Effective Date: [Insert Date – e.g., November 1, 2025]
This Privacy Policy describes how Pulpyherbs (“Pulpyherbs,” “we,” “us,” or “our”), an Indian e-commerce company dealing in natural and organic body care products and accessories, collects, uses, discloses, and protects the personal data of its users (“you” or “Data Principal”) in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.
By visiting, accessing, or using the website [Your Website URL, e.g., ] (the “Website”), you signify your clear affirmative action and unconditional agreement to the collection, use, and disclosure of your personal data as described in this Policy.
1. Scope and Applicability (DPDP Act Compliance)
This Policy applies to the processing of your digital personal data within India. As a Data Fiduciary, we are committed to processing your data in a manner that is lawful, fair, and transparent.
2. Personal Data We Collect
We collect and process various categories of personal data, which is necessary for the specified purposes outlined below.
| Category of Personal Data | Examples of Data Collected |
| Identity Data | Name, date of birth, gender. |
| Contact Data | Email address, shipping and billing address, mobile number. |
| Transaction Data | Details about orders placed (products purchased, quantity), payment method, and transaction history. |
| Financial Data | For refunds only (bank account details, IFSC code). Note: We do not collect or store your credit/debit card numbers or net banking details. This information is securely handled by our third-party payment gateways. |
| Technical Data | Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, operating system, and platform. |
| Usage Data | Information about how you use our Website, products, and services, including time spent on pages and clickstream data. |
| Marketing and Communications Data | Your preferences in receiving marketing from us and your communication preferences. |
3. Purpose of Processing Your Personal Data
Your personal data is collected and processed only for the specified, clear, and lawful purposes for which you have consented.
| Purpose of Processing | Lawful Basis (DPDP Act Principle) |
| To process and fulfill your orders | Consent, and Legitimate Use (as necessary for the service you requested) |
| To communicate regarding your purchase, account, and customer service | Consent, and Legitimate Use (as necessary for the service you requested) |
| To manage your account, track rewards, and provide a personalized experience | Consent |
| To send marketing, promotional offers, and newsletters (if subscribed) | Consent (Opt-in mechanism required) |
| To improve our Website, products, and services using analytics and research | Consent, and Legitimate Use (for business purposes) |
| To detect, prevent, and address technical issues or fraud | Legitimate Use (for security and protection of business interest) |
| To comply with legal obligations, including tax, regulatory, and audit requirements | Legitimate Use (Compliance with Law) |
4. Consent
Your consent must be free, specific, informed, unconditional, and unambiguous with a clear affirmative action.
How we obtain Consent: We will obtain your consent at the time of collecting your personal data, typically through an easily accessible notice, a pop-up on the Website, or a clearly marked checkbox before completing a transaction or registration.
Withdrawal of Consent: You have the right to withdraw your consent at any time. The withdrawal process is designed to be as easy as the process of giving consent. You can withdraw consent by [e.g., unsubscribing from emails, changing account settings, or contacting the Grievance Officer]. Withdrawal of consent may limit or prevent us from providing certain services.
5. Sharing and Disclosure of Personal Data
We do not sell your personal data. We may share your data with the following third parties strictly for the purposes mentioned in Section 3:
Logistics/Delivery Partners: To ensure the delivery of your orders (Name, Address, Mobile Number).
Payment Gateways: To process payments and refunds securely (Transaction Data, Refund Financial Data).
IT and Website Service Providers: For hosting, development, maintenance, and security.
Analytics and Marketing Partners: To analyze usage patterns and manage targeted marketing campaigns (Technical Data, Usage Data).
Law Enforcement: When legally required by a court order, statutory requirement, or government directive.
We ensure that all third-party service providers who process data on our behalf are bound by contractual obligations to implement reasonable security practices and maintain data confidentiality as per applicable Indian laws.
6. Security and Data Protection
We implement reasonable security practices and procedures (as required by the IT Act, 2000 and rules thereunder) to protect your personal data from unauthorized access, loss, misuse, disclosure, alteration, or destruction. These measures include:
SSL encryption for data transmission.
Secure firewalls and access controls.
Regular security audits and updates.
Limiting data access to authorized personnel only.
7. Data Retention and Erasure (Right to Erasure)
We will not retain your personal data for longer than is necessary for the purposes for which it was collected or as required by any statutory law.
You have the right to erasure (deletion) of your personal data when the purpose for which it was collected is no longer being served. Upon withdrawal of consent or a valid request for erasure,
