Privacy policy

This Privacy Policy explains how Traya Dairy Private Limited ("Traya Dairy", "We", "Us") collects, uses, stores, shares, and protects your personal data when you use our website, WhatsApp Business channel, or purchase our products. It has been prepared in compliance with the Digital Personal Data Protection Act 2023 ("DPDP Act"), the Information Technology Act 2000 (and Reasonable Security Practices Rules 2011), and applicable guidelines of the Reserve Bank of India for payment data.

1. Data Fiduciary Identity

For the purposes of the DPDP Act 2023, Traya Dairy Private Limited is the Data Fiduciary responsible for determining the purposes and means of processing your personal data.

Data Fiduciary: Traya Dairy Private Limited

Data Protection Contact: privacy@trayadairy.com

Grievance Officer: grievance@trayadairy.com

2. Personal Data We Collect

2.1 Information you provide directly

Identity data: full name, date of birth (for age verification, optional)

Contact data: email address, mobile number, WhatsApp number, shipping and billing address, pin code

Order data: products ordered, order history, preferences, gift messages

Payment data: transaction details (card/UPI details are processed directly by our payment gateway and are not stored by Traya Dairy)

Communication data: messages, emails, WhatsApp chats, customer support tickets, reviews, and product feedback

2.2 Information collected automatically

Device and technical data: IP address, browser type and version, device identifier, operating system, screen resolution, referring URL

Usage data: pages viewed, time spent, click patterns, cart additions, checkout behaviour, search queries

Cookies and similar technologies: as detailed in our Cookie Policy

Location data: approximate location derived from IP address or pin code entered at checkout (we do not collect precise GPS location)

2.3 Information from third parties

Delivery confirmation and tracking data from logistics partners

Payment confirmation and fraud-check data from payment gateways

Engagement data from Meta/WhatsApp when you initiate a conversation or click a WhatsApp Business ad

3. Purposes & Legal Basis for Processing

Under the DPDP Act, we process personal data based on your consent or for legitimate uses, for the following purposes:

4. Sharing & Disclosure of Personal Data

We do NOT sell your personal data. We share limited personal data with the following categories of recipients (Data Processors) strictly for the purposes listed above, and under written contracts that require them to protect your data:

5. Cross-Border Data Transfers

Some of our service providers (e.g., Shopify, Google, Meta, AWS) may store or process personal data on servers located outside India. Such transfers are carried out only to jurisdictions not restricted by the Government of India under Section 16 of the DPDP Act 2023, and under appropriate contractual safeguards including standard data protection clauses.

6. Data Retention

Order and transaction records: retained for 8 years from the end of the financial year, as required under the Companies Act 2013, GST law, and Income Tax Act 1961.

Account and profile data: retained as long as your account is active, plus 2 years after last activity, unless you request earlier deletion.

Marketing preferences and consent records: retained until you withdraw consent, plus audit logs for 3 years.

Customer support communications: retained for 3 years from the date of resolution.

Cookies and analytics data: retained as per cookie lifespans disclosed in the Cookie Policy.

Payment data: not retained by Traya Dairy; stored by the payment gateway per PCI-DSS and RBI norms.

7. Your Rights under the DPDP Act 2023

As a Data Principal, you have the following rights, which you may exercise by writing to privacy@trayadairy.com or our Grievance Officer:

Right to information: Obtain a summary of the personal data being processed, the processing activities, and the identities of other Data Fiduciaries with whom it has been shared.

Right to correction and erasure: Request correction of inaccurate or incomplete data, or erasure of personal data that is no longer necessary for the purpose for which it was collected.

Right to grievance redressal: Readily available means to register complaints regarding the processing of your data.

Right to nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.

Right to withdraw consent: Withdraw any consent previously given, at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Right to opt out of marketing: Unsubscribe from marketing emails, SMS, or WhatsApp messages by replying STOP, clicking the unsubscribe link, or emailing us.

We will respond to verified requests within 30 days. If we are unable to fulfil a request (for example, where we are required to retain data for legal compliance), we will explain our reasons.

8. Children’s Data

Our services are not directed at children below 18 years of age. We do not knowingly collect personal data from children without verifiable consent of their parent or lawful guardian, as required by Section 9 of the DPDP Act 2023. If you believe we have inadvertently collected such data, please contact us for immediate deletion.

9. Data Security

We implement reasonable security safeguards to protect your personal data, including:

TLS/SSL encryption for all data in transit

Role-based access controls for staff; access on a need-to-know basis

PCI-DSS compliant payment processing (via gateway partners)

Periodic security reviews and vulnerability assessments

Data breach response procedure including notification to the Data Protection Board of India and affected Data Principals, as required under the DPDP Act

Confidentiality agreements with employees, vendors, and contractors

10. Changes to this Privacy Policy

We may update this Privacy Policy periodically. Material changes will be notified by email, WhatsApp, or a prominent notice on our website. The "Last Updated" date at the top of this document reflects the most recent revision.