Privacy Policy

1. Introduction & Scope

MayaPlaza ("we", "us", "our") is a digital electronics and appliances retail platform based in Guruvayoor, Kerala, India. We are committed to safeguarding the personal information of every individual who visits, browses, registers, or shops on our website (collectively referred to as "you", "your", "User").

This Privacy Policy applies to all personal data collected through our website, mobile-optimized site, and any related services, tools, or communications (collectively, the "Platform"). It does not apply to third-party websites linked from our Platform — those are governed by their own privacy policies.

2. Information We Collect

We collect information from you in two primary ways: (a) information you voluntarily provide to us, and (b) information that is automatically generated when you interact with our Platform.

2.1 Information You Provide Directly

• Account Registration: Full name, email address, mobile number, and a password (stored in encrypted form).
• Delivery Information: Complete shipping address including house/flat number, street, locality, city, state, and PIN code.
• Payment Information: Payment is processed via Razorpay. We do not receive or store your full card number, CVV, or net banking credentials. We may retain the last 4 digits of a card for display purposes only.
• Communications: Messages, emails, or support tickets you send to our customer care team, including any attachments.
• Reviews & Ratings: Product reviews, star ratings, and feedback you submit on the Platform.
• Preferences: Your wishlist, saved addresses, notification preferences, and communication opt-ins/opt-outs.

2.2 Information Collected Automatically

• Device & Browser Information: IP address, device type, operating system, browser name and version, screen resolution, and language preferences.
• Usage Data: Pages viewed, time spent on each page, clickstream patterns, products browsed, search queries entered, and cart activity.
• Cookies & Tracking Technologies: Session cookies, persistent cookies, pixel tags, and web beacons (see Section 6 for details).
• Location Data: General geographic location derived from your IP address. We do not access your GPS location unless you explicitly enable it for hyper-local features.
• Referral Data: The website, search engine, or advertisement that referred you to our Platform.

2.3 Information from Third Parties

• If you connect a third-party account (e.g., Google Sign-In), we may receive your name, email address, and profile picture from that provider, subject to the permissions you grant.
• Our payment partner Razorpay may share transaction status and fraud risk scores with us to facilitate order processing.
• Logistics partners may share delivery status updates and proof-of-delivery confirmation.

3. How We Use Your Information

We use the information we collect for the following purposes, based on the legal grounds indicated:

3.1 Fulfilling Your Orders (Contract Performance)

• Processing and confirming your orders and payments
• Arranging product delivery and coordinating with logistics partners
• Generating and sending invoices, receipts, and tax documents
• Processing returns, replacements, and refunds

3.2 Customer Support (Legitimate Interest)

• Responding to your queries, complaints, and support requests
• Following up on unresolved issues to ensure customer satisfaction
• Maintaining records of past interactions for context in future support

3.3 Personalization & Platform Improvement (Legitimate Interest)

• Recommending products based on your browsing history and purchase patterns
• Displaying personalized promotions, offers, and recently viewed items
• Analyzing usage data to identify and fix bugs, improve navigation, and optimize load times
• Conducting A/B testing to evaluate new features before full rollout

3.4 Marketing Communications (Consent-Based)

• Sending promotional emails, SMS, or WhatsApp messages about new products, sales, and exclusive offers — only if you have opted in
• Running retargeting advertisements on third-party platforms (Google, Meta) using anonymized audience data
• You may opt out of all marketing communications at any time by clicking "Unsubscribe" in any email or contacting us directly

3.5 Security & Fraud Prevention (Legal Obligation / Legitimate Interest)

• Detecting and investigating suspicious account activity, fraudulent orders, or payment anomalies
• Verifying your identity when you contact customer support for sensitive account changes
• Maintaining security logs and monitoring access patterns to protect our systems

3.6 Legal Compliance (Legal Obligation)

• Retaining transaction and tax records as mandated under Indian GST law
• Responding to lawful requests from government or regulatory authorities
• Enforcing our Terms & Conditions and other legal agreements

4. Sharing of Your Information

MayaPlaza does not sell, rent, or auction your personal data to third parties for their own marketing or commercial purposes. We share your data only in the following limited and necessary circumstances:

4.1 Logistics & Delivery Partners

Your name, mobile number, and delivery address are shared with our courier and logistics partners (e.g., Delhivery, Blue Dart, Ekart, DTDC) solely for the purpose of delivering your order. These partners are contractually obligated not to use your data for any other purpose.

4.2 Payment Gateway

Payment processing is handled by Razorpay, a PCI-DSS compliant payment gateway. MayaPlaza shares your order amount and contact details with Razorpay to initiate and verify transactions. Razorpay's own Privacy Policy governs how they handle your payment data.

4.3 Analytics & Marketing Service Providers

• Google Analytics: We use anonymized, aggregated data to understand how users interact with our Platform. No personally identifiable information is shared directly with Google for analytics purposes.
• Meta (Facebook) Pixel: We use the Meta Pixel to measure the effectiveness of our advertising campaigns. This uses anonymized browser-level signals and does not include your name or contact details.

4.4 Legal & Regulatory Disclosure

We may disclose your personal data to law enforcement agencies, courts, regulatory bodies, or government authorities when:

• Required by applicable Indian law, court order, or valid legal process
• Necessary to protect the rights, property, or safety of MayaPlaza, our users, or the public
• Responding to a lawful subpoena, national security request, or investigation

4.5 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or a portion of MayaPlaza's assets, your personal data may be transferred to the acquiring entity. You will be notified of any such transfer via email or a prominent notice on the Platform, and the acquiring entity will be bound by terms at least as protective as this Policy.

5. Data Retention

We retain your personal data only for as long as is necessary for the purposes outlined in this Policy, or as required by law:

• Account Data: Retained for the duration your account is active. If you request deletion, your account data will be removed within 30 days, subject to legal retention requirements.
• Order & Transaction Records: Retained for a minimum of 7 years in compliance with the Goods and Services Tax Act, 2017 and the Companies Act, 2013 (for invoicing and audit purposes).
• Support Communications: Retained for up to 3 years to provide context for ongoing or recurring support issues.
• Marketing Preferences: Records of opt-in and opt-out for marketing are retained indefinitely to honor your preferences and comply with anti-spam regulations.
• Usage & Analytics Data: Anonymized, aggregated analytics data may be retained indefinitely as it cannot be used to identify you individually.

After the applicable retention period, data is either securely deleted or anonymized so it can no longer be associated with you as an individual.

6. Cookies & Tracking Technologies

MayaPlaza uses the following types of cookies and similar technologies to enhance your experience and understand how the Platform is used:

6.1 Types of Cookies We Use

• Essential Cookies: Required for the Platform to function correctly. These include session authentication cookies that keep you logged in and cart cookies that retain your selected items. These cannot be disabled without breaking core functionality.
• Preference Cookies: Remember your settings and preferences, such as saved addresses, language preferences, and notification settings.
• Analytics Cookies: Collect anonymized data about how you navigate the Platform — pages visited, time spent, and click behavior — to help us improve the Site. Powered by Google Analytics.
• Marketing & Retargeting Cookies: Used by advertising platforms (Google Ads, Meta Ads) to show you relevant MayaPlaza advertisements after you leave our Site. These use browser-level signals and do not include your name or contact details.

6.2 Managing Cookies

You can control and delete cookies at any time through your browser settings. Most browsers allow you to:

• View and delete existing cookies
• Block all future cookies or block cookies from specific sites
• Be notified before a cookie is set

Please note that disabling essential cookies will significantly impact the functionality of MayaPlaza — for example, you may not be able to stay logged in or maintain your cart between pages.

7. Data Security

Protecting your personal data is one of our highest priorities. We implement the following technical and organizational security measures:

• SSL / TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard TLS 1.2/1.3 protocols, indicated by the padlock icon in your browser.
• Password Hashing: Your account password is stored using bcrypt hashing with a strong salt factor. We never store or transmit passwords in plain text — not even our administrators can see your password.
• Access Controls: Access to your personal data within our organization is restricted on a need-to-know basis. Only authorized personnel (e.g., customer support, fraud prevention) can access personal data, and only to the extent required for their role.
• Secure Infrastructure: Our servers are hosted on a hardened Virtual Private Server (VPS) with regular security patches, firewall protection, and intrusion detection systems.
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments to identify and remediate risks proactively.
• Payment Security: All payment transactions are handled by Razorpay, which is PCI-DSS Level 1 certified — the highest level of payment security compliance.

8. Your Rights Over Your Personal Data

Under the Digital Personal Data Protection (DPDP) Act, 2023 and other applicable Indian law, you have the following rights regarding your personal data held by MayaPlaza:

• Right to Access: You may request a copy of all personal data we hold about you, including what categories of data are stored, how they are used, and with whom they are shared.
• Right to Correction: If any personal data we hold is inaccurate, outdated, or incomplete, you have the right to request correction. You can update most information directly from your Account Settings page.
• Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data, subject to legal retention obligations (e.g., tax records). Upon deletion of your account, we will remove or anonymize all personal information not required by law within 30 days.
• Right to Withdraw Consent: Where our processing of your data is based on your consent (e.g., marketing communications), you may withdraw that consent at any time without affecting the legality of processing that occurred prior to withdrawal.
• Right to Data Portability: You may request your personal data in a commonly used, machine-readable format (such as CSV or JSON) to transfer to another service provider.
• Right to Grievance Redressal: If you believe your data rights have been violated, you have the right to file a complaint with our Data Protection Officer or with the Data Protection Board of India (once established under the DPDP Act).
• Right to Nominate: You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity, as permitted under the DPDP Act.

To exercise any of the above rights, please send a written request to support@mayaplaza.in with the subject line "Data Rights Request." We will acknowledge your request within 3 business days and respond fully within 30 calendar days. In complex cases, we may extend this by a further 30 days with prior notice.

9. Third-Party Links & Services

Our Platform may contain links to third-party websites, social media platforms, brand pages, or embedded content (such as YouTube product videos). When you click on such links or interact with such content, you leave the MayaPlaza Platform and are subject to the privacy policies and terms of those third parties.

MayaPlaza has no control over, and is not responsible for, the content, privacy practices, or security of any third-party website. We strongly encourage you to read the privacy policy of any external site you visit, especially before submitting any personal information to them.

Examples of third-party services that may be present on our Platform include: YouTube (product demo videos), Instagram (social feed embeds), Google Maps (store locator), and Razorpay (payment processing).

10. Children's Privacy

MayaPlaza's Platform is intended for use by adults aged 18 years and above. We do not knowingly collect, solicit, or process personal data from children under the age of 13 (or the applicable minimum age in your jurisdiction).

If you are a parent or guardian and believe that your child has provided personal information to us without your knowledge or consent, please contact us immediately at support@mayaplaza.in. We will promptly review the situation and, where confirmed, delete the child's personal information from our records without delay.

If we discover that we have inadvertently collected personal data from a child, we will take immediate steps to delete that information and, where appropriate, notify the parent or guardian.

11. International Data Transfers

MayaPlaza is based in India and primarily stores and processes data on servers located within India. However, some of our third-party service providers (such as Google Analytics and Meta) may process your data on servers located outside India.

Where data is transferred internationally, we ensure that appropriate safeguards are in place, including:

• Contracts with service providers that require them to protect data to standards equivalent to Indian law
• Use of Standard Contractual Clauses (SCCs) where applicable
• Ensuring that recipient countries provide an adequate level of data protection

By using MayaPlaza, you consent to the transfer of your information to countries outside India where our service providers are located, subject to the protections described above.

12. Changes to This Privacy Policy

We review and update this Privacy Policy periodically to reflect changes in our data practices, technology, regulatory requirements, or business operations. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send a notification to your registered email address describing the key changes
• Display a notice on the Platform for a reasonable period following the update

We encourage you to review this Policy regularly. If you continue to use MayaPlaza after the updated Policy takes effect, you are deemed to have accepted the revised terms. If you object to any change, you may request deletion of your account and data before the updated Policy comes into effect.

13. Contact Our Data Protection Officer

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact our dedicated Data Protection Officer (DPO):

• Email: support@mayaplaza.in (Subject: "Privacy Inquiry" or "Data Rights Request")
• Phone: +91 98765 43210 (Mon–Sat, 9 AM – 6 PM IST)
• Postal Address: Data Protection Officer, MayaPlaza Digital Store, Guruvayoor, Thrissur District, Kerala — 680101, India