Privacy Policy
TAURR respects your privacy and is committed to protecting your personal data. By using the Platform, you consent to the data practices described in this Policy.
01Information We Collect
1.1 Information You Provide Directly
- Account data: name, email address, phone number, password (hashed via Supabase Auth).
- Order data: shipping address, billing address, order history, size/product preferences.
- Communication data: messages sent to customer support, reviews, feedback.
1.2 Information Collected Automatically
- Device & usage data: IP address, browser type, device identifiers, pages visited, referring URLs, timestamps — collected via standard web logs and analytics.
- Cookies & similar technologies: used for session management, cart persistence, authentication tokens, and (where enabled) analytics. See Section 6.
1.3 Information from Third Parties
- Payment confirmation data from Razorpay (transaction status, payment ID, masked card/UPI details) — TAURR never receives or stores full card numbers, CVVs, or UPI PINs.
- Shipping status data from Shiprocket and its courier partners (tracking updates, delivery confirmation, courier-assigned IDs).
We do not knowingly collect sensitive personal data such as health information, religious beliefs, or biometric data.
02How We Use Your Information
We use collected data to:
- Process and fulfil orders (payment verification, shipping, invoicing);
- Create and manage your account;
- Communicate order confirmations, shipping updates, and delivery notifications;
- Respond to customer support queries and resolve disputes/returns;
- Improve the Platform's performance, security, and user experience;
- Send promotional communications, offers, and newsletters (only with your consent, and with an opt-out available at any time);
- Detect, prevent, and investigate fraud, abuse, or security incidents;
- Comply with legal obligations, including tax, accounting, and consumer protection requirements.
03Legal Basis for Processing
We process your personal data on the basis of:
- Consent — for optional communications like marketing emails;
- Contractual necessity — to fulfil your orders and provide account services;
- Legal obligation — for tax records, grievance redressal, and regulatory compliance;
- Legitimate interest — for fraud prevention and Platform security.
You may withdraw consent for optional processing (e.g., marketing) at any time without affecting the lawfulness of processing already carried out.
04How We Store & Secure Your Data
Your account and order data is stored using Supabase (PostgreSQL-based backend infrastructure with Row-Level Security policies), and the Platform is served via Vercel. Both providers maintain industry-standard security certifications for their infrastructure.
We implement technical and organizational safeguards including encrypted data transmission (HTTPS/TLS), access controls, Row-Level Security (RLS) policies restricting data access to authorized systems only, and hashed password storage.
Payment data is never stored on TAURR's servers — it is processed and stored exclusively within Razorpay's PCI-DSS compliant systems.
While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users and relevant authorities in the event of a data breach, as required under applicable law.
Your data may be processed or stored on servers located outside India, depending on the hosting regions used by Vercel/Supabase. We take reasonable steps to ensure such transfers comply with the DPDP Act, 2023 and offer equivalent protection.
05Data Sharing & Disclosure
We share your information only as necessary, with:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Razorpay | Payment processing | Order amount, contact details, transaction reference |
| Shiprocket & courier partners | Order shipping & delivery | Name, address, phone number, order details |
| Email/SMS service providers | Transactional notifications | Name, email/phone, order status |
| Law enforcement/regulators | Legal compliance | As required by valid legal request |
We do not sell, rent, or trade your personal data to third parties for their independent marketing purposes.
Any future third-party integrations (e.g., analytics, marketing tools) will be reflected in updates to this Policy.
06Cookies & Tracking Technologies
We use cookies and similar technologies for:
- Essential functions: login sessions, cart contents, checkout flow (via Supabase Auth session tokens);
- Preferences: remembering size/display preferences;
- Analytics (if enabled): understanding aggregate usage patterns to improve the Platform.
You can control or disable cookies through your browser settings. Disabling essential cookies may affect core functionality (e.g., login, cart persistence).
07Data Retention
We retain your account and order data for as long as your account remains active, and thereafter as required to comply with legal, tax, and accounting obligations (typically up to 8 years for transaction records under Indian law).
You may request deletion of your account and associated personal data at any time (see Section 8), subject to our right to retain data necessary for legal compliance or dispute resolution.
08Your Rights
Under the DPDP Act, 2023, you have the right to:
- Access — request a copy of the personal data we hold about you;
- Correction — request correction of inaccurate or incomplete data;
- Erasure — request deletion of your data, subject to legal retention requirements;
- Withdraw consent — opt out of optional processing (e.g., marketing) at any time;
- Grievance redressal — raise concerns about how your data is handled;
- Nominate — nominate another individual to exercise your rights in the event of death or incapacity.
To exercise any of these rights, contact us at farhan.khalid@taurr.in. We will respond within the timelines prescribed by applicable law (typically within 30 days).
09Children's Privacy
The Platform is not directed at children under 18. We do not knowingly collect personal data from minors without verifiable parental/guardian consent. If we become aware that we have inadvertently collected such data, we will delete it promptly.
10Third-Party Links
The Platform may contain links to third-party websites (e.g., social media, payment gateway pages). We are not responsible for the privacy practices of these external sites. We encourage you to review their respective privacy policies.
11Marketing Communications & Opt-Out
You may opt out of promotional emails/SMS at any time by clicking "unsubscribe" in our emails or contacting taurr@taurr.in. You will continue to receive essential transactional communications (order confirmations, shipping updates) regardless of marketing preferences.
12Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. The "Last Updated" date at the top will reflect the most recent revision. Material changes will be communicated via the Platform or email where appropriate.
13Grievance Officer / Data Protection Contact
In accordance with the DPDP Act, 2023 and IT Act, 2000, grievances regarding your personal data may be directed to:
If unsatisfied with our response, you may escalate the matter to the Data Protection Board of India under the DPDP Act, 2023.