Privacy Policy

The data controller responsible for your personal information is:

Business Name: MomStitched
Registered Address: Market, Lucknow, Uttar Pradesh, India – 256320
Email: momstitched.official@gmail.com
Phone: +91 85698 74589

For all privacy-related queries, including data access or deletion requests, please contact us at the email above.

We collect the following categories of personal information:

a) Information You Provide Directly

• Identity Data: Full name, username, or similar identifiers.
• Contact Data: Email address, phone number, billing address, and shipping address.
• Account Data: Username, password (stored in encrypted form), and account preferences.
• Order Data: Products purchased, order history, and transaction records.
• Payment Data: Card type and last four digits (we do not store full card numbers; payments are processed by PCI-DSS compliant gateways).
• Communications: Messages, inquiries, or feedback you send us via contact forms, email, or chat.

b) Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device identifiers, and time zone.
• Usage Data: Pages visited, referring URLs, time spent on pages, links clicked, and browsing behavior on the Website.
• Cookie Data: Data collected through cookies and similar tracking technologies (see Section 5).

c) Information from Third Parties

• Analytics providers (e.g., Google Analytics) may share aggregated behavioral data about Website visitors.
• Payment processors may share transaction status and fraud-detection signals.
• Social media platforms if you connect your account or interact with our social content.

We use your personal data for the following purposes:

• Order Fulfillment: Processing, packaging, and delivering your orders; sending order confirmation, dispatch, and delivery notifications.
• Account Management: Creating and maintaining your account; verifying your identity.
• Customer Support: Responding to queries, complaints, and return/refund requests.
• Payments & Fraud Prevention: Verifying payment details and detecting, preventing, or investigating fraudulent transactions.
• Marketing Communications: Sending promotional emails, special offers, and newsletters — only with your consent or where permitted by law. You may opt out at any time via the unsubscribe link in emails.
• Website Improvement: Analyzing usage patterns to improve site performance, design, and product offerings.
• Legal Compliance: Meeting our obligations under applicable laws, regulations, court orders, or governmental requests.
• Personalization: Displaying relevant products, recommendations, and content based on your browsing and purchase history.

If you are located in the EU/EEA or UK, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill your orders and manage your account (Article 6(1)(b) GDPR).
• Legitimate Interests: Fraud prevention, website security, and improving our services, where these do not override your fundamental rights (Article 6(1)(f) GDPR).
• Consent: Marketing emails and non-essential cookies — where you have given explicit consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.
• Legal Obligation: Retaining financial records and complying with applicable laws (Article 6(1)(c) GDPR).

We use cookies and similar technologies to enhance your experience on the Website. These include:

• Essential Cookies: Required for the Website to function correctly (e.g., shopping cart, login sessions). These cannot be disabled.
• Analytics Cookies: Used to understand how visitors interact with the Website (e.g., Google Analytics). Data is anonymized where possible.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of campaigns. Only activated with your consent.
• Preference Cookies: Remember your settings and preferences (e.g., language, currency) to personalize your experience.

You can manage or withdraw your cookie consent at any time through your browser settings or our cookie consent banner. Disabling certain cookies may affect Website functionality. For more on how to control cookies, visit www.allaboutcookies.org.

We do not sell, rent, or trade your personal information. We may share your data with trusted third parties only as follows:

• Delivery & Logistics Partners: To fulfill and ship your orders (name, address, phone number shared only as needed).
• Payment Processors: Secure, PCI-DSS compliant gateways to process transactions. They receive only the data necessary to complete payments.
• IT & Hosting Providers: Cloud and server infrastructure providers who support our Website operations, bound by strict data processing agreements.
• Marketing & Analytics Tools: Services like Google Analytics or email marketing platforms, used under data processing agreements and with appropriate safeguards.
• Legal & Regulatory Authorities: When required by law, court order, or to protect the rights, property, or safety of MomStitched, our customers, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.

All third-party service providers are contractually obligated to handle your data securely and in compliance with applicable data protection laws.

• MomStitched is based in India. If you access our Website from outside India, your data may be transferred to and processed in India or other countries where our service providers operate.
• For transfers from the EU/EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or the UK ICO to ensure adequate protection.
• We take all reasonable steps to ensure that international transfers are protected by appropriate safeguards in accordance with applicable data protection law.

• We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by law.
• Order & Transaction Records: Retained for 7 years for tax and legal compliance (as required by Indian GST and Accounting laws).
• Account Data: Retained for the duration of your account plus 2 years after closure, unless you request earlier deletion.
• Marketing Data: Retained until you withdraw consent or unsubscribe.
• Analytics Data: Retained in anonymized/aggregated form for up to 26 months.
• When data is no longer required, we securely delete or anonymize it.

• We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.
• These measures include SSL/TLS encryption for data in transit, encrypted storage for sensitive data at rest, access controls limited to authorized personnel, and regular security assessments.
• Payment information is processed through PCI-DSS compliant gateways. We never store full card numbers on our servers.
• While we take all reasonable precautions, no method of transmission over the internet is 100% secure. In the unlikely event of a data breach that affects your rights, we will notify you and the relevant authorities in accordance with applicable law (within 72 hours for GDPR, and as required by India's CERT-In rules).

a) Rights for EU / EEA / UK Users (GDPR & UK GDPR)

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent for consent-based processing at any time, without affecting the lawfulness of prior processing.
• You also have the right to lodge a complaint with your national data protection authority (e.g., ICO in the UK, or your EU supervisory authority).

b) Rights for California Users (CCPA / CPRA)

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. You may still submit an opt-out request at momstitched.official@gmail.com.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Correct: Request correction of inaccurate personal information.

c) Rights for Indian Users (DPDP Act 2023)

• Right to Access: Request a summary of personal data held and its processing activities.
• Right to Correction & Erasure: Request correction of inaccurate data or erasure of data no longer necessary for its original purpose.
• Right to Grievance Redressal: Submit grievances to our Data Protection Officer via momstitched.official@gmail.com.
• Right to Nominate: Nominate another individual to exercise rights on your behalf in the event of death or incapacity.

d) Rights for Australian Users (Privacy Act 1988)

• You have the right to access personal information we hold about you and to request corrections to inaccurate information.
• You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your data.

To exercise any of the above rights, please contact us at momstitched.official@gmail.com with the subject line "Privacy Rights Request". We will respond within 30 days (or 72 hours for urgent GDPR requests).

• Our Website is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.
• If we become aware that a child under 13 has provided us with personal data without verifiable parental consent, we will delete that information promptly.
• If you are a parent or guardian and believe your child has provided us with personal information, please contact us at momstitched.official@gmail.com.

• Our Website may contain links to third-party websites, social media platforms, or payment processors. These external sites have their own privacy policies, which we encourage you to review.
• We are not responsible for the privacy practices or content of third-party sites. Clicking on third-party links is at your own discretion and risk.

• With your consent, we may send you promotional emails about new products, sales, and events.
• You can unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link in any email or by contacting us at momstitched.official@gmail.com.
• Opting out of marketing emails will not affect transactional emails related to your orders (e.g., order confirmation, shipping updates).
• We comply with the CAN-SPAM Act (USA), CASL (Canada), and applicable Indian regulations on unsolicited commercial communications.

• We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
• Any changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify registered users via email at least 14 days before the changes take effect.
• Continued use of the Website after changes are posted constitutes your acceptance of the updated Policy.