Privacy Policy

TIVAE (“Company”, “we”, “our”, “us”) operates the e-commerce website tivae.in. We are committed to safeguarding your privacy and protecting your personal data in compliance with:

  1. Information Technology Act, 2000 & SPDI Rules, 2011 (India)
  2. General Data Protection Regulation (GDPR), where applicable
  3. Shopify platform requirements
  4. Razorpay & Stripe data security and privacy standards

By accessing or using our website, you agree to this Privacy Policy.

1. Information We Collect

1.1 Personal Information

  1. Name
  2. Email address
  3. Phone number
  4. Billing and shipping address

1.2 Payment Information (Gateway-Compliant)

  1. Payments are processed through Razorpay / Stripe or other PCI-DSS compliant gateways.
  2. We do not store, process, or have access to your card, UPI, or banking details.
  3. Payment data is handled directly by the payment service provider in accordance with their privacy policies.

1.3 Automatically Collected Data

  1. IP address
  2. Device and browser information
  3. Cookies and usage analytics
  4. Shopify-generated customer and order data

2. Legal Basis for Processing (GDPR)

We process personal data based on:

  1. User consent
  2. Contractual necessity (order fulfillment)
  3. Legal obligations (taxation, fraud prevention)
  4. Legitimate business interests (security, analytics, service improvement)

3. Purpose of Data Usage

Your information is used to:

  1. Process and fulfill orders
  2. Provide customer support
  3. Manage shipping, returns, and refunds
  4. Communicate transactional updates
  5. Improve website performance and security
  6. Send marketing communications (only with opt-in consent)

4. Shopify Platform Compliance

Our store is hosted on Shopify Inc., which provides us with the e-commerce platform. Your data may be stored through:

  1. Shopify’s secure data storage
  2. Shopify applications necessary for store functionality

Shopify maintains PCI-DSS compliance and industry-standard security practices.

5. Razorpay & Stripe Compliance

  1. We use Razorpay and/or Stripe to process payments.
  2. These providers comply with PCI-DSS standards and maintain strict security protocols.
  3. TIVAE is not responsible for the data practices of payment gateways, which are governed by their respective privacy policies.

6. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  1. Enable essential store functionality
  2. Analyze traffic and improve user experience
  3. Support Shopify analytics and third-party integrations

You may control cookie preferences through your browser settings.

7. Data Sharing & Disclosure

We do not sell personal data.

Data may be shared only with:

  1. Shopify and authorized Shopify apps
  2. Payment gateways (Razorpay / Stripe)
  3. Courier and logistics partners
  4. Analytics and IT service providers
  5. Legal or regulatory authorities when required by law

All third parties are contractually obligated to maintain confidentiality and data security.

8. Data Retention

  1. Personal data is retained only as long as required to fulfill business and legal obligations.
  2. Payment data is retained solely by payment gateways as per their compliance requirements.
  3. Data is securely deleted or anonymized when no longer needed.

9. Data Security Measures

  1. We follow reasonable security practices as mandated under Indian law.
  2. Access to personal data is restricted and monitored.
  3. Despite safeguards, no system is completely secure; TIVAE shall not be liable for breaches beyond reasonable control.

10. User Rights (GDPR & Indian IT Act)

You have the right to:

  1. Access your personal data
  2. Correct or update information
  3. Withdraw consent
  4. Request deletion (subject to legal requirements)
  5. Opt out of marketing communications

Requests can be submitted via the contact information available on tivae.in.

11. International Data Transfers

Data may be processed outside India or the EU via Shopify, Razorpay, or Stripe servers. All transfers are protected by appropriate safeguards in line with GDPR.

12. Third-Party Links

Our website may contain links to third-party services. TIVAE is not responsible for their privacy practices.

13. Children’s Privacy

We do not knowingly collect personal data from individuals under 18 years of age.

14. Policy Updates

This Privacy Policy may be updated at any time. Changes will be posted on this page and are effective immediately.

15. Grievance Officer (IT Act Compliance)

In accordance with the Information Technology Act, any grievances related to data protection may be addressed through the contact details provided on tivae.in.