legal jurisdiction we are required to comply with. See the Customer Rights section for full details.
Your Local Privacy Laws
Privacy laws vary by country. While our business is governed by Indian data protection law (DPDP Act 2023), we voluntarily apply GDPR-equivalent standards for all international customers — meaning we give you the same rights and protections regardless of where you are.
Your Rights
Over Your Data
You are not just a customer — you are the owner of your personal data. Here are the rights you have and exactly how to exercise each one.
Exercise any right
We respond to all privacy requests within 30 days. For urgent concerns, WhatsApp is faster.
How Long We
Keep Your Data
We keep data only as long as there is a clear reason to. When the reason expires, the data is deleted. Here is our full retention schedule.
| Data Category | Retention Period |
|---|---|
Account information | For the life of your account + 2 years after deletion |
LegalOrder records & transaction history | 7 years |
Shipping addresses | Until you delete them from your account |
Uploaded personalisation images | 30 days after order fulfilment |
Custom text & engraving instructions | 2 years after order fulfilment |
Support & communication records | 3 years |
LegalMarketing preferences & consent records | Until you withdraw consent + 1 year |
Anonymised analytics data | 26 months (Google Analytics default) |
Payment card details | Not stored by us |
Items marked Legal cannot be deleted on request due to statutory retention requirements.
Questions About
Your Privacy?
Privacy questions go directly to a real person on our team — not a ticketing system or automated response. We take these requests seriously and respond promptly.
Privacy Email
privacy@artisankart.shop
Within 2 business days
For data access, deletion, correction, and export requests. Use the subject line that matches your request type.
+919876543210
Replies within 30 minutes
For quick questions about what data we hold or how to exercise your rights.
Postal Address
ArtisanKart, Johari Bazaar, Jaipur, Rajasthan 302003
Written requests accepted
For formal written privacy requests. Please include your order number and registered email.
We are required to respond to data rights requests within 30 days. In practice, we aim to respond within 2 business days for straightforward requests.
Policy Updates
& Version History
We update this policy when our practices change or when laws require it. We will notify you by email if we make any significant changes that affect your rights.
Significant changes
We email all registered customers before significant changes take effect, with at least 14 days notice.
Minor changes
Corrections, clarifications, and formatting changes are made without notice — the effective date updates automatically.
Full history kept
Previous versions of this policy are archived and available on request.
Version 2.0
Current7 June 2026- Complete rewrite for clarity and plain language
- Added dedicated section for personalised product data
- Added data retention schedule
- Added international customers section
- Updated payment processor list to include PayPal
- Cookie policy expanded with opt-out instructions
Version 1.2
15 January 2025- Updated courier partner list (added Delhivery)
- Added WhatsApp as a support channel
- Minor corrections to data retention periods
Version 1.1
3 August 2024- Added Google Analytics disclosure
- Clarified payment card data handling
- Added GDPR reference for EU/UK customers
Version 1.0
1 March 2023- Initial privacy policy published
Transparent By Nature,
Secure By Design
We have been making things for people since 1983. The same values that go into every handcrafted piece — honesty, care, and attention to detail — are the same values that guide how we handle your information.
Family-owned since 1983
We are not a large corporation. We are a workshop in Jaipur run by people who care personally about every customer's experience.
Your trust is our business
Every five-star review, every returning customer, every referral — it all starts with trust. We have no interest in compromising it for data monetisation.
Privacy by design
We build privacy considerations into our processes from the start — not as an afterthought. Less data collected means less risk for you.
Real people, real accountability
When you contact us about privacy, you speak with a real team member. Your concern will be resolved by someone who can actually act on it.
Privacy Policy v2.0 · Effective 7 June 2026 · ArtisanKart, Jaipur