Privacy Policy
Effective Date: 20 June 2026 | Version: 2.0
At JAAVYA, we engineer high-performance, clinical skincare built on the science of modern luxury. Just as our formulations are held to an uncompromising standard, so is our commitment to your privacy. This Privacy Policy governs the collection, use, storage, and protection of your personal data when you interact with our website (jaavya.com), purchase our products, or contact us in any capacity.
This Policy is issued in strict compliance with the following Indian legislation:
-
Digital Personal Data Protection Act, 2023 (DPDP Act) & DPDP Rules, 2025
-
Information Technology Act, 2000 & IT (SPDI) Rules, 2011 (applicable during transition period)
-
Consumer Protection (E-Commerce) Rules, 2020
-
Consumer Protection Act, 2019
-
Legal Metrology (Packaged Commodities) Rules, 2011
-
Income Tax Act, 1961 (for data retention obligations)
1. WHO WE ARE (DATA FIDUCIARY)
Under the DPDP Act, 2023, JAAVYA operates as the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.
Brand Name: JAAVYA
Legal Entity: Aarjav Jain (Proprietorship)
Business Address: Delhi, India
GST Registration: Trader / Dealer in Skincare & Beauty Products
Website: jaavya.com
Contact Email: care@jaavya.com
2. INFORMATION WE COLLECT
We collect only the minimum personal data necessary to serve you. We do not engage in unauthorised profiling, data resale, or hidden tracking.
A. Personal Information
Full name, delivery address, billing address, email address, and mobile number.
B. Financial Data (Sensitive Personal Data)
Payment transaction details (UPI, cards, net banking) are processed exclusively by our PCI-DSS compliant payment gateway, Razorpay. JAAVYA does not store, view, or retain raw financial credentials on our servers.
C. Technical & Usage Data
IP address, approximate geolocation, browser type, device model, operating system, session duration, pages visited, and click behaviour on jaavya.com via cookies (see Section 9).
3. HOW WE USE YOUR DATA
Your personal data is processed strictly for the following legitimate purposes under Section 4 of the DPDP Act, 2023:
-
Processing, validating, and fulfilling your orders
-
Coordinating secure delivery via logistics partners (including Amazon Easy Ship and Blue Dart)
-
Processing payments and preventing fraudulent transactions via Razorpay
-
Sending order confirmations, shipping updates, and tax invoices
-
Responding to customer support queries and formal complaints
-
Complying with Indian tax laws, financial regulations, and statutory mandates
-
Improving website performance through anonymised analytics
We do not use your data for automated behavioural profiling, targeted third-party advertising, or any purpose not listed above — without obtaining fresh, explicit consent from you.
4. LEGAL BASIS FOR PROCESSING
We process your personal data on the following lawful bases recognised by the DPDP Act, 2023:
-
Consent: You have explicitly accepted this Policy before transacting with us
-
Contractual Necessity: Processing is required to fulfil your order and deliver products to you
-
Legal Obligation: Certain records are retained as mandated by the Income Tax Act, 1961 and GST regulations
-
Legitimate Interest: Website security, fraud prevention, and service improvement
5. DISCLOSURE AND DATA PROCESSORS
JAAVYA does not sell, rent, or trade your personal data. Your data is shared only with trusted service providers operating as Data Processors under strict data protection obligations:
E-Commerce Platform: Wix Studio
Payment Processor: Razorpay (PCI-DSS compliant)
Logistics Partners: Amazon Easy Ship, Blue Dart, and selected courier networks
Analytics Provider: Anonymised website analytics tools only
We may also disclose your data when required by Indian government authorities, law enforcement agencies, the Data Protection Board of India, or under a valid court order.
6. DATA RETENTION TIMELINES
We adhere to strict data minimisation principles. Your information is not stored indefinitely:
-
Transactional records (invoices & orders): 7 years, as mandated by the Income Tax Act, 1961 and GST regulations
-
Account data: Retained for the duration of your account; permanently deleted within 30 days of a verified erasure request
-
Customer support logs: 2 years from the date of resolution
-
Analytics & cookie data: Maximum 13 months from initial collection
-
Grievance records: 1 year from resolution, as required by Consumer Protection Rules, 2020
Upon expiry of the applicable retention period, your personal data will be securely deleted or permanently anonymised.
7. YOUR RIGHTS AS A DATA PRINCIPAL
Under Chapter III of the DPDP Act, 2023, you have the following rights over your personal data. To exercise any right, email us at care@jaavya.com. We will acknowledge your request within 48 hours and resolve it within 30 days.
7.1 Right to Access
Request a summary of the personal data JAAVYA processes about you, the purposes of processing, and the identities of any third parties with whom it has been shared.
7.2 Right to Correction & Updation
Request correction of inaccurate, incomplete, or outdated personal data held by us.
7.3 Right to Erasure
Request deletion of your personal data, subject to legal financial retention requirements (e.g., tax invoice history mandated for 7 years under Indian law).
7.4 Right to Withdraw Consent
You may withdraw consent at any time by emailing care@jaavya.com. We will cease all non-mandatory data processing within 30 days of receiving your verified request. Withdrawal does not affect the lawfulness of processing carried out before withdrawal but may limit our ability to process future orders.
7.5 Right to Grievance Redressal
Seek prompt and transparent resolution of any data privacy concern through our designated Grievance Officer (see Section 16).
7.6 Right to Nominate
Under the DPDP Act, 2023, you may nominate a person to exercise your data rights on your behalf in the event of your death or mental or physical incapacity.
8. DATA BREACH NOTIFICATION PROTOCOL
In the event of a personal data breach that is likely to result in harm to your rights or interests, JAAVYA will:
-
Report the incident to the Data Protection Board of India within 72 hours of breach confirmation, as required under the DPDP Act, 2023
-
Notify all affected Data Principals via their registered email address without undue delay, clearly stating the nature of the data impacted and the remedial steps taken
-
Take immediate action to contain, investigate, and mitigate the breach
We advise all users to maintain an active and accessible registered email address to receive such notifications promptly.
9. COOKIES AND TRACKING TECHNOLOGIES
Our website (jaavya.com) uses cookies to manage sessions, evaluate performance, and remember your preferences.
Strictly Necessary Cookies: Essential for core website functions such as cart management and secure checkout. These cannot be disabled.
Analytics Cookies: Provide anonymised data on user interactions such as session length and page paths. No personal identifiers are stored.
Preference Cookies: Restore your settings such as language or delivery location preferences.
A cookie consent banner will appear on your first visit to jaavya.com. Non-essential cookies are blocked until explicit consent is provided. You may withdraw cookie consent or manage preferences at any time through your browser settings or our cookie management tool on the website. Cookie data is retained for a maximum of 13 months and is never sold to advertising networks.
10. CHILDREN'S DATA PROTECTION
JAAVYA's products and services are intended for individuals who are 18 years of age or older. We do not knowingly collect, request, or process personal data from minors without verifiable parental or guardian consent, as required under Section 9 of the DPDP Act, 2023 and Rule 10 of the DPDP Rules, 2025.
Our website implements an age declaration at checkout requiring users to confirm they are 18 years of age or older before completing any transaction or account registration. We do not track, profile, or deploy behavioural advertising directed at minors.
If you believe personal data belonging to a minor has been inadvertently collected, please contact us immediately at care@jaavya.com. We will take prompt action to verify and permanently delete such data.
11. DATA SECURITY STANDARDS
We implement reasonable technical and organisational security practices as mandated under Rule 8 of the IT (SPDI) Rules, 2011 and the DPDP Act, 2023, including:
-
SSL/TLS encryption for all data transmitted via jaavya.com
-
Restricted, role-based access controls limiting internal access to personal data on a strict need-to-know basis
-
Secure hosting infrastructure with routine security reviews
-
No storage of raw financial credentials on our servers
While we take every reasonable precaution, no digital transmission over the internet can be guaranteed as completely secure. We encourage users to transact on secure networks and keep account credentials confidential.
12. CROSS-BORDER DATA TRANSFERS
Certain infrastructure partners such as Wix Studio may store or process data on servers located outside India. The Government of India has not yet published the list of approved countries for cross-border personal data transfers under Section 16 of the DPDP Act, 2023. JAAVYA actively monitors regulatory developments and will update our data transfer practices to align with any approved country list once formally notified by the Central Government via official gazette.
13. CONSENT DECLARATION
By visiting our website, creating an account, or purchasing our products, you freely, specifically, informedly, and unambiguously consent to the collection, storage, and processing of your personal data as described in this Policy.
JAAVYA does not use pre-ticked checkboxes, implied consent, or any other passive mechanism to capture your agreement. Consent is always affirmative and explicit.
From November 2026, consent management will additionally align with the Consent Manager Framework under the DPDP Rules, 2025, as it becomes operational. JAAVYA maintains internal records of all consents obtained and the dates on which they were given.
14. GOVERNING LAW AND JURISDICTION
This Privacy Policy and your relationship with JAAVYA shall be governed by and construed in accordance with the laws of India. Any legal disputes, claims, or proceedings arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in Delhi, India.
15. POLICY MODIFICATIONS
JAAVYA reserves the right to update this Privacy Policy to reflect changes in our data practices or applicable Indian law. The revised Policy will be published at jaavya.com/privacy-policy with an updated version number and Effective Date.
For material changes, registered users will receive an email notification at least 7 days before the change takes effect. Your continued use of our services after the effective date constitutes your acceptance of the revised Policy.
16. GRIEVANCE OFFICER
Pursuant to the Information Technology Act, 2000, the Consumer Protection (E-Commerce) Rules, 2020, and the DPDP Act, 2023, the following officer is appointed to address all data privacy complaints and requests:
Name: Aarjav Jain
Designation: Grievance Officer / Founder
Brand: JAAVYA — the science of modern luxury
Address: Haryana, India
Email: care@jaavya.com
Acknowledgement Timeframe: Within 48 hours of receipt
Resolution Timeframe: Within 30 days as per Consumer Protection Rules, 2020
© 2026 JAAVYA. All rights reserved. | Version 2.0 | Effective 20 June 2026 | jaavya.com
