Privacy Policy – roottoroom.store

Root to Room (“we,” “us,” or “our”) operates roottoroom.store (the “Site”) and provides our products and customer support (the “Services”). This Privacy Policy explains what personal information we collect, how we use and share it, and the choices you have.

If you have questions, contact us at privacy@roottoroom.store or support@roottoroom.store.

 

1) Information We Collect

We collect information that you provide, information collected automatically, and information from service providers.

A. Information You Provide

  • Account & Orders: name, email, phone, billing and shipping address.
  • Payments: transaction details (processed via Razorpay; we do not store full card/UPI credentials).
  • Support: emails, messages (including WhatsApp chats), feedback, returns/refund requests.
  • Preferences: newsletter opt‑ins and communication choices.

B. Information Collected Automatically

  • Device & Usage: IP address, browser and device type, operating system, pages viewed, time on page, referring URLs, and clickstream data.
  • Cookies & Similar Tech: cookies, pixels, local storage (see Cookies below).

C. Information From Service Providers

  • Payments: confirmations and settlement data from Razorpay.
  • Shipping & Returns: pickup, delivery, and return statuses from Shiprocket, Delhivery, Ecom Express.
  • Analytics/Ads: aggregated usage and campaign performance from Google Analytics (GA4) and Meta Pixel.
  • Email/SMS: delivery status and engagement via Microsoft 365 and SMSGateway.

 

2) How We Use Your Information (Purposes)

We use personal information to:

  • Process orders: payments, shipping, returns, and refunds.
  • Provide support: respond to queries and resolve issues.
  • Operate and secure the Site: authentication, fraud prevention, and error debugging.
  • Improve the experience: analytics, A/B testing, product and site improvements.
  • Personalize content: show relevant products and offers.
  • Marketing (with consent or as allowed by law): newsletters, promotions; you may unsubscribe anytime.
  • Legal compliance: tax, accounting, record‑keeping, and regulatory requirements.

Legal bases (EU/UK): contract performance, legitimate interests (security and improvement), consent (e.g., marketing/advertising cookies), and legal obligations.
 India (DPDP Act, 2023): we process personal data for lawful purposes with consent where required and apply reasonable security safeguards.

 

3) Cookies & Similar Technologies

We use cookies and similar tools to:

  • Keep you signed in and remember preferences
  • Analyze site performance
  • Personalize content and measure ads

You can manage cookies via your browser and (if implemented) our Cookie Preferences banner. Disabling some cookies may limit functionality.

Cookie categories we may use:

  • Strictly Necessary (essential functions)
  • Performance/Analytics (GA4)
  • Functional (remember choices)
  • Advertising/Retargeting (Meta Pixel)

Want a detailed Cookie Policy with a cookie table? I can generate it on request.

 

4) How We Share Information

We do not sell personal information. We share data only with:

  • Service Providers/Processors:
    • Razorpay (payments)
    • Shiprocket, Delhivery, Ecom Express (logistics/returns)
    • Microsoft 365 and SMSGateway (email/SMS)
    • Google Analytics (GA4) and Meta Pixel (analytics/ads)
    • WordPress (Hostinger) and Cloudflare (hosting/CDN/security)
      These providers are contractually limited to processing on our instructions.
  • Business Transfers: if we undergo a merger, acquisition, or asset sale.
  • Legal & Safety: to comply with law, enforce our terms, or protect rights and security.
  • With Your Consent: when you direct us to share (e.g., with a third‑party app).

 

5) International Data Transfers

We may store or process data in India, the EU/UK, or other countries (e.g., U.S.).
 For EU/UK transfers, we use appropriate safeguards (such as Standard Contractual Clauses).
 For India, we follow reasonable security practices under the DPDP Act, 2023.

 

6) Data Retention

We keep personal data only as long as needed:

  • Orders & Finance: typically 7–10 years (tax and accounting obligations)
  • Account Data: for as long as your account is active
  • Marketing: until you opt out or withdraw consent
  • Disputes/Security: as needed to protect legal rights or prevent fraud

We delete or anonymize data when it is no longer required.

 

7) Your Privacy Rights

Your rights depend on applicable law and your location.

India (DPDP Act, 2023)

  • Access, correction, deletion
  • Consent withdrawal (where applicable)
  • Grievance redressal
  • Nomination (where enabled by law)
  • Contact: privacy@roottoroom.store or our Grievance Officer (below)

EU/UK (GDPR/UK GDPR)

  • Access, rectification, erasure, restriction, portability, objection
  • Withdraw consent at any time
  • Lodge a complaint with your supervisory authority
  • Contact: privacy@roottoroom.store

California (CCPA/CPRA)

  • Know/access and delete certain personal information
  • Correct inaccuracies
  • Opt out of “sale” or “sharing” for cross‑context behavioral advertising
  • Non‑discrimination for exercising rights

We verify requests and respond within statutory timelines. Some rights may be limited by legal or contractual obligations.

 

8) Security

We use administrative, technical, and organizational measures appropriate to the data we process (e.g., encryption in transit, access controls, least‑privilege, logging, Cloudflare CDN/security). No system is fully secure—please protect your account credentials and notify us of any suspected unauthorized access.

 

9) Children’s Privacy

Our Services are not intended for children under 13 (or the age of consent in your region). We do not knowingly collect data from children. If you believe a child provided data, contact us to delete it.

 

10) Third‑Party Links & Features

Our Site may link to or embed third‑party services (e.g., social media, WhatsApp chat). Their privacy practices are separate—please review their policies before using them.

 

11) Email, SMS & WhatsApp Communications

  • Transactional messages (order confirmations, shipping updates) are necessary and will be sent regardless of marketing preferences.
  • Marketing messages (email/SMS/WhatsApp) are sent with consent or as permitted by law. You can unsubscribe via the link in the message or by contacting us.

 

12) Do Not Track & Global Privacy Control

Some browsers send Do Not Track or Global Privacy Control (GPC) signals. Where required, we honor these for applicable processing (e.g., CPRA “sale”/“sharing” opt‑out).

 

13) Changes to This Policy

We may update this Policy from time to time. When we change it, we will update the “Last Updated” date above. For material changes, we may also provide an on‑site notice or email. Please check back regularly.

 

14) Contact Us


 Email: privacy@roottoroom.store and support@roottoroom.store

Grievance Officer (India – DPDP Act, 2023)


 Email: grievance@roottoroom.store
 Timelines: We aim to acknowledge grievances within 48 hours and resolve them within 30 days.

 

15) Service Providers We Use (Current Stack)

  • Payments: Razorpay
  • Shipping & Returns: Shiprocket, Delhivery, Ecom Express
  • Email/SMS: Microsoft 365 (Outlook), SMSGateway
  • Hosting/CDN/Security: WordPress (Hostinger), Cloudflare
  • Helpdesk/Chat: WhatsApp

We use these providers to run our Services. They process your data only under our instructions and in line with their own privacy and security standards.