Privacy policy

Privacy Policy - Gruhome

Last Updated: July 17, 2025

Introduction

At Gruhome, operated by Incart India, a sole proprietorship registered in India with Goods and Services Tax Identification Number (GSTIN) 07AFIPJ0387A1ZS and Permanent Account Number (PAN) AFIPJ0387A, located at 6 Bharti Artist Colony Road, Preet Vihar, Vikas Marg, Delhi, DL, 110092, India, we prioritize your privacy and are committed to transparency in handling your personal information. Incart India owns the trademark for Gruhome and operates this online store and website, including all related content, features, tools, products, and services (collectively, the “Services”), powered by Shopify Inc. This Privacy Policy governs how we collect, use, disclose, store, and protect your personal information when you interact with our Services, whether through our website, mobile applications, or other channels.

This Privacy Policy complies with Indian laws, including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Digital Personal Data Protection Act, 2023 (once effective), Consumer Protection Act, 2019, Consumer Protection (E-Commerce) Rules, 2020, Goods and Services Tax Act, 2017, Legal Metrology Act, 2009, and Trade Marks Act, 1999, as well as international laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) where applicable. It is designed to be comprehensive, addressing all aspects of data handling, user rights, and grievance redressal, tailored to Gruhome’s operations in home furnishings, bedding, decor, and crockery, with a digital-first approach to reach customers across India and potentially globally.

By accessing or using our Services, you consent to the collection, use, disclosure, and processing of your personal information as described herein. If you do not agree, please refrain from using our Services.

Section 1 - Definitions

  • Personal Information: Any data relating to an identified or identifiable individual, including sensitive personal data (e.g., name, email, address, payment details, passwords), as defined under the Information Technology Act, 2000 and DPDP Act, 2023.

  • Sensitive Personal Data or Information (SPDI): Includes passwords, financial information, biometric data, or other categories specified under the Information Technology (Reasonable Security Practices) Rules, 2011.

  • Services: The Gruhome online store, website, mobile applications, and related content, features, tools, products, and services.

  • Data Subject: An individual whose personal information is collected, processed, or stored (i.e., you, the user).

  • Third-Party Providers: Entities such as Shopify, payment gateways, shipping carriers, or analytics providers involved in delivering the Services.

  • Cookies: Small data files stored on your device to enable functionality, analytics, or personalized marketing.

Section 2 - Information We Collect

We collect personal information to provide, manage, and enhance our Services, ensuring a seamless and personalized experience for purchasing home furnishings, bedding, decor, and crockery. The types of information we collect include:

  1. Information You Provide:

    • Account Creation: Full name, email address, password, billing and shipping addresses, phone number, and preferences when registering or updating your account.

    • Order Information: Product selections (e.g., furniture, textiles, crockery), quantities, payment details (e.g., credit/debit card numbers, UPI IDs, bank account details), delivery instructions, and billing/shipping addresses during checkout.

    • Feedback and Communications: Reviews, ratings, inquiries, complaints, or other content submitted via the Services, email (hello@gruhome.in), social media (e.g., Instagram, WhatsApp), or customer support channels.

    • Grievance Submissions: Information provided when contacting our Grievance Officer for data-related or service-related issues.

    • Promotional Interactions: Responses to surveys, contests, or promotional campaigns (e.g., open-box item discounts at 15%, as discussed on May 17, 2025).

  2. Automatically Collected Information:

    • Usage Data: IP address, browser type/version, operating system, device identifiers, pages visited, time spent, clickstream data, and referral URLs, collected via cookies, web beacons, or analytics tools.

    • Transaction Data: Order history, payment status, delivery tracking, and return/refund details.

    • Geolocation Data: Approximate location derived from IP address, shipping details, or device settings to facilitate regional deliveries across India.

    • Behavioral Data: Browsing patterns, product preferences, and interaction history to personalize your shopping experience.

  3. Third-Party Information:

    • Platform Providers: Data from Shopify to facilitate e-commerce operations (e.g., account management, order processing).

    • Payment Processors: Transaction details from Razorpay, Paytm, or other gateways, compliant with PCI DSS standards.

    • Shipping Carriers: Delivery information from India Post, Delhivery, or others to track shipments.

    • Social Media Platforms: Data from interactions on Instagram, WhatsApp, or other platforms integrated with our Services for marketing or support.

    • Analytics Providers: Aggregated data from Google Analytics or similar tools to analyze website performance.

  4. Product-Related Data:

    • Information required for compliance with the Legal Metrology Act, 2009 and Legal Metrology (Packaged Commodities) Rules, 2011, such as product labeling details (e.g., Maximum Retail Price (MRP), net quantity, country of origin, manufacturer details) shared during purchases or displayed on product listings for items like crockery.

  5. Special Categories:

    • We do not intentionally collect sensitive data like biometric information, health data, or religious beliefs unless required for specific Services (e.g., customized furniture designs), with explicit consent per the DPDP Act, 2023.

Section 3 - How We Use Your Information

We use your personal information for legitimate business purposes, ensuring compliance with Indian and international laws. Our uses include:

  1. Service Delivery:

    • Process and fulfill orders for home furnishings, bedding, decor, and crockery, including payment processing, inventory management, and delivery coordination.

    • Create, manage, and secure user accounts to provide a seamless shopping experience.

    • Send order confirmations, shipping updates, and delivery notifications via email, SMS, or WhatsApp.

  2. Customer Support:

    • Respond to inquiries, complaints, or feedback via hello@gruhome.in, social media, or other channels.

    • Process returns, refunds, or warranty claims per our Refund Policy and the Consumer Protection Act, 2019.

    • Resolve disputes or grievances within 30 days, per the Consumer Protection (E-Commerce) Rules, 2020.

  3. Service Improvement:

    • Analyze usage data to enhance website functionality, user experience, and product offerings, supporting our digital-first approach (as discussed on May 22, 2025).

    • Personalize product recommendations, content, and promotions based on your browsing history, preferences, and order patterns for items like artisanal furniture or textiles.

    • Optimize delivery and marketing strategies to reach customers across India.

  4. Marketing and Promotions:

    • Send promotional emails, newsletters, or SMS about new products, discounts (e.g., 15% on open-box items), or campaigns with your consent, per the Consumer Protection (E-Commerce) Rules, 2020.

    • Conduct targeted advertising on social media platforms like Instagram or WhatsApp, respecting your opt-out preferences.

    • Run surveys, contests, or loyalty programs to engage customers and gather feedback on our artisanal and luxury products.

  5. Legal and Regulatory Compliance:

    • Maintain transaction records for GST compliance under the Goods and Services Tax Act, 2017, including issuing invoices with HSN codes and our GSTIN (07AFIPJ0387A1ZS).

    • Provide mandatory product labeling information (e.g., MRP, country of origin) per the Legal Metrology Act, 2009.

    • Respond to legal requests, court orders, or government investigations (e.g., under the Income Tax Act, 1961or Information Technology Act, 2000).

    • Ensure transparency in data practices, per the Consumer Protection (E-Commerce) Rules, 2020.

  6. Security and Fraud Prevention:

    • Detect and prevent fraud, unauthorized access, or security threats using monitoring tools and secure protocols.

    • Verify payment transactions to comply with the Payment and Settlement Systems Act, 2007.

    • Implement reasonable security practices per the Information Technology (Reasonable Security Practices) Rules, 2011.

  7. Data Minimization:

    • We collect and process only the minimum personal information necessary for the intended purpose, per the DPDP Act, 2023.

    • Data is used in a lawful, fair, and transparent manner, ensuring no unnecessary processing.

  8. Storytelling and Community Engagement:

    • Use feedback and interaction data to create personalized storytelling content, aligning with Gruhome’s ethos of homes deserving love and each having a story (as discussed on May 17, 2025).

    • Support community initiatives, such as cultural events, to enhance customer engagement.

Section 4 - How We Share Your Information

We share your personal information only as necessary and with appropriate safeguards:

  1. Third-Party Providers:

    • Shopify Inc.: Processes data to power our e-commerce platform, including account management, order processing, and website hosting, per Shopify’s Consumer Privacy Policy.

    • Payment Gateways: Razorpay, Paytm, or other processors handle payments, ensuring PCI DSS compliance.

    • Shipping Carriers: India Post, Delhivery, or others receive shipping details to deliver products and provide tracking.

    • Analytics Providers: Google Analytics or similar tools analyze aggregated usage data to improve Services.

    • Marketing Partners: Social media platforms (e.g., Instagram, WhatsApp) or email marketing tools deliver targeted promotions with your consent.

  2. Vendors and Suppliers:

    • Share limited data (e.g., shipping addresses, order details) with vendors to fulfill orders for products like home furnishings, bedding, decor, or crockery.

    • Vendors are contractually obligated to comply with Bureau of Indian Standards (BIS), Food Safety and Standards Authority of India (FSSAI) (for crockery), and data protection laws.

  3. Legal and Regulatory Authorities:

    • Disclose information to comply with legal obligations, court orders, or government requests (e.g., tax audits under the Goods and Services Tax Act, 2017).

    • Share data with law enforcement for fraud or security investigations, per the Information Technology Act, 2000.

  4. Business Transfers:

    • In the event of a merger, acquisition, or sale of Incart India’s assets, we may transfer data to the acquiring entity, with notice to you where required by the DPDP Act, 2023.

  5. International Data Transfers:

    • Data may be transferred to countries like the United States (via Shopify) or others, with safeguards like standard contractual clauses, per the DPDP Act, 2023 and GDPR.

    • We ensure recipient countries maintain adequate data protection standards.

  6. Aggregated or Anonymized Data:

    • We may share anonymized or aggregated data (e.g., website traffic statistics, product preferences) with partners for analytics or marketing, ensuring no individual identification.

Section 5 - Data Retention

  • Retention Periods:

    • Personal information is retained only as long as necessary for the purposes outlined or as required by law (e.g., GST records for 7 years under the Goods and Services Tax Act, 2017).

    • Account information is retained until you delete your account or request deletion, subject to legal obligations.

    • Usage and analytics data (e.g., Google Analytics) is retained for up to 26 months, per industry standards.

    • Feedback or reviews may be retained indefinitely for business purposes (e.g., showcasing customer stories) unless you request removal.

  • Deletion Process:

    • Upon your request, we delete personal information unless required for legal compliance (e.g., tax records, dispute resolution).

    • Contact hello@gruhome.in to request deletion, with verification to protect your data.

Section 6 - Data Security

  • We implement robust security measures to protect your personal information, per the Information Technology (Reasonable Security Practices) Rules, 2011 and DPDP Act, 2023, including:

    • Encryption: SSL/TLS protocols for data transmission and encryption for payment data via PCI DSS-compliant gateways.

    • Access Controls: Restricted access to personal information, limited to authorized personnel with confidentiality obligations.

    • Regular Audits: Security assessments, penetration testing, and compliance reviews to identify and address vulnerabilities.

    • Data Backup: Secure backups to prevent data loss, with recovery procedures in place.

    • Vendor Compliance: Third-party providers (e.g., Shopify, Razorpay) are required to maintain equivalent security standards.

  • Breach Notification: In case of a data breach, we will notify you and relevant authorities as required by the DPDP Act, 2023 and GDPR, within mandated timelines.

  • Limitations: No system is entirely secure. We are not liable for unauthorized access beyond our reasonable control.

Section 7 - Your Rights

You have the following rights regarding your personal information, subject to applicable laws:

  1. Indian Residents (per DPDP Act, 2023, once effective):

    • Access: Request details of your personal information, including categories, purposes, and recipients of processing.

    • Correction: Request correction of inaccurate or incomplete data.

    • Deletion: Request deletion of your data, subject to legal retention requirements (e.g., GST records).

    • Nominee: Appoint a nominee to manage your data in case of incapacity or death.

    • Objection: Object to processing for marketing or other purposes, where applicable.

    • Grievance Redressal: Contact our Grievance Officer for complaints or data-related issues.

  2. GDPR (EU Residents):

    • Rights to access, rectify, erase, restrict processing, data portability, and object to processing (e.g., automated decision-making, profiling).

    • Lodge complaints with a supervisory authority in your EU member state.

  3. CCPA (California Residents):

    • Rights to know what personal information is collected, used, or sold, and to whom.

    • Right to delete personal information, subject to exceptions.

    • Right to opt-out of the sale of personal information (note: we do not sell personal information).

    • Non-discrimination for exercising rights.

  4. Exercising Rights:

    • Submit requests to hello@gruhome.in. We will respond within 30 days, per the Consumer Protection (E-Commerce) Rules, 2020 and DPDP Act, 2023.

    • Verification (e.g., email confirmation, ID proof) may be required to protect your data.

    • For GDPR/CCPA requests, we comply with respective timelines (e.g., 30 days for GDPR, 45 days for CCPA).

Section 8 - Cookies and Tracking Technologies

  1. Types of Cookies:

    • Essential Cookies: Enable core functionality (e.g., account login, checkout, cart management for furniture or crockery purchases).

    • Analytics Cookies: Track usage patterns (e.g., Google Analytics) to improve website performance and user experience.

    • Marketing Cookies: Deliver personalized ads or promotions based on your interests in home decor or textiles.

    • Functional Cookies: Enhance features like language preferences or saved settings.

  2. Consent and Management:

    • We obtain explicit consent for non-essential cookies, per the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and GDPR.

    • Manage preferences via our website’s cookie banner or settings page during your shopping experience.

    • You may disable cookies via browser settings, but this may affect functionality (e.g., inability to complete checkout).

  3. Third-Party Cookies:

    • Third-party providers (e.g., Shopify, Google) may set cookies for analytics or advertising, subject to their privacy policies.

    • Review third-party policies for opt-out options (e.g., Google’s opt-out tool).

Section 9 - Third-Party Links

  • Our Services may include links to third-party websites or platforms (e.g., Instagram, WhatsApp, payment gateways).

  • We are not responsible for their privacy practices, security, or content. Review their policies before sharing information.

  • Complaints about third-party services should be directed to the respective provider.

Section 10 - International Users

  • If you access our Services from outside India, your personal information may be transferred to countries like the United States (via Shopify) or others for processing, supporting our goal of global reach (as discussed on May 22, 2025).

  • We implement safeguards (e.g., standard contractual clauses, adequacy assessments) to ensure compliance with the DPDP Act, 2023, GDPR, and other applicable laws.

  • You are responsible for complying with local data protection laws in your jurisdiction.

Section 11 - Accessibility

  • We are committed to making our Services accessible to all users, including those with disabilities, per the Rights of Persons with Disabilities Act, 2016.

  • Features like screen reader compatibility and adjustable text sizes are implemented or planned (e.g., during website redesign).

  • Contact hello@gruhome.in for accessibility assistance or accommodations.

Section 12 - Children’s Privacy

  • Our Services are not directed to individuals under 19 (per the Indian Majority Act, 1875).

  • We do not knowingly collect personal information from minors without verifiable parental consent, per the DPDP Act, 2023.

  • If we discover a minor’s data has been collected without consent, we will delete it promptly. Contact hello@gruhome.in to report such cases.

Section 13 - Vendor Data Management

  • We work with vendors and suppliers to source products (e.g., home furnishings, bedding, decor, crockery), sharing limited data (e.g., shipping details, order quantities) to fulfill orders.

  • Vendors are contractually bound to comply with BIS, FSSAI (for crockery), and data protection laws, ensuring secure handling of shared data.

  • We conduct periodic audits of vendor data practices to maintain compliance with the DPDP Act, 2023.

Section 14 - Marketing Opt-Out

  • You may opt-out of marketing communications (e.g., emails, SMS, WhatsApp messages about new decor collections or discounts) at any time by:

    • Clicking “unsubscribe” in promotional emails.

    • Contacting hello@gruhome.in to update preferences.

    • Adjusting settings in your account or via our website.

  • Opting out of marketing does not affect transactional communications (e.g., order confirmations, shipping updates).

Section 15 - Compliance Audits

  • We conduct regular audits of our data practices to ensure compliance with the Information Technology Act, 2000, DPDP Act, 2023, and Consumer Protection (E-Commerce) Rules, 2020.

  • Audits include reviewing data collection, storage, sharing, and security processes, as well as third-party provider compliance.

  • We maintain records of compliance activities, available for inspection by regulatory authorities if required.

Section 16 - Data Breach Response

  • In the event of a data breach, we follow a structured response process:

    • Assessment: Identify the scope and impact of the breach.

    • Notification: Inform affected users and authorities (e.g., Data Protection Authority of India, once established) within 72 hours, per the DPDP Act, 2023 and GDPR.

    • Mitigation: Implement measures to contain and prevent further breaches.

    • Communication: Provide guidance to users on protecting their data (e.g., changing passwords).

  • Contact hello@gruhome.in for breach-related inquiries.

Section 17 - Grievance Redressal

  • Per the Consumer Protection (E-Commerce) Rules, 2020 and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our Grievance Officer is:

    • Email: hello@gruhome.in

    • Address: Incart India, 6 Bharti Artist Colony Road, Preet Vihar, Vikas Marg, Delhi, DL, 110092, India

  • Submit complaints about data practices, Services, or privacy concerns. We will respond within 30 days, as required.

  • Escalate unresolved issues to consumer forums or the Online Dispute Resolution (ODR) platform under the Consumer Protection Act, 2019.

Section 18 - Changes to Privacy Policy

  • We may update this Privacy Policy to reflect changes in our practices, Services, or legal requirements.

  • Updates will be posted with a revised “Last Updated” date. Material changes will be notified via email, website banner, or other channels, per the Consumer Protection (E-Commerce) Rules, 2020.

  • Continued use of the Services after changes constitutes acceptance. Review this policy periodically.

Section 19 - Contact Information

For questions, complaints, or to exercise your rights, contact:

  • Email: hello@gruhome.in

  • Address: Incart India, 6 Bharti Artist Colony Road, Preet Vihar, Vikas Marg, Delhi, DL, 110092, India

  • Phone: Available upon request via email

  • GSTIN: 07AFIPJ0387A1ZS

  • PAN: AFIPJ0387A

  • Trade Name: Incart India, operating as Gruhome

Additional policies (e.g., Terms of Service, Refund Policy, Shipping Policy) are available on our website.