Free shipping on orders over ₹599
XYZ+
Sign Up
Back to home
Legal

Privacy Policy

Last updated: 12 Feb 2026

XYZ+ Apparel Pvt. Ltd. ("XYZ+", "we", "us", "our") respects your privacy and is committed to protecting your personal information in compliance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This Privacy Policy explains what data we collect, why we collect it, and how you can exercise your rights.

1. Information We Collect

Information you provide

  • Account: name, email address, phone number, optional gender / date of birth.
  • Order: delivery address, billing details, GSTIN (if provided for B2B invoicing).
  • Custom design uploads: artwork, logos, photographs, and other creative assets you submit.
  • Communications: messages sent via our contact form, reviews, support requests.

Information collected automatically

  • Device & browser details, IP address, approximate location.
  • Pages visited, session timestamps, referral source.
  • Cookies and similar technologies (see Cookies section below).

Information from third parties

  • Google account information (name, email, profile picture) when you sign in with Google.
  • Payment confirmation metadata from Razorpay (we do not store your card or UPI credentials).
  • Logistics tracking events from our shipping partners.

2. How We Use Your Information

  • To create and maintain your account, process orders, and provide customer support.
  • To produce custom-printed merchandise and route orders to fulfilment partners.
  • To send transactional communication (order updates, proof approvals, invoices) via email or SMS.
  • To award loyalty points, validate coupon codes, and process referral bonuses.
  • To detect, prevent and investigate fraud, abuse or unlawful activity.
  • To improve the Platform, understand usage patterns and develop new features.
  • To send promotional communication where you have opted in — you can unsubscribe at any time.

3. Legal Bases

We process your personal data on one or more of the following legal bases: (i) performance of a contract with you; (ii) compliance with a legal obligation; (iii) your explicit consent; or (iv) our legitimate interest in operating and improving the Platform, balanced against your rights.

4. Sharing of Information

We share data only with the following categories of recipients and only to the extent necessary:

  • Payment processors — Razorpay, for processing online payments and refunds.
  • Logistics partners — for shipping and last-mile delivery.
  • Email & SMS providers — for transactional and marketing communication.
  • Cloud infrastructure — for hosting, object storage, and database services.
  • Government authorities — when required by applicable law, valid court order or regulatory request.

We do not sell or rent your personal data to advertisers or third parties for their independent marketing.

5. Cookies

We use cookies and local storage to keep you logged in, remember your cart, and measure aggregate site usage. You can disable cookies in your browser, but parts of the Platform (notably checkout) may not work correctly.

6. Data Retention

We retain personal data for as long as necessary to provide the services and meet legal, tax and accounting obligations — typically seven (7) years for transaction data, in line with Indian tax law. Uploaded artwork is retained for the duration of your account plus one year, after which it may be permanently deleted.

7. Security

We follow industry-standard security measures including HTTPS encryption in transit, encrypted password storage (bcrypt), role-based access control, and routine backups. No system is perfectly secure; if a personal data breach materially affects you, we will notify you and the relevant authority within 72 hours as required by law.

8. Your Rights

Subject to applicable law, you have the right to:

  • Access a copy of your personal data.
  • Request correction of inaccurate or outdated information.
  • Request deletion ("right to be forgotten") of data we no longer need.
  • Withdraw consent for marketing communications.
  • Lodge a complaint with the Data Protection Board of India.

To exercise any of these rights, email us at privacy@xyzplus.in. We will respond within thirty (30) days.

9. Children's Privacy

The Platform is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us and we will delete it.

10. International Transfers

Some of our service providers may process data outside India. Where this occurs we ensure adequate safeguards are in place through standard contractual clauses and security commitments.

11. Changes to This Policy

We may revise this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted via email or a banner on the Platform.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and rules made thereunder, the contact details of the Grievance Officer are:

Grievance Officer — XYZ+ Apparel Pvt. Ltd.
Email: grievance@xyzplus.in
Address: Kolkata, West Bengal, India
Response timeline: within 30 days of receipt of complaint.
WhatsApp chat