Privacy Policy — Atelier Ākāra

Section 01

Introduction

This Privacy Policy applies to the website akaraonline.co.in and all services operated by Precision Forge Labs under the brand Atelier Ākāra ("we," "us," "our"). By accessing our website or placing an order, you acknowledge that you have read and understood this policy.

We are a Data Fiduciary as defined under the DPDP Act 2023, and we take that responsibility seriously. We only collect data that is necessary, store it only for as long as required, and never sell it to third parties.

Plain language summary: We collect your name, email, phone, and shipping address to process your orders. We do not sell your data, we do not use advertising cookies, and you can request deletion of your account at any time.

Section 02

Data Controller

The entity responsible for your personal data under this policy is:

Legal Entity

Precision Forge Labs

Trading As

Atelier Ākāra

GSTIN

27GZCPS9353H1ZQ

Registered State

Maharashtra, India

DPO Email

dpo@akaraonline.co.in

Response Time

Within 72 hours

Section 03

Personal Data We Collect

3.1 Information You Provide

Account Information: First name, last name, email address, phone number
Delivery Information: Shipping address, city, state, pin code
GST / Business Information: GSTIN and company name (optional, for B2B invoice requests)
Payment Information: Processed securely via Razorpay or bank transfer — we do not store card details or UPI credentials
Communications: Messages you send via our contact form or email

3.2 Information Collected Automatically

Session Data: Login session tokens (stored in your browser, expire on sign-out)
Usage Data: Pages viewed, products browsed (anonymised, not linked to your identity unless signed in)
Device Information: Browser type and operating system (anonymised, used only for error reporting)

We do not collect: Biometric data, sensitive financial data, racial or ethnic origin, religious beliefs, or health data.

Section 04

How We Use Your Data

We process your personal data only for the purposes listed below. We do not use your data for profiling, automated decision-making, or targeted advertising.

Purpose	Legal Basis	Data Used
Processing and fulfilling your orders	Contract performance	Name, email, address, payment status
Sending order confirmations and shipping updates	Contract performance	Email, phone
Issuing GST invoices	Legal obligation	Name, address, GSTIN
Responding to customer support queries	Legitimate interest	Email, order details
Sending marketing emails (newsletters)	Consent (opt-in only)	Email address
Fraud prevention and account security	Legitimate interest	Login session, email

Section 05

Your Rights Under the DPDP Act 2023

As a Data Principal under India's Digital Personal Data Protection Act 2023, you have the following rights:

📋

Right to Access

Request a copy of all personal data we hold about you.

Email dpo@akaraonline.co.in or use "Export My Data" in your account settings.

✏️

Right to Correction

Update incorrect or incomplete personal information.

Edit directly in My Account → Profile.

🗑️

Right to Erasure

Request deletion of your account and personal data.

Use My Account → Delete Account, or email us.

📦

Right to Portability

Download your data in machine-readable JSON format.

Email dpo@akaraonline.co.in — delivered within 7 days.

🚫

Right to Withdraw Consent

Opt out of marketing emails at any time.

Click Unsubscribe in any marketing email, or email us.

⚖️

Right to Grievance Redressal

Lodge a complaint if you believe your data rights have been violated.

Email dpo@akaraonline.co.in — we respond within 72 hours.

Exception — Right to Erasure: We are legally required to retain GST invoices and financial records for 7 years under the Income Tax Act and GST rules. Account data linked to those records will be anonymised rather than deleted.

Section 06

Data Sharing

We do not sell, trade, or rent your personal data to third parties. We share data only in the following limited circumstances:

Payment processors: Razorpay receives your payment information to process transactions. Their privacy policy applies to data they handle.
Logistics partners: We share your name, phone, and delivery address with our shipping partner to fulfil your order.
Cloud infrastructure: Your data is stored on Supabase (PostgreSQL) hosted on AWS. Data is stored in India.
Legal authorities: We disclose data if required by law, court order, or government authority in India.

All third-party processors are required by contract to handle your data in compliance with applicable Indian law.

Section 07

Data Retention

Data Type	Retention Period	Reason
Account profile and preferences	Until account deletion	Service provision
GST invoices and order records	7 years from order date	Income Tax Act & GST rules
Customer support communications	2 years	Dispute resolution
Newsletter subscription	Until unsubscription	Consent-based
Anonymised usage analytics	12 months, rolling	Product improvement

After the applicable retention period, data is securely deleted or irreversibly anonymised.

Section 08

Security

We implement industry-standard technical and organisational security measures to protect your personal data:

All data transmission uses HTTPS / TLS 1.2+ encryption
Passwords are hashed and never stored in plain text (handled by Supabase Auth)
Database access is restricted to authorised personnel only
Payment data is handled entirely by PCI-DSS compliant Razorpay — we never see your card details
Admin access requires email-based authentication with a single authorised email address

In the event of a data breach affecting your rights, we will notify you within 72 hours of becoming aware of it, as required by the DPDP Act 2023.

Section 09

Cookies

We use only essential, strictly necessary cookies. We do not use advertising cookies, tracking pixels, or cross-site analytics.

Cookie	Purpose	Duration
Supabase session token	Keeps you signed in to your account	7 days or until sign-out
akara_cart (localStorage)	Stores your shopping cart locally in the browser	Until cleared by user

These cookies cannot be disabled without breaking core website functionality (sign-in, checkout). No consent banner is required for strictly necessary cookies under applicable law.

Section 10

Children's Privacy

Our website and services are intended for adults aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us immediately at dpo@akaraonline.co.in and we will promptly delete the account.

Section 11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Send a notification to registered customers by email
Keep a version history available on request

Continued use of our website after changes are posted constitutes acceptance of the updated policy.

Section 12

Contact Us

For any questions, requests, or complaints regarding your personal data, please contact our Data Protection Officer:

Data Protection Officer

dpo@akaraonline.co.in

General Support

support@akaraonline.co.in

Response Time

72 hours for data requests

Phone

+91 82780 85572

If you are unsatisfied with our response, you may escalate a complaint to the Data Protection Board of India once established under the DPDP Act 2023.