Legal
Privacy Policy
Effective Date: 1 July 2025 | Last Updated: 1 July 2025
Naari Living Technologies LLP ("Company", "we", "our", or "us"), registered at Flat No. 606, Block B, Vimal Shyam Vihar, Pundag, Ranchi, Jharkhand – 834004, India, operates the Naari Sutra website (naarisutra.in) and its family of products, including CookSorted, LookSorted, GlowSorted and HomeSorted (together, the "Services"). We are committed to protecting the privacy of our users ("you" or "your") in accordance with: the Digital Personal Data Protection Act, 2023 (DPDPA); the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and the Consumer Protection Act, 2019. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights as a Data Principal under Indian law.
1. Personal Data We Collect
We collect the following categories of personal data when you use the Services:
Account & Identity Data
- Full name
- Email address
- Mobile phone number
- Profile photograph (optional)
Waitlist, Newsletter & Contact Data
- Email address and optional name submitted when you join a product waitlist or subscribe to our newsletter
- Name, email, message and optional LinkedIn profile submitted through our contact form
Location Data
- Approximate or precise device location (with your permission), used to suggest locally relevant recommendations and options.
Payment & Financial Data
- Subscription plan details
- Transaction identifiers generated by our payment gateway
We do not store your full card number, CVV, or banking credentials. All payment processing is handled by our payment gateway partners (Razorpay / PayU / Stripe) under their own PCI-DSS compliant environments.
Device & Usage Data
- Device type, operating system, and app/browser version
- IP address and approximate location derived from IP
- In-app and on-site interaction data, pages viewed, and features used (via Google Analytics / Firebase Analytics)
- Push notification tokens (via Firebase Cloud Messaging / OneSignal)
Data You Provide Voluntarily
- Preferences, routines, and custom plans you create within the Services
- Feedback, ratings, or communications you send to us
2. Purpose of Processing
We process your personal data only for lawful purposes with your consent ("Consent") or as necessary to provide the services you have contracted for ("Legitimate Use"). The specific purposes are:
- Account creation and authentication
- Managing waitlist and newsletter sign-ups and sending you the updates you requested
- Personalising recommendations and features based on your preferences
- Processing subscription payments and sending transactional communications
- Sending push notifications about reminders, new features, or offers (you can opt out at any time)
- Analysing usage patterns to improve performance and user experience
- Complying with applicable legal obligations
- Detecting and preventing fraud, abuse, or security incidents
We will not use your data for any purpose incompatible with the purposes stated above without obtaining fresh consent.
3. How We Share Your Data
We do not sell your personal data. We may share your data with the following categories of recipients only to the extent necessary:
Service Providers
- Google LLC — Sign-In authentication and analytics (Firebase, Google Analytics). Data may be processed outside India subject to Google's adequacy safeguards
- Razorpay / PayU / Stripe — Payment processing under their own security standards
- Firebase / OneSignal — Push notification delivery
Legal and Regulatory Disclosure
- We may disclose your data to government authorities, law enforcement, or courts where required to do so by law, court order, or in response to a lawful request by public authorities.
Business Transfers
- In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections described in this Policy.
4. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
- Account data: retained for the duration of your account, plus 3 years after deletion (for legal compliance)
- Payment records: retained for 7 years as required under Indian financial regulations
- Usage and analytics data: retained for up to 26 months in aggregated or anonymised form
- Push notification tokens: retained until you opt out or uninstall the App
After the applicable retention period, data is securely deleted or anonymised.
5. Data Security
We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:
- Encryption of data in transit using TLS/HTTPS
- Access controls limiting data access to authorised personnel only
- Regular security assessments and vulnerability management
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. In the event of a personal data breach that is likely to cause harm to you, we will notify you and the relevant authorities as required under applicable Indian law.
6. Cross-Border Data Transfers
Some of our service providers (such as Google, Stripe, and OneSignal) are based outside India. Where personal data is transferred outside India, we take steps to ensure adequate protections are in place, consistent with the requirements of the Digital Personal Data Protection Act, 2023 and any rules notified thereunder by the Central Government.
7. Your Rights as a Data Principal
Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights:
Right to Access
- You have the right to obtain a summary of the personal data we hold about you and information on how it has been processed.
Right to Correction and Erasure
- You have the right to correct inaccurate or incomplete personal data and to request erasure of your data where it is no longer required for the purpose for which it was collected, subject to legal obligations.
Right to Grievance Redressal
- You have the right to have your grievances addressed in a timely and effective manner by our Grievance Officer (see Section 9).
Right to Nominate
- In the event of your death or incapacity, you have the right to nominate another individual to exercise your data rights on your behalf, as permitted under the DPDPA.
Right to Withdraw Consent
- Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. You can withdraw consent for non-essential communications (e.g., marketing notifications) at any time.
How to Exercise Your Rights
- To exercise any of the above rights, please contact our Grievance Officer at grievance.naarisutra@gmail.com. We will respond within 30 days of receiving your request.
8. Children's Privacy
The Services are intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor without verifiable parental consent, we will promptly delete such data. If you believe we have inadvertently collected data from a minor, please contact us immediately.
9. Analytics and Tracking
We use Google Analytics (Firebase) to collect aggregated, anonymised data about how users interact with the Services. This helps us improve features and fix issues. You may opt out of analytics data collection through your device or browser settings or by contacting us.
For our native mobile applications we do not use cookies in the traditional sense, but we do use device identifiers and advertising IDs in accordance with the platform's privacy guidelines. You can reset your advertising ID at any time through your Android or iOS device settings. On our website we use only essential and analytics identifiers.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via an in-app or on-site notification or by posting the updated Policy with a revised 'Last Updated' date. We encourage you to review this Policy periodically.
Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Policy.
11. Grievance Officer
In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated a Grievance Officer to address privacy-related concerns:
- Name: Ambalika Smiti
- Designation: Grievance Officer
- Email: grievance.naarisutra@gmail.com
- Organisation: Naari Living Technologies LLP
- Address: Flat No. 606, Block B, Vimal Shyam Vihar, Pundag, Ranchi, Jharkhand – 834004, India
Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt. If you are not satisfied with the resolution, you may approach the Data Protection Board of India (once established under the DPDPA) or a consumer forum under the Consumer Protection Act, 2019.
12. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Naari Living Technologies LLP
Flat No. 606, Block B, Vimal Shyam Vihar, Pundag, Ranchi, Jharkhand – 834004, India
grievance.naarisutra@gmail.com