Last updated: March 2026
1. Overview
This Privacy Policy describes how Koyé
HOUSE OF KOY CLOTHING PRIVATE LIMITED
GSTIN/UIN : 06AAICH1906M1ZH
CIN: U14101HR2025PTC136375
(operating as "House of Koy", accessible at houseofkoy.com) collects, uses, stores, and protects your personal information when you visit our website, create an account, place an order, subscribe to our communications, or interact with us in any way.
Our website is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify's data storage, databases, and the general Shopify application. Shopify stores your data on secure servers behind a firewall.
By using our website, you consent to the collection and use of your information as described in this policy. If you do not agree with this policy, please do not use our website. [Note: Insert your registered legal entity name and CIN/GSTIN here before publishing.]
This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Consumer Protection (E-Commerce) Rules, 2020, and the Digital Personal Data Protection Act, 2023 (to the extent notified and applicable).
2. Information We Collect
We collect information in the following ways:
Information you provide directly
When you create an account, place an order, subscribe to our newsletter, or contact us, you may provide:
- Name (first and last)
- Email address
- Phone number
- Shipping and billing address
- Payment information (processed securely by our payment partners — we do not store your card details)
- Order history and preferences
- Any information you include in messages to our customer care team
Information collected automatically
When you browse our website, we automatically collect certain information about your device and visit, including:
- IP address
- Browser type and version
- Operating system
- Referring website or source
- Pages visited, time spent on pages, and navigation patterns
- Device type (desktop, mobile, tablet)
- Approximate geographic location (city/region level, derived from IP address)
This information is collected using cookies, log files, and similar tracking technologies. See Section 7 (Cookies & Tracking) for more details.
Sensitive personal data
Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, certain categories of information are classified as "sensitive personal data or information" (SPDI). This includes financial information such as bank account, credit/debit card, or other payment instrument details. We do not directly collect or store your SPDI — all payment information is processed and stored exclusively by our PCI-DSS compliant payment processing partners (Shopify Payments and associated gateways). We implement reasonable security practices in accordance with IS/ISO/IEC 27001 standards or equivalent to protect any personal information in our possession.
Information from third parties
We may receive information about you from third-party services we use, including Shopify (our e-commerce platform), our payment processing partners, and advertising platforms such as Meta (Facebook/Instagram) and Google Ads when you interact with our advertisements.
3. How We Use Your Information
We process your information based on different legal grounds depending on the purpose:
- Contractual necessity — processing required to fulfil your order, manage your account, and provide our services (e.g., shipping, exchanges, customer care).
- Your consent — processing that requires your explicit opt-in, such as marketing emails, SMS notifications, and advertising cookies.
- Legal obligation — processing required to comply with tax, accounting, and regulatory requirements under Indian law.
- Legitimate interest — processing to improve our services, prevent fraud, and secure our platform, where such interest does not override your privacy rights.
Specifically, we use the information we collect for the following purposes:
| Purpose | Types of Data Used |
|---|---|
| Fulfilling and managing your orders | Name, address, email, phone, payment info, order details |
| Communicating about your order (confirmations, shipping updates, delivery notifications) | Name, email, phone |
| Processing exchanges and store credits | Name, email, order history, address |
| Responding to your enquiries and customer care requests | Name, email, phone, message content |
| Sending marketing communications (newsletters, offers, new arrivals) — only with your consent | Name, email |
| Personalising your shopping experience and product recommendations | Browsing behaviour, order history, preferences |
| Running and measuring advertising campaigns (Meta, Google) | Device info, browsing behaviour, IP address (via tracking pixels) |
| Improving our website, products, and services | Analytics data, browsing behaviour, feedback |
| Preventing fraud and securing our platform | IP address, device info, transaction patterns |
| Complying with legal obligations | As required by applicable law |
4. Who We Share Your Information With
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your information only with the following categories of service providers who help us operate our business:
- Shopify — our e-commerce platform that processes and stores order and account data.
- Payment processors — to securely process your transactions. They receive only the information necessary to complete the payment.
- Shipping and logistics partners — to deliver your orders. They receive your name, address, and phone number.
- Email marketing platform — to send newsletters and promotional communications to subscribers who have opted in. They receive your name and email address.
- Advertising platforms (Meta, Google) — to run and measure our advertising campaigns. They may receive anonymised browsing data through tracking pixels installed on our website.
- Analytics providers — to help us understand website usage and improve the user experience.
All third-party service providers are required to protect your information and use it only for the purposes for which it was shared.
We may also disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect our rights, property, or the safety of our users.
5. Cross-Border Data Transfers
Our website is hosted on Shopify Inc., which stores data on servers located in Canada and the United States. Additionally, some of our third-party service providers — including Meta (Facebook/Instagram), Google, and our email marketing platform — may process and store your data in countries outside India.
By using our website and providing your information, you acknowledge and consent to the transfer of your personal data to servers and service providers located outside India. These transfers are necessary to provide you with our services, process your orders, and run our advertising campaigns.
We take reasonable steps to ensure that any third-party service provider handling your data outside India maintains adequate security standards and data protection practices. In the event that the Digital Personal Data Protection Act, 2023 restricts transfers to specific countries, we will update our practices and this policy accordingly.
6. Payment Security
All payment transactions on our website are processed through Shopify Payments and/or third-party payment gateways that comply with PCI-DSS (Payment Card Industry Data Security Standard) requirements. This is a set of security standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.
Koyé does not store, process, or have access to your complete credit card, debit card, or banking details. Your payment information is encrypted and handled directly by our payment processing partners.
7. Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, remember your preferences, and enable our advertising and analytics services.
What are cookies?
Cookies are small text files placed on your device when you visit a website. They help the site recognise your device and remember information about your visit.
Types of cookies we use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Strictly Necessary | Required for the website to function — shopping cart, checkout, account login, security | Session or up to 1 year |
| Analytics / Performance | Help us understand how visitors use our site (pages viewed, time on site, bounce rate). Powered by Shopify Analytics and/or Google Analytics | Up to 2 years |
| Marketing / Advertising | Used to deliver relevant ads to you on other platforms (Meta Pixel, Google Ads). Track conversions from our advertising campaigns | Up to 2 years |
| Functional / Preferences | Remember your preferences such as language, region, or recently viewed products | Up to 1 year |
Managing cookies
You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of our website, particularly the shopping cart and checkout process.
For advertising cookies specifically, you can opt out of personalised advertising through the following links:
- Meta (Facebook/Instagram): Facebook Ad Preferences
- Google: Google Ad Settings
8. Marketing Communications
With your explicit consent, we may send you marketing communications about our new products, collections, promotions, and other updates through the following channels:
- Email — newsletters, promotional offers, new arrivals, and seasonal campaigns. You can subscribe through our website, during checkout, or through promotional campaigns.
- SMS — order updates and promotional messages to the phone number provided during checkout, in compliance with TRAI (Telecom Regulatory Authority of India) regulations. We will only send promotional SMS with your prior opt-in consent.
- WhatsApp — if we use WhatsApp Business for order updates or promotions in the future, we will only do so with your explicit opt-in consent and in compliance with WhatsApp's Business Policy and applicable Indian telecom regulations.
Every marketing email includes an unsubscribe link. You can opt out of marketing communications at any time by clicking this link, replying STOP to any promotional SMS, or by emailing us at care@houseofkoy.com.
Please note that even if you unsubscribe from marketing communications, you will still receive transactional messages related to your orders (order confirmations, shipping updates, exchange communications). These are essential service communications and are not considered marketing.
9. Data Retention
We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
- Order data — retained for as long as required to provide our services and comply with tax and accounting obligations (typically 7–8 years under Indian tax law).
- Account data — retained for as long as your account remains active. You may request deletion of your account at any time.
- Marketing data — retained until you withdraw your consent (unsubscribe). We will remove you from our marketing list within 10 business days of receiving your request.
- Analytics and cookie data — retained in accordance with cookie durations specified in Section 6.
When your data is no longer needed, we will securely delete or anonymise it.
10. Your Rights
Under applicable Indian data protection laws, including the Information Technology Act, 2000, its associated rules, and the Digital Personal Data Protection Act, 2023 (to the extent notified), you have the following rights regarding your personal information:
- Right to access — You can request a summary of the personal information we hold about you and the processing activities related to it.
- Right to correction and completion — You can ask us to update, correct, or complete any inaccurate or incomplete information.
- Right to erasure — You can request that we delete your personal information, subject to any legal obligations that require us to retain certain data (e.g., tax records).
- Right to withdrawal of consent — You can withdraw your consent for data processing at any time. Note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal, nor does it affect processing based on contractual necessity or legal obligations.
- Right to nominate — Under the DPDPA 2023, you have the right to nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.
- Right to grievance redressal — You can raise a complaint with our Grievance Officer (see Section 14). If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once constituted under the DPDPA 2023.
To exercise any of these rights, please email us at care@houseofkoy.com with the subject line "Privacy Request". We will acknowledge your request within 48 hours and respond substantively within 30 days.
11. Data Security
We take the security of your personal information seriously and implement reasonable security practices and procedures, as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These measures include:
- SSL/TLS encryption on all pages of our website, ensuring data transmitted between your browser and our servers is encrypted.
- PCI-DSS compliant payment processing through Shopify Payments and our payment partners.
- Restricted access to personal information — only team members who need the information to perform their roles can access it.
- Regular review of our data collection, storage, and processing practices.
- A documented information security policy and programme in line with IS/ISO/IEC 27001 standards or equivalent, as applicable.
While we strive to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to taking all reasonable steps to safeguard your data.
Data breach notification
In the event of a data breach that is likely to cause harm to you, we will notify affected individuals and the relevant authorities (including the Data Protection Board of India, once constituted) as soon as practicable and in accordance with applicable law. Notification will include the nature of the breach, the data affected, and the steps we are taking to address and mitigate the impact.
12. Children's Privacy
Our website and services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with their information, please contact us at care@houseofkoy.com.
13. Third-Party Links & Do Not Track
Our website may contain links to third-party websites, including social media platforms, payment gateways, and advertising partners. These websites have their own privacy policies, and we are not responsible for their content or practices.
We encourage you to read the privacy policies of any third-party website you visit. Our inclusion of links to these websites does not imply endorsement of their privacy practices.
Do Not Track signals
Some browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites you visit. There is currently no universally accepted standard for how websites should respond to DNT signals. At present, our website does not respond to DNT signals, but you can manage tracking through your cookie preferences and the advertising opt-out links provided in Section 7.
15. Shopify
Our store is hosted on Shopify Inc. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify's data storage, databases, and the general Shopify application.
Shopify stores your data on secure servers behind a firewall. If you choose a direct payment gateway to complete your purchase, Shopify stores your credit card data, which is encrypted through PCI-DSS. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction, after which your purchase transaction information is deleted.
For more information, you may review Shopify's privacy policy at shopify.com/legal/privacy.
16. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.
If we make material changes to this policy, we may notify you through a notice on our website or by sending an email to the address associated with your account.
Your continued use of our website after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
17. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (to the extent notified). Any disputes arising from or related to this policy shall be subject to the exclusive jurisdiction of the courts in [Insert your city, e.g., Mumbai / Delhi / Bengaluru], India.
18. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or the handling of your personal information, please reach out to us:
Email: care@houseofkoy.com
Website: houseofkoy.com
Hours: Monday – Saturday, 10:00 AM to 6:00 PM (IST)
