1.  Introduction

1.1.  This Privacy Policy explains how Aadai Private Limited (“Aadai”, “we”, “us”, or “our”) processes your personal data when you visit our website, use our mobile application, interact with customer services and make purchases through our website. It sets out the categories of personal data we collect, the purposes for which we process it, the legal bases that permit that processing, and your rights. It also describes our safeguards, retention practices, grievance redressal mechanism and how we handle international transfers. By using our services, you agree to the terms described in this Privacy Policy as amended from time to time in accordance with applicable Indian laws.

1.2.  We recognise your right to protect your personal data and the need to process personal data for lawful purposes in a fair, transparent and secure manner. We commit to processing in accordance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and applicable rules, and the Consumer Protection (E-Commerce) Rules, 2020. We design notices to be clear and accessible, and we offer mechanisms to exercise rights without undue burden. Our approach balances service delivery with respect for privacy and security.

1.3.  This Privacy Policy is an electronic record under the Information Technology Act, 2000 and relevant rules. It does not require physical or digital signatures and is valid in electronic form. The policy applies across our digital interfaces and, where non-digital interactions are digitised, to those records. We stand behind the promises in this policy and will not materially change practices to make them less protective of personal data already collected without obtaining your consent where required.

1.4.  If you do not agree with any provision of this Privacy Policy, please do not use or access our website or mobile application. You may still contact us to ask questions or exercise rights, and we will respond within applicable timelines. We encourage you to review this policy periodically as our business evolves and updates may be published.

2.  Scope and Applicability

2.1.  This Privacy Policy applies to your interactions with Aadai when you browse our website, mobile app, social media platforms, create an account, place orders, engage with customer service by email, chat or phone, visit any physical premises we may operate, or otherwise provide personal data to us in digital form or in non-digital form that we subsequently digitise. The policy covers customer, visitor and account holder data processed in connection with the provision of our apparel e-commerce services. It also applies to technical data generated by your use of our services.

2.2.  This Privacy Policy should be read together with our Terms and Conditions and other website policies. Those policies provide further information on consumer rights, returns and refunds, delivery, and complaint ticketing. In case of inconsistency, the more protective provision for personal data will prevail where allowed by law. We aim for harmonised disclosures across policies.

2.3.  Notices and requests described in this Privacy Policy can be accessed in English and, upon request, in any language specified in the Eighth Schedule to the Constitution of India. We provide consent requests and rights interfaces in clear and plain language. Where accessibility adjustments are needed, we will make reasonable efforts to provide suitable formats.

2.4.  This Privacy Policy applies regardless of whether you access our services via desktop browsers, mobile browsers or the Aadai mobile app. Where third-party websites or services are linked from our website, their privacy practices are governed by their own policies, and we encourage you to review those notices before sharing data with them.

3.  Personal Data We Collect

3.1.  We collect personal data that you provide to us directly. When you register or transact, you provide identifiers and contact details such as your name, email address, phone number and postal, billing or shipping addresses. If you create an account, you provide a username and password. When you communicate with us, you may share additional information including preferences, queries and feedback. We collect data that allow us to respond to your requests and deliver services.

3.2.  We collect transaction-related information generated by your purchases and account activity. This includes products viewed and purchased, order dates and values, delivery address and shipping status, returns or cancellations and related communications. We receive updated delivery and address information from carriers to maintain accurate records and ensure timely fulfilment. These records support customer service, legal compliance and accounting.

3.3.  We collect technical and usage information generated by your interactions with our website. This includes IP address, device and browser types, operating system, pages visited, time spent, links clicked, referral sources, on-site search queries and diagnostics. We use cookies, web beacons, SDKs and similar technologies to recognise repeat visits, understand navigation, tailor content and offers to your interests, and measure advertising effectiveness. These technologies help us improve performance and features.

3.4.  We process payment information through approved payment gateway providers. You authorise processing of payment details by our payment gateway providers, and we do not store your full card numbers. We receive confirmations that allow us to reconcile payments and orders, detect fraud, and provide customer support. Where regulatory compliance requires retention of certain financial records, we retain those records for the legally required periods.

3.5.  If you connect via social login or authorise third-party integrations, we process social media identifiers or tokens necessary to enable the connection. We process testimonials, ratings and reviews you submit, with the ability to reproduce and publish edited or paraphrased versions on our website or official social media channels in accordance with this Privacy Policy. If you have concerns about such reproduction or publication, you may contact us to object, and we will consider your request.

4.  Purposes of Processing 

4.1.  We process personal data to take and fulfil orders, deliver products, provide services, process payments and communicate order confirmations, invoices, shipment updates and customer support. Processing for these purposes enables core website functions and performance of our obligations to you. Without such processing, we cannot provide the requested services.

4.2.  We process personal data to improve products, services, the performance and usability of our website, personalise your experience and recommend products based on your interactions and preferences. We provide tailored content across our website, app and communications to make browsing and purchasing more relevant and convenient.

4.3.  Where you have consented, we process personal data to send marketing communications, newsletters, push notifications and surveys. We seek your clear affirmative consent for marketing where mandated and offer easy ways to opt out at any time. Our marketing seeks to be respectful and frequency-capped to avoid intrusion.

5.  Legal Bases: Consent and Legitimate Uses

5.1.  Our processing is based on consent or certain legitimate uses recognised by law. Where consent is required, we present requests in clear and plain language and obtain consent through a clear affirmative action for specified purposes. Consent is limited to data necessary for those purposes, and we record the fact of consent to demonstrate compliance.

5.2.  You may withdraw consent at any time, and the ease of withdrawal will be comparable to the ease of granting consent. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. We may retain or continue processing where required by law or where processing is necessary to complete transactions already placed and paid for. We will cease processing for marketing upon withdrawal.

5.3.  We also process personal data for legitimate uses such as communicating receipts where you have voluntarily provided data and requested such communications, complying with legal obligations and responding to orders of courts or authorities, taking measures to address fraud and security risks, and processing personal data for employment-related purposes for our employees. These uses are limited to what is necessary and proportionate.

5.4.  When consent is the basis for processing and a question arises, we will be able to demonstrate that we provided notice and obtained consent in accordance with law. We design consent flows that are unambiguous and avoid bundled or coercive choices. We also offer notices and consent requests in English and, upon request, in Eighth Schedule languages.

6.  Sharing and Disclosure

6.1.  We share personal data with trusted service providers acting as data processors under valid contracts to perform functions on our behalf. These functions include payment processing and settlement, logistics and delivery, customer service, IT hosting and support, analytics, marketing assistance, and fraud prevention. Processors are given access to personal data necessary to perform their functions and must not use it for other purposes.

6.2.  We share personal data with our affiliates where needed to operate our services in India and support our business, subject to appropriate safeguards. Inter-affiliate sharing is limited to operational needs and is governed by agreements that protect personal data in line with this policy. We implement technical and organisational measures to maintain confidentiality and integrity.

6.3.  We disclose personal data where we are required to do so by law, to comply with orders of courts or authorities, to enforce our terms, and to protect our rights, customers or the public. This may include exchanging information for fraud protection and credit risk reduction with legitimate partners. We carefully review legal requests and respond in accordance with applicable law and due process.

6.4.  In the event of a business reorganisation or a sale of assets, customer information may be transferred as part of the transaction. Previously collected personal data remains protected in accordance with the promises set out in this Privacy Policy unless you consent to different processing by the new entity. We will endeavour to require the transferee to honour equivalent protections.

6.5.  We do not rent or sell your personal data. Where testimonials, reviews or user-generated content are published, we take care to avoid exposing sensitive information and provide ways to correct or remove content within reasonable limits.

7.  Cookies, SDKs and Device Permissions

7.1.  Please refer to the Cookies policy here.

8.  Security and Personal Data Breach Intimation

8.1.  We are committed to protecting personal data in our possession or under our control. We use encryption protocols during transmission to help protect confidentiality. When handling payment card data we follow payment industry security standards through approved payment gateways. We maintain physical, electronic and procedural safeguards proportionate to risk.

8.2.  We implement access controls, monitoring and staff training to reduce the likelihood of unauthorised access, disclosure or loss. We may occasionally request proof of identity before disclosing personal information or fulfilling rights requests. We periodically review and improve our safeguards to align with evolving threats and best practice.

8.3.  We take reasonable security safeguards to prevent personal data breaches and we implement measures to ensure effective observance of applicable law. If a personal data breach occurs, we will intimate the Data Protection Board of India and affected Data Principals in the form and manner prescribed, and we will take urgent remedial or mitigation measures. We will document incidents and our response actions.

8.4.  It remains important that you protect against unauthorised access to your devices, applications and passwords, and sign off when using shared devices. We encourage the use of strong authentication, updated software and caution when sharing credentials.

9.  Data Retention and Erasure

9.1.  We retain personal data only for as long as necessary to serve the specified purposes or to comply with laws in force. Retention periods vary based on the type of data, legal requirements and operational needs. We design retention schedules that balance utility with minimisation.

9.2.  Where law requires retention, such as for accounting or tax records, we retain data for the legally required period and erase afterwards. We periodically review retained data to ensure continued necessity and compliance with our schedules.

10.  Cross-Border Transfers

10.1.  We may transfer, store or process personal data outside India to provide services, operate our website and engage processors and affiliates. Transfers are conducted with appropriate contractual and technical safeguards. We seek to ensure that personal data processed outside India is afforded protection consistent with this Privacy Policy and Indian law where applicable.

10.2.  Such transfers are subject to compliance with applicable laws and any restrictions notified by the Central Government. We monitor notifications that may restrict transfers to specific countries or territories and adapt routing or localisation accordingly.

11.  Changes to this Policy

11.1.  We provide notice of changes by updating the “Last Updated” date at the top of this Privacy Policy. Our business evolves and we will update this Privacy Policy accordingly. Unless stated otherwise, the current version applies to all information we have about you and your account.

11.2.  We will not materially change practices to make them less protective of personal data already collected without obtaining your consent where required. Where changes affect your rights or choices materially, we will provide prominent notice and, where appropriate, seek renewed consent.

12.  Contact and Grievance Redressal

12.1.  If you have queries about this Privacy Policy, wish to exercise your rights or wish to lodge a privacy grievance, you can contact our privacy team at care@aadai.com. The name and contact details of our Grievance Officer is provided below.

Name  : Pavithra Ramesh

Designation  : Grievance Officer

Email  : pavithra.ramesh@aadai.com

Postal Address  : 942, Krisp IT Park,Vandalur-Kelambakkam Road, Kizhakottaiyur Village, Melakkottaiyur, Kanchipuram, Chengalpattu, Tamil Nadu, India, 600127

Hours  : 9am - 5pm IST

12.2.  For privacy grievances, we will acknowledge within twenty-four hours and seek to resolve within fifteen days. For consumer complaints unrelated to privacy, we will acknowledge within forty-eight hours and seek to resolve within one month in line with our Customer Grievance Policy. We also publish our legal name and registered office and principal geographic addresses on our website together with customer care email and phone numbers.

12.3.  When contacting us, please include sufficient details to help us identify you and locate relevant records. We will guide you through verification and next steps and keep you informed of progress. If you remain dissatisfied after our final response, you may escalate to the Data Protection Board of India as permitted by law.

13.  Acceptance and Effective Date

13.1.  By continuing to use our website after updates, you accept the terms of the revised Privacy Policy. Acceptance is recorded when you use core services after notice. If you do not accept the revised policy, please discontinue use and contact us to understand your options.

13.2.  This Privacy Policy is effective from the “Last Updated” date indicated above. Prior versions, where applicable, are available upon request. We retain records of material changes for accountability.