Privacy Policy

Divya Roots (“we”, “us”, “our”) operates this site and services. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with Indian law.

1. What We Collect 

We collect the following categories of personal data:

  • Contact & identifiers: name, address, email, phone.
  • Financial data: card details, transaction information.
  • Account credentials: user IDs, passwords.
  • Usage data: browsing behavior, cart activity.
  • Device info: IP, browser, device metadata.
  • Communications: customer support messages.

2. Legal Basis & Consent

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we process data based on:

  • Your free, specific, informed, unambiguous consent, obtained clearly before using cookies or payment data.
  • Other lawful grounds such as fraud prevention or legal compliance.

Consent can be withdrawn at any time, at a similar ease level 

3. How We Use Data

We process your information to:

  1. Provide & improve services — order processing, account management, personalization.
  2. Marketing — with your opt‑in, via email, SMS, and ads.
  3. Security & fraud control — verifying identity and preventing misuse.
  4. Legal compliance — responding to legal requests and obligations.

4. How We Share Data

We may share personal data with:

  • Service providers: Shopify, payment gateways, logistics, IT support.
  • Marketing partners, if you consent.
  • Legal authorities, for compliance or investigations.
  • Affiliates and in business transactions (e.g. mergers).
  • Cross-border transfers as required—only to jurisdictions with adequate protection or under contractual safeguards.

5. Children’s Data

We do not knowingly collect data from children under the age of majority. If informed otherwise, we will delete it promptly.

6. Data Retention & Security

We retain personal data only as long as necessary for our purposes or to comply with law. For large-scale e-commerce (2 cr users+), deletion is required within 3 years after the last interaction.

We follow “reasonable security practices” per IT Act 43A and SPDI Rules, such as ISO 27001-level safeguards.

7. Your Rights

As per DPDP Act, you may:

  • Access your data.
  • Correct inaccuracies.
  • Erase your data, unless required by law.
  • Port your data to another service.
  • Withdraw consent at any time.
  • Opt out of targeted advertising or data “sale/sharing”.

Requests can be made via account tools or by contacting us.

We’ll verify your identity and respond within timeframes required under Indian law.

8. Cookies & Tracking

Cookies and similar technologies are used only after obtaining your explicit consent, particularly for analytics, personalization, and marketing .

9. Third-Party Links

Our site may link to external sites not controlled by us. We are not liable for their policies or practices—review them separately.

10. Policy Updates

We may modify this Privacy Policy based on changing regulations, services, or practices. When we do, we’ll update the “Last updated” date and notify users as required.

11. Contact Us

To exercise your rights, ask questions, or lodge privacy complaints:
Email: support@divyaroots.com

If unsatisfied with our response, you may escalate your grievance to the Data Protection Board of India once established.