Skip to Content
Find a Store Track Order Warranty Registration
+91 9999784595 business@khaticraft.com

PRIVACY POLICY

Khaticraft Furnishing & Decor Solutions Pvt. Ltd.

Effective Date: 17 May 2026   |   Last Updated: 17 May 2026

Khaticraft Furnishing & Decor Solutions Pvt. Ltd. ("Khaticraft," "we," "our," or "us") values the trust you place in us and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your personal information when you visit www.khaticraft.com (the "Website"), interact with our brand on social media, place an order, or otherwise engage with us.

This Policy is published in compliance with:

•       The Digital Personal Data Protection Act, 2023 ("DPDP Act")

•       The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

•       The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

•       The General Data Protection Regulation (GDPR) where applicable to EU visitors

•       Other applicable Indian laws and regulations

By accessing or using our Website or services, you consent to the practices described in this Policy. If you do not agree, please do not use our Website or services.

1. Who We Are

Legal Name: Khaticraft Furnishing & Decor Solutions Pvt. Ltd.

Registered Head Office: G1-54, RIICO Industrial Area, Sadulpur, Churu, Rajasthan- 331023, India

Operational Office: Plot No. 9A & 31, Furniture Block, WHS Kirti Nagar, New Delhi – 110015, India

Website: www.khaticraft.com

Email: care@khaticraft.com

Nature of Business: Manufacturing and retail of furniture, furnishing, and decor solutions

2. Personal Data We Collect

We collect personal data that is necessary to provide our products and services, fulfill our legal obligations, and improve your experience.

a. Identity & Contact Information

•       Full name

•       Phone number / WhatsApp number

•       Email address

•       Billing address and shipping address

•       GST number (for business customers)

b. Transactional Information

•       Order details, product preferences, and purchase history

•       Payment confirmation data (Note: full card numbers, CVV, and banking credentials are NEVER stored by us — these are processed directly by PCI-DSS compliant payment gateway partners)

•       Invoices, receipts, and delivery records

•       Refund and return requests

c. Technical & Usage Data

•       IP address and approximate geolocation

•       Browser type, version, and language settings

•       Device identifiers, operating system, and screen resolution

•       Date and time of visits, pages viewed, and clickstream data

•       Referral source (e.g., Google search, Facebook ad)

•       Cookies, web beacons, pixels, and similar tracking technologies

d. Marketing & Behavioral Data

•       Products viewed, wishlisted, or added to cart

•       Email opens, clicks, and engagement with our communications

•       Interactions with our Facebook, Instagram, and Google ads

•       Survey responses and feedback

e. Communication Data

•       Records of correspondence via email, phone, WhatsApp, and chat

•       Customer support tickets and complaints

•       Reviews, ratings, and testimonials submitted by you

f. Marketplace Data

If you purchase from us through Amazon, Flipkart, or other third-party marketplaces, we receive limited order and shipping data from those platforms, governed by their respective privacy policies.

3. How We Collect Your Data

•       Directly from you when you place an order, fill a contact form, subscribe to our newsletter, or communicate with us

•       Automatically through cookies and tracking technologies when you browse our Website

•       From third-party platforms such as Meta (Facebook/Instagram), Google, Amazon, and Flipkart when you interact with our ads or marketplace listings

•       From payment gateways and logistics partners regarding transaction and delivery status

4. Purpose of Data Collection (How We Use Your Data)

We process your personal data for the following lawful purposes:

•       To process, fulfill, and deliver your orders

•       To communicate order confirmations, shipping updates, and delivery notifications

•       To respond to your inquiries, complaints, and customer service requests

•       To issue invoices, receipts, and process refunds

•       To verify your identity and prevent fraud, chargebacks, and unauthorized transactions

•       To personalize your shopping experience and recommend relevant products

•       To analyze website performance, customer behavior, and improve our services

•       To send promotional communications, offers, and newsletters (only with your consent)

•       To run advertising campaigns on Meta, Google, and other platforms

•       To comply with legal, tax, accounting, and regulatory obligations

•       To enforce our Terms of Service and protect our legal rights

5. Lawful Basis for Processing

Under the DPDP Act, GDPR (where applicable), and other laws, we rely on the following lawful bases to process your personal data:

Consent — when you explicitly agree (e.g., marketing emails, cookies)

Contractual Necessity — when processing is required to fulfill your order or honor warranty obligations

Legal Obligation — to comply with tax laws, consumer protection laws, and regulatory requirements

Legitimate Interest — for fraud prevention, business analytics, service improvement, and similar purposes that do not override your rights

6. Marketing, Advertising & Analytics

To grow our business and serve you better, we use industry-standard marketing and analytics tools. These tools may collect anonymized or pseudonymized data about your interactions with our Website and ads.

Tracking Technologies We Use:

•       Meta Pixel and Conversions API (Facebook & Instagram) — to measure ad performance, build Custom Audiences, and create Lookalike Audiences

•       Google Analytics 4 (GA4) — to analyze website traffic and user behavior

•       Google Ads Conversion Tracking and Remarketing Tag

•       Microsoft Clarity or similar session replay tools — for user experience optimization

•       Email marketing platforms (e.g., Mailchimp, Klaviyo, or equivalent) — for newsletters and transactional emails

•       CRM and customer support tools — for order and ticket management

Custom Audiences & Lookalike Audiences:

With your consent, we may share hashed (irreversibly encrypted) versions of your email address or phone number with Meta and Google to create Custom Audiences. This allows us to show you relevant ads and find new customers with similar interests. No identifiable raw data is shared, and these platforms cannot use this data for any purpose other than serving our ads.

Your Choices:

•       You can opt out of Meta ad personalization via your Facebook/Instagram Ad Preferences

•       You can opt out of Google ad personalization via Google Ad Settings (adssettings.google.com)

•       You can disable cookies via your browser settings

•       You can unsubscribe from our marketing emails using the link in any email

7. Payment Information & Security

All payments on our Website are processed through PCI-DSS compliant third-party payment gateway partners including but not limited to:

•       Razorpay

•       Other authorized payment gateways (which may be added from time to time)

Important: Khaticraft does NOT store, process, or have direct access to your full credit/debit card number, CVV, UPI PIN, net banking passwords, or other sensitive payment credentials. All payment data is transmitted directly to the gateway over encrypted (TLS 1.2 or higher) connections.

We receive only a transaction confirmation, masked card details (last 4 digits), and payment status from the gateway, which we retain for accounting, refund processing, and fraud prevention purposes.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. However, we may share your data with trusted third parties only to the extent necessary for the purposes described in this Policy:

Service Providers:

•       Payment gateway partners (Razorpay and other authorized gateways)

•       Logistics and courier partners (e.g., Delhivery, BlueDart, XpressBees, FedEx, DTDC) for product delivery

•       Cloud hosting and IT infrastructure providers

•       Marketing, CRM, and email service providers (only with your opt-in consent)

•       Customer support and helpdesk software providers

Marketplaces & Channel Partners:

•       Amazon, Flipkart, and other online marketplaces (when you purchase via those platforms)

•       Authorized dealers and franchise partners (limited to order fulfillment only)

Advertising Partners:

•       Meta Platforms Inc. (Facebook & Instagram)

•       Google LLC (Google Ads, Google Analytics)

•       Other advertising networks as added from time to time

Legal & Regulatory:

•       Government authorities, regulators, courts, or law enforcement agencies when required by law or to protect our legal rights

•       Professional advisors (auditors, lawyers, accountants) under strict confidentiality

Corporate Transactions:

•       In case of a merger, acquisition, or sale of business assets, your data may be transferred to the successor entity, subject to the same privacy protections

All third-party recipients are bound by appropriate confidentiality and data protection obligations through written agreements.

9. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to provide and improve our services. Cookies are small files stored on your device that help us remember your preferences and analyze how you use our Website.

Types of Cookies We Use:

Essential Cookies: Required for website functionality (e.g., shopping cart, login)

Performance Cookies: Help us understand how visitors use our Website

Functional Cookies: Remember your preferences (e.g., language, currency)

Advertising Cookies: Used to deliver relevant ads on Meta, Google, and other platforms

On your first visit, you will see a cookie consent banner where you can accept all cookies, reject non-essential cookies, or customize your preferences. You can also manage cookies via your browser settings, but disabling certain cookies may affect website functionality.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy or as required by law:

Order & Transaction Records: Minimum 8 years (as required by the Companies Act, GST Act, and Income Tax Act)

Customer Account Data: Until you request deletion or close your account

Marketing Data: Until you withdraw consent or unsubscribe

Website Analytics Data: Typically 14–26 months (per GA4 defaults)

Customer Support Records: Up to 3 years after the last interaction

Cookie Data: Varies by cookie type (typically 30 days to 2 years)

After the applicable retention period, your data is securely deleted, anonymized, or archived as per industry best practices.

11. Your Rights as a Data Principal

Under the DPDP Act, GDPR, and other applicable laws, you have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you

Right to Correction: Request correction of inaccurate, incomplete, or outdated data

Right to Erasure: Request deletion of your data (subject to legal retention requirements)

Right to Withdraw Consent: Withdraw consent at any time (where consent is the lawful basis)

Right to Data Portability: Receive your data in a structured, machine-readable format

Right to Object: Object to processing for direct marketing or based on legitimate interests

Right to Nominate: Nominate another individual to exercise your rights in case of death or incapacity (under DPDP Act)

Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India

To exercise any of these rights, please email us at care@khaticraft.com with the subject line "Data Rights Request." We will respond within 30 days (or as required by applicable law).

12. Account Deletion

If you wish to delete your Khaticraft account and associated personal data, you can:

•       Email us at care@khaticraft.com with the subject "Account Deletion Request"

•       Visit your account settings on our Website (where available)

Please note that some data may be retained for legal, accounting, or fraud-prevention purposes even after account deletion, as permitted by law.

13. Data Security

We implement robust technical, administrative, and physical safeguards to protect your personal data, including:

•       SSL/TLS encryption for all data transmission

•       Secure data storage with access controls and authentication

•       Regular security audits, vulnerability assessments, and penetration testing

•       Employee training on data privacy and confidentiality

•       Contractual safeguards with all third-party service providers

•       Incident response procedures for data breach handling

Despite our best efforts, no system is 100% secure. If you suspect any unauthorized access to your account, please notify us immediately.

14. Data Breach Notification

In the unfortunate event of a personal data breach that is likely to cause significant harm to you, we will:

•       Notify the Data Protection Board of India within the timeframe prescribed under the DPDP Act

•       Notify affected users without undue delay, with information about the nature of the breach, potential consequences, and steps being taken

•       Take immediate remedial action to contain and mitigate the breach

15. Cross-Border Data Transfers

Khaticraft primarily processes and stores your data within India. However, some of our service providers (e.g., cloud hosting, advertising platforms, analytics tools) may process data outside India, including in the United States, European Union, or other jurisdictions.

When data is transferred outside India, we ensure appropriate safeguards are in place, such as standard contractual clauses or transfers to jurisdictions notified as adequate by the Government of India under the DPDP Act.

16. Third-Party Links

Our Website may contain links to third-party websites, social media platforms, or services (e.g., Facebook, Instagram, Amazon, Flipkart, YouTube). We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party site you visit.

17. WhatsApp, SMS & Email Communications

By providing your phone number or email, you consent to receive transactional communications (e.g., order confirmations, shipping updates, payment receipts) via SMS, WhatsApp, email, or phone calls, in compliance with TRAI regulations and applicable laws.

Promotional communications will only be sent with your explicit opt-in consent, and you may opt out at any time by:

•       Clicking "Unsubscribe" in any marketing email

•       Replying "STOP" to any promotional SMS or WhatsApp message

•       Emailing us at care@khaticraft.com

18. Children's Privacy

Our Website and services are intended for individuals 18 years of age or older. We do not knowingly collect personal data from children under 18. If a parent or guardian becomes aware that their child has provided us with personal data without consent, please contact us immediately at care@khaticraft.com, and we will take steps to delete such information.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. The updated Policy will be posted on our Website with a revised "Last Updated" date. For significant changes, we will provide additional notice via email or a prominent notice on our Website.

Your continued use of our Website after such changes constitutes your acceptance of the updated Policy.

20. Grievance Officer

In compliance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the name and contact details of our Grievance Officer / Data Protection Officer are as follows:

Name: Ms. Pooja Kumari Jangra

Designation: Grievance Officer & Data Protection Officer

Company: Khaticraft Furnishing & Decor Solutions Pvt. Ltd.

Address: Plot No. 9A & 31, Furniture Block, WHS Kirti Nagar, New Delhi – 110015, India

Email: care@khaticraft.com

Phone: +91-79885 83676

Working Hours: Monday to Friday, 10:00 AM – 6:00 PM IST (excluding public holidays)

We endeavor to acknowledge grievances within 48 hours and resolve them within 15 (fifteen) days of receipt, in accordance with applicable laws.

21. Contact Us

For any questions, concerns, or feedback about this Privacy Policy or our data practices, please contact us at:

Email: care@khaticraft.com

Address: Plot No. 9A & 31, Furniture Block, WHS Kirti Nagar, New Delhi – 110015, India

Website: www.khaticraft.com

 

Thank you for trusting Khaticraft. Your privacy and data security are our priority.