Your Privacy Matters to Us
Overview
Welcome to Nidsscrochet ("we", "our", or "us"), a handcrafted crochet brand owned and operated by Nidhi Tripathi, based in Mumbai, Maharashtra, India. Our website is located at www.nidsscrochet.in.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or place an order with us. It is drawn up in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Consumer Protection (E-Commerce) Rules, 2020.
We only collect what we need to process your orders, keep your account secure, and improve your shopping experience. We do not sell your personal data. Ever.
By using our website, creating an account, or placing an order, you consent to the practices described in this policy. If you do not agree, please discontinue use of the website.
Information We Collect
We collect information in the following categories:
When you create an account or sign in using Google OAuth, we receive your name, email address, and profile picture from Clerk (our authentication provider). You may also provide this directly during sign-up. This constitutes "personal information" under the SPDI Rules.
During checkout, we collect your full delivery address, phone number, and name. This is necessary to fulfil your order and is classified as sensitive personal data under the SPDI Rules. We collect it only with your explicit consent at the point of checkout.
Payments are processed exclusively by Razorpay. We do not store your card number, CVV, UPI VPA, or net-banking credentials on our servers. We only retain the Razorpay Order ID, Payment ID, and payment status for order tracking and dispute resolution. For Cash on Delivery (COD) orders, no financial data is collected.
Every placed order creates an immutable snapshot containing your order items, quantities, prices paid, applied coupons, shipping address, contact details, and payment status. This is retained for legal, accounting, and customer support purposes.
If you submit a product review, we store your review text, star rating, and your Clerk User ID. Reviews are linked to your account to prevent duplicate submissions and spam.
We use Google Analytics to understand how visitors use our website. This includes your approximate location, browser type, device type, pages visited, and time spent. This data is anonymised and aggregated and cannot directly identify you.
If you contact us via WhatsApp (+91 90295 62156) or Instagram (@Nidsscrochet), the content of those messages is handled by Meta's platforms and their respective privacy policies. We only use such messages to respond to your queries.
How We Use Your Information
| Purpose | Data Used | Legal Basis (IT Act / SPDI Rules) |
|---|---|---|
| Process and fulfil your orders | Name, address, phone, order details | Contract performance; consent at checkout |
| Send order confirmation emails | Email address, order summary | Contract performance; consent at sign-up |
| Verify and secure payments | Razorpay Order/Payment ID | Legal obligation (RBI Guidelines); contract |
| Prevent fraud and overselling | Order status, stock data | Legitimate interest |
| Display your order history | Clerk User ID, order records | Contract; consent |
| Moderate product reviews | Review text, Clerk User ID | Legitimate interest; consent |
| Analyse website usage | Anonymised analytics data | Legitimate interest |
| Respond to customer queries | Contact details, message content | Consent; legitimate interest |
| Comply with legal obligations | Transaction records | Legal obligation (IT Act, Tax law) |
We do not use your personal information for unsolicited marketing. We do not send promotional emails or SMS unless you have explicitly opted in.
Third-Party Services
We work with trusted third-party service providers to operate our platform. Each processes your data solely for the purpose described below and is bound by their own privacy policies.
Manages your account, sign-in, and Google OAuth. Stores your email, name, and profile picture. Clerk Privacy Policy →
Processes all online payments. Fully PCI-DSS compliant. We never receive your card data. Razorpay Privacy Policy →
Stores and serves product images. Does not process any personal customer data. Cloudinary Privacy Policy →
Sends order confirmation emails using your email address and order details. Resend Privacy Policy →
Tracks anonymised website usage data. You can opt out via Google's opt-out tool →
Hosts our product catalogue, orders, and review data on encrypted cloud infrastructure. MongoDB Privacy Policy →
Hosts our Next.js application. Processes request logs briefly for performance and security. Vercel Privacy Policy →
If you contact us via Instagram or WhatsApp, messages are handled by Meta's platforms. Meta Privacy Policy →
We do not sell, rent, or trade your personal data to any third party for marketing purposes. Data is shared with the above providers only to the extent necessary to operate our service.
Cookies & Local Storage
Our website uses browser-based storage technologies to enhance your experience. In accordance with the IT Act and SPDI Rules, we inform you of the following:
| Technology | What It Stores | Purpose | Duration |
|---|---|---|---|
| localStorage (Cart) | Cart items, quantities, product IDs | Persists your cart across browser sessions and tabs without requiring login | Until cleared by you |
| Clerk Session Cookie | Authentication token (JWT) | Keeps you logged in securely; validates your identity with our backend | Session / Clerk's policy |
| Google Analytics Cookies (_ga, _gid) | Anonymised visitor ID, session data | Measures website traffic and user behaviour in aggregate | Up to 2 years |
You can delete cookies and localStorage data at any time through your browser settings. Please note that clearing cart data will empty your shopping cart. Disabling Clerk session cookies will log you out and prevent order history access.
We do not use any advertising, retargeting, or behavioural tracking cookies. No third-party ad networks have access to your browsing behaviour on our site.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by applicable Indian law.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account information | Until account deletion | Service provision |
| Order records (including address & phone) | 7 years minimum | Accounting, GST compliance, and consumer dispute resolution under Indian law |
| Payment IDs (Razorpay) | 7 years | RBI record-keeping guidelines |
| Product reviews | Until deleted by you or us | Public product information |
| Analytics data | 26 months (Google's default) | Performance analysis |
| Server / request logs | Up to 30 days (Vercel) | Security and debugging |
After the applicable retention period, data is securely deleted or anonymised. Deletion requests may be submitted to our Grievance Officer (see below); however, legally mandated records cannot be erased before their required retention period.
Data Security
We implement reasonable security practices as mandated by Rule 8 of the SPDI Rules, 2011. Our technical safeguards include:
Important: No method of electronic transmission or storage is 100% secure. While we strive to protect your personal data using industry-standard measures, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by law.
Your Rights
As a data subject under the IT Act, 2000 and the SPDI Rules, 2011, and as a consumer under the Consumer Protection Act, 2019, you have the following rights with respect to your personal data:
To exercise any of these rights, please contact our Grievance Officer (details below). We will respond within 30 days of receiving a verifiable request, as required under the SPDI Rules.
Children's Privacy
Our website is not directed at children under the age of 18 years. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact our Grievance Officer immediately and we will delete such information promptly.
Purchases by minors must be made with the involvement and consent of a parent or guardian, in accordance with the Indian Contract Act, 1872, which requires parties to a contract to be of legal age.
Grievance Officer
In accordance with Rule 5(9) of the SPDI Rules, 2011 and the Consumer Protection (E-Commerce) Rules, 2020, we have designated the following person as our Grievance Officer:
Grievances shall be acknowledged within 48 hours and redressed within 30 days of receipt, as mandated under the Consumer Protection (E-Commerce) Rules, 2020. If your grievance is not resolved to your satisfaction, you may also approach the National Consumer Helpline at 1800-11-4000 or visit consumerhelpline.gov.in.
Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the "Last Updated" date at the top of this page.
For material changes — such as changes to what sensitive personal data we collect or how we use it — we will notify you via email (if you have an account) or by placing a prominent notice on our homepage, at least 7 days before the change takes effect. Your continued use of the website after the effective date constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please reach out to us through any of the following channels:
business@nidsscrochet.in
For formal / legal requests
+91 90295 62156
Fastest response
This Privacy Policy is governed by the laws of the Republic of India. Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts in Mumbai, Maharashtra.