LuxeMyHomeLuxeMyHome
0
Privacy

Privacy Policy

Last updated · May 2026

LuxeMyHome ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and what choices you have. It applies to everything you do at luxemyhome.com ("the Site"). We comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India.

1. What we collect

You give us

  • Account info — name, email, phone, password (hashed) when you create an account.
  • Order info — shipping + billing address and items in your order.
  • Communication — anything you send us via the contact form, email, or WhatsApp.
  • Marketing consent — newsletter subscription preferences.

We collect automatically

  • Device + log data — IP address (hashed for our records), browser, device type, pages visited, referrer.
  • Cookies — strictly-necessary cookies for cart and login; analytics + marketing cookies only after you click Accept on the cookie banner.

From third parties

  • Razorpay — payment status (we do not see your card or UPI details).
  • Delhivery / courier — pincode serviceability and tracking events.

2. Why we collect it (legal basis under DPDP Act)

  • Contract — to fulfil an order you placed (shipping, payment, support).
  • Legitimate use — to operate the Site, prevent fraud, comply with GST and other Indian laws.
  • Consent — newsletter, abandoned-cart reminders, analytics + marketing cookies. You can withdraw consent any time.

3. How we use it

  • Process and ship your order.
  • Send transactional emails (order confirmation, shipping notification, delivery, refund, return updates).
  • Send marketing emails if you opted in. Every marketing email has a one-click unsubscribe.
  • Comply with GST, invoice-retention, and consumer-protection law.
  • Detect and prevent fraud, secure your account (rate-limiting, lockouts).

4. Who we share it with

We share only what's needed, and only with:

  • Razorpay — for payment processing. Their privacy policy: razorpay.com/privacy.
  • Supabase — our database + auth provider (Singapore region).
  • Resend — transactional email delivery.
  • Courier partners (Delhivery / Bluedart / etc.) — your name, phone, address only.
  • Vercel — site hosting (logs only; no order data stored).
  • Government / law enforcement — only when legally required (DPDP Act §17).

We never sell or rent your data. We never share your data for third-party marketing.

5. How long we keep it

  • Orders + invoices — 8 years (GST and Companies Act retention).
  • Account data — until you delete the account, then purged within 30 days (except invoices we must keep).
  • Marketing logs — until you unsubscribe.
  • Web analytics — 14 months (Google Analytics default).

6. Your rights under DPDP Act

  • Access — request a copy of your personal data.
  • Correction — fix inaccurate data via /account or by emailing us.
  • Erasure — request deletion of your data (we will keep what we're legally required to retain).
  • Withdraw consent — for marketing, newsletters, or analytics cookies at any time.
  • Grievance — file a complaint with our Grievance Officer (below) within 7 days; we will respond within 30 days.

To exercise any of these, email info@luxemyhome.com.

7. Security

We protect your data with TLS in transit, encryption at rest (Supabase + Vercel), hashed passwords (bcrypt), rate-limited authentication, and secrets management. No system is perfectly secure; if we ever discover a breach affecting your data we will notify you and the Data Protection Board within 72 hours per DPDP Act §8(6).

8. Cookies

We use three categories of cookies. You control the optional ones via the cookie banner (footer link "Cookie settings"):

  • Strictly necessary — cart, session, CSRF. Cannot be disabled.
  • Analytics — Google Analytics 4. Off by default. Anonymises IP.
  • Marketing — Meta Pixel, retargeting. Off by default.

9. Children

Our products are for adults. We do not knowingly collect data from anyone under 18. If you believe a child has shared data with us, email info@luxemyhome.com and we will delete it.

10. Grievance Officer

Per DPDP Act §8(9) and the IT Rules 2011, the Grievance Officer for LuxeMyHome is reachable at info@luxemyhome.com. We acknowledge complaints within 48 hours and resolve them within 30 days.

11. AI-assisted features

Some site features use AI models (OpenAI or Google Gemini, configured in admin) to:

  • Semantic search — your search query (e.g. "calming candles for meditation") is sent to the AI provider to produce a 1536-dimensional vector that's matched against our product catalogue. The query is not retained beyond the request.
  • Product copy + image generation — when our team creates or refreshes a product, we send the product photo + a prompt to the AI provider. No customer data is ever included.
  • Personalized email copy — abandoned-cart reminder subject lines + opening sentences are personalised by AI based on product names in your cart. No personal identifiers are sent.
  • Review summaries — once a product has ≥10 approved reviews, the review text (already public on the site) is sent to the AI provider to produce a consensus summary.

Both providers offer enterprise data-handling — by default they do not train on our API requests. See OpenAI's API data-usage policy and Google's Gemini API terms.

12. Changes

We may update this policy from time to time; the "Last updated" date at the top reflects the most recent change. Material changes will be notified via email or a prominent site banner.