Privacy, plainly.

ZIVAYU (“we”, “us”, “our”) is a direct-to-consumer organic food and Ayurvedic wellness brand operated from Indore, Madhya Pradesh, India. This Privacy Policy explains what information we collect when you visit zivayu.com, place an order, or contact us — and what we do with it.

By using our website or services, you agree to the practices described here. If any part feels unclear, write to us at care@zivayu.com.

We only ask for what we need to run the store and reach you honestly.

• Account information: name, email, phone number, and an encrypted password when you sign up.
• Order & shipping details: delivery address, contact number, order history, and any notes you add at checkout.
• Payment data: processed directly by Razorpay — we never see or store your card number, UPI PIN, or banking credentials. We only receive a success/failure signal and a payment reference ID.
• Browsing data: pages visited, device type, approximate location (from IP), and referral source, via standard cookies and analytics.
• Communications: messages you send via email, WhatsApp, or our contact form.

• Fulfilling your orders and keeping you updated on delivery.
• Providing customer support and responding to your messages.
• Sending occasional emails about new batches, restocks, and recipes — only if you opt in.
• Improving the website, detecting fraud, and keeping accounts secure.
• Meeting legal obligations (invoices, tax records, FSSAI documentation).

We do not use your data for automated decisions that materially affect you.

We do not sell your personal data. We share it only with trusted service providers who help us run the business:

• Razorpay — payment processing.
• Shipping partners (e.g., Delhivery, Shiprocket) — for delivery.
• Cloudinary — to host product and order-related media.
• Resend — to send transactional and marketing emails.
• Upstash — rate limiting and caching.
• MongoDB Atlas — to store your account and order records.

Each partner is bound by their own data protection obligations. We may also disclose information if required by law, a court order, or to protect the rights and safety of ZIVAYU and our customers.

We use essential cookies to keep you signed in and to remember your cart. We also use basic analytics cookies to understand which pages people find useful. You can clear or block cookies in your browser at any time — the site will still work, though you may need to sign in more often.

Account data is kept as long as your account is active. Order and invoice records are retained for at least eight years to meet Indian tax and accounting requirements. You can request deletion of your account at any time — see your rights below.

Under the Digital Personal Data Protection Act, 2023 (India) and applicable law, you can ask us to:

• Access the personal data we hold about you.
• Correct inaccurate or outdated information.
• Delete your account and associated personal data (subject to legal retention).
• Withdraw consent for marketing communications.
• Raise a grievance with our Grievance Officer.

Email care@zivayu.com and we will respond within 30 days.

Our store is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has shared data with us, write to us and we will remove it.

We take reasonable technical and organisational steps to protect your data:

• Passwords are hashed with bcrypt — we never see them in plain text.
• Sessions are protected with signed JWTs and HTTP-only cookies.
• Rate limiting via Upstash protects sensitive endpoints from abuse.
• TLS encryption for all traffic between your device and our servers.

No system is perfectly secure, so we encourage you to use a strong, unique password and tell us promptly if you suspect unauthorised access.

We may update this policy as our services evolve or the law changes. The “last updated” date at the top always reflects the current version. Significant changes will be highlighted by email or a notice on the site.

Questions, concerns, or requests about your data? The fastest way is email — a human on our team will reply, usually within a day.