Privacy Policy

Last updated: June 2026

Overview

This Privacy Policy explains how Broshoes Atelier collects, uses, stores, and protects personal information when customers browse the storefront, create an account, place an order, contact support, or interact with features such as cart recovery, address saving, and payment verification.

We believe privacy information should be understandable before checkout, not hidden behind technical language.

Information We Collect

Depending on how you use the storefront, we may collect the following categories of information.

Account and identity details

• full name
• email address
• phone number
• account profile information

Order and delivery details

• billing and shipping address
• pincode and delivery city/state
• saved address preferences
• product selections, quantities, and order history

Payment-related details

We do not store full card details on our own systems.

However, we may store or receive limited payment-related records such as:

• payment provider references
• transaction status
• masked payment method descriptors
• payment attempt records
• COD advance amount and remaining balance details where applicable

Technical and usage information

• device and browser characteristics
• session details
• approximate IP-based usage information
• page interaction and storefront analytics
• cookie and local-session data for cart and sign-in continuity

How We Use Personal Information

We use personal information only where it serves a genuine operational purpose, such as:

• processing orders and arranging fulfilment
• verifying payment outcomes
• recovering interrupted checkouts after slow or unstable network events
• storing saved addresses for signed-in customers
• sending order confirmations, support replies, and operational updates
• preventing fraud, abuse, duplicate checkout issues, or payment misuse
• improving the site, navigation flow, and checkout experience

How Checkout and Payment Data Is Used

When a customer begins checkout, certain order and delivery details may be used to create and verify a payment session.

This can include:

• customer name
• email address
• phone number
• shipping city and pincode
• cart summary
• payment attempt status

For prepaid orders, the full amount may be verified and stored with the order record.

For COD-enabled orders, a booking or advance amount may be collected online and stored alongside the remaining amount due at delivery.

Payment Recovery and Verification

To reduce loss caused by slow networks, browser crashes, or incomplete frontend confirmation states, we may temporarily store payment attempt information so that paid orders can still be recovered and finalised correctly from verified server-side records.

This may include:

• provider order id
• provider payment id
• payment signature
• payment status
• limited payload data returned by the payment gateway

We use this information to prevent duplicate charges, reduce support disputes, and make sure genuine successful payments are not missed because of temporary client-side interruptions.

Cookies, Session Storage, and Similar Tools

We use cookies and session-based storage to support a functioning storefront experience.

Examples include:

• keeping cart contents available between pages
• remembering session state during checkout
• restoring interrupted payment flows
• storing authenticated customer context
• understanding site performance and navigation patterns

For more detail, please see our Cookie Policy.

Legal Basis and Operational Need

Where applicable, we process personal information because it is necessary to:

• provide the services you requested
• complete a purchase or support interaction
• protect the site against fraud or abuse
• comply with bookkeeping, tax, operational, or legal obligations
• improve the reliability and safety of the checkout experience

Third Parties and Service Providers

We may share necessary information with trusted service providers only to the extent needed for store operations.

These may include:

• Razorpay for payment collection and verification
• Supabase for authentication, storage, and database-backed order/account systems
• Vercel or similar infrastructure providers for hosting, performance, and operational delivery
• courier or fulfilment partners for shipping and delivery

We do not sell personal information to third-party advertisers.

Data Retention

We retain personal information only for as long as reasonably necessary for:

• fulfilment and delivery records
• customer support history
• fraud review and payment reconciliation
• operational reporting
• legal, tax, accounting, or compliance obligations

Retention periods may differ depending on whether the information relates to an account profile, payment attempt, completed order, cancelled order, or support request.

Security Measures

We take reasonable steps to protect personal information using technical and operational safeguards, which may include:

• access control for admin-only records
• secure infrastructure and managed database environments
• third-party hosted payment collection rather than direct card storage
• server-side verification for critical payment events
• storage separation between public storefront data and restricted operational records

No internet-based system can be guaranteed to be fully secure at all times, but we aim to minimise unnecessary exposure and keep sensitive operational access restricted.

Customer Rights and Choices

Customers may contact us to request:

• access to the personal information we hold about them
• correction of inaccurate information
• deletion of certain information, where legally and operationally permissible
• clarification of how order or payment data has been recorded

In some cases, we may need to retain limited records even after a deletion request, especially where required for fraud prevention, accounting, dispute handling, or legal obligations.

Minors

The storefront is not intended for use by children who are not legally capable of entering into a purchase transaction. We do not knowingly collect personal information from minors in a way that is inconsistent with applicable law.

Cross-Platform Links

The site may contain links to external services such as payment gateways, social media profiles, or operational providers. Their data handling practices are governed by their own policies.

Changes To This Policy

We may revise this Privacy Policy to reflect changes in operations, payment handling, technical infrastructure, legal obligations, or customer rights practices.

The latest version posted on this page will replace earlier versions from the published revision date.

Contact

If you have privacy-related questions, contact:

Broshoes Atelier
Email: atelier@broshoes.in