Privacy Policy

We may update this policy periodically, and your continued use of our services constitutes acceptance of the updated terms.

1. Contact Person and Controller

The entity responsible for processing your personal data, in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the Indian Digital Personal Data Protection Act, 2023 (DPDP Act), depends on your location and the services you use.

• For users in Germany: datenschutz@velvetrituals.com
• For users in India: privacy@velvetrituals.com or +91 9699576699

2. Legal Basis for Data Processing

We process personal data only when legally permitted, based on the applicable data protection laws in the user's jurisdiction. The legal bases include:

For Users in the EU (GDPR Compliance)

• Article 6(1)(a) GDPR – Your consent for specific data processing activities.
• Article 6(1)(b) GDPR – Contractual necessity, when data processing is required for providing our services.
• Article 6(1)(c) GDPR – Legal obligation, when processing is required to comply with laws.
• Article 6(1)(d) GDPR – Vital interest, when necessary to protect the life or safety of individuals.
• Article 6(1)(f) GDPR – Legitimate interest, such as fraud prevention or website analytics, provided it does not override your rights.

For Users in India (DPDP Act Compliance)

Under the Digital Personal Data Protection Act, 2023 (DPDP Act, India), we process digital personal data in accordance with the following principles:

• Personal data is processed for lawful and specific purposes.
• Users must be informed and provide explicit consent before their personal data is processed.
• Data is processed only for the purpose stated at the time of collection.
• We implement strict security measures and retain data only as required.
• Users have the right to access, correct, and delete their data, as applicable under Indian law.

In compliance with Indian data protection laws, personal data may be processed outside India only if it meets legal safeguards.

3. Data We Collect

We collect and process various types of data to provide you with seamless access to our platform, products, and services. This includes both personal data that identifies you and non- personal data related to your interactions with our platform.

3.1 Personal Data

We collect personal data in the following ways:

a) Account Information

When you create an account or make a purchase as a guest, we collect the information you provide, including:

• Full name, email address, phone number
• Delivery address (home, office, or preferred location)
• Date of birth (if provided)
• Unique user ID and encrypted password

To enhance user experience and access to personalized services, you may optionally share additional details such as gender, sexual preferences, or interests. However, providing this information is not mandatory, and declining to do so will only limit access to certain tailored services or recommendations.

b) Payment and Transaction Data

For processing payments and orders, we collect:

• Credit/debit card details, e-wallet details, banking information
• Billing and shipping addresses
• Purchase history and order details

Payment transactions are securely processed through third-party payment providers, and we do not store complete payment details.

c) Customer Interactions and Feedback

We retain data from communications with our customer service team via:

• Emails, chats, and calls with our support team
• Feedback submitted through our platform, surveys, or review forms
• Social media interactions, including comments and messages
• Participation in referral programs, discounts, or promotional offers

d) User-Generated Content

If you contribute content (such as reviews, comments, or survey responses), this information may be stored and displayed publicly in an anonymized format.

3.2 Automatically Collected Data

In addition to data you actively provide, we automatically collect information related to your usage of our platform:

a) Usage and Interaction Data

We track user activity on our website and app, including:

• Pages visited, features used, session duration
• Listening activity e.g. titles played, progress, timestamps, session length, bookmarks, likes/ratings, search queries
• Preferences e.g. selected categories, intensity/mood tags, language/voice preferences
• Optional device sync: vibration pattern IDs or presets linked to story timestamps (no raw audio is recorded)
• Collaborator interactions e.g. if you submit scripts/voice tests, we may collect submission content and contact/billing details
• Clickstream data, browsing behavior, and referring sources
• System activity, app crashes, and performance logs

b) Device and Technical Information

To optimize our platform for different devices, we collect:

• IP address, browser type, operating system, and app version
• Device model, unique device identifiers, and system settings
• Preferred language and geographic location (based on IP)

c) Purchase and Behavioral Data

We retain details on:

• Products viewed, added to cart, or purchased
• Payment methods used and transaction preferences
• Interactions with recommendations or personalized offers

d) Cookies, Tracking Technologies & Analytics

We use cookies, log files, web beacons, and tracking pixels to analyze browsing behavior and improve user experience. These technologies help us:

• Recognize repeat visits and store user preferences
• Monitor website traffic and user engagement
• Personalize recommendations and marketing content

You can manage or disable cookies through your browser settings, but doing so may impact platform functionality.

3.3 Information from Third Parties

We may receive additional user data from:

• Business partners (such as fulfillment providers)
• Analytics platforms (e.g., Google Analytics) for performance insights
• Marketing affiliates and advertising networks
• Payment processors to verify and authenticate transactions

These data sources help us enhance our platform while ensuring compliance with applicable privacy regulations.

4. How We Use Your Data

We process your personal data to enhance your experience, improve our services, and ensure the security of our platform. The data collected is used strictly for the purposes outlined below, and we do not sell your personal data to third parties. However, we may share it with trusted service providers to facilitate order fulfillment, payment processing, and analytics.

4.1 Platform Functionality and Order Fulfillment

We use your personal data to:

• Create, manage, and update your Velvet Rituals account.
• Process and complete transactions, including payment verification and shipping.
• Provide invoices, order confirmations, and delivery tracking.
• Personalize and optimize platform features for a better user experience.
• Identify and prevent fraudulent transactions or account misuse.

4.2 Customer Support and Communication

We process user data to:

• Respond to inquiries via email, chat, or customer support channels.
• Provide troubleshooting and assist with technical support.
• Conduct customer satisfaction surveys to improve service quality.
• Train customer support representatives for better assistance.

4.3 Marketing and Promotional Activities

With your consent, we may use your data to:

• Send newsletters and promotional emails about new products, offers, and events.
• Display personalized recommendations based on your shopping history.
• Feature product reviews, testimonials, and feedback in marketing campaigns.
• Conduct targeted advertising via social media, banners, and email campaigns.
• Provide promotional discounts or referral rewards.

You may opt out of marketing communications at any time through account settings or by contacting us.

4.4 Research, Development, and Personalization

We analyze collected data to:

• Enhance platform performance and optimize the user interface (UI/UX).
• Develop new products and improve existing offerings.
• Conduct internal analytics for product recommendations.
• Generate aggregated insights for better customer experience.

Personalize user journeys by providing content tailored to individual preferences.

4.5 Customer Retention and Loyalty Programs

We may use your name and contact information to:

• Offer exclusive rewards and anniversary discounts.
• Send reminders about subscription renewals and loyalty benefits.
• Provide personalized gifts and promotions based on user history.

You can choose to opt out of retention programs at any time.

4.6 Fraud Prevention and Security

To maintain platform integrity and security, we may use your data to:

• Detect and prevent fraudulent transactions or unauthorized access.
• Identify and block misuse or suspicious activity on the platform.
• Conduct risk assessments for payment transactions.

Securely store user credentials and monitor account security.

4.7 Legal Compliance

We process personal data in compliance with applicable laws, including:

• Responding to legal inquiries, regulatory requests, or audits.
• Enforcing terms of service and preventing platform abuse.

Addressing disputes or claims related to transactions.

4.8 Data Sharing with Third-Party Service Providers

To deliver our services effectively, we may share your data with:

• Logistics providers (e.g., DHL, Hermes) for product shipping and tracking.
• Payment processors for secure transaction handling.
• Analytics providers (e.g., Google Analytics) for performance insights.
• Survey tools for collecting anonymous user feedback.

All third-party providers adhere to strict data protection standards and are bound by confidentiality agreements.

4.9 Sweepstakes, Contests, and User Engagement

If you participate in contests, sweepstakes, or interactive quizzes, we may collect:

• Name and contact details for winner notifications.
• Voluntary responses for personalized product recommendations.
• User-generated content for marketing features (with consent).
• Data collected for contests will be deleted after the event unless you opt-in for further communication.

5. Data Sharing and Third-Party Processing

We do not share your personal data with third parties except where necessary to fulfill contractual obligations, improve our services, or comply with legal requirements. The following outlines when and how we share your data.

5.1 Logistics and Shipping Partners

To facilitate product delivery, we share relevant order and contact details with logistics partners, including but not limited to:

• DHL, Hermes, UPS, Amazon, and local couriers for shipping and tracking.
• If you provide explicit consent, we may share your email address and phone number with these carriers to enable delivery notifications and coordination.
• You can revoke consent for sharing delivery notifications at any time.

5.2 Service Providers and Operational Support

We collaborate with trusted third-party service providers to enhance platform functionality, process transactions, and ensure smooth service delivery. These include:

• Payment Processors: Secure handling of credit card transactions, bank transfers, and digital payments.
• E-commerce and Database Management: Platforms such as Shopify or AWS to facilitate order fulfillment and data storage.
• Marketing and Analytics: Data may be processed by third-party platforms to analyze trends, measure engagement, and improve personalization.

All third-party providers are required to comply with strict data protection regulations and maintain confidentiality agreements.

5.3 Business Restructuring and Corporate Transactions

In the event of a merger, acquisition, asset sale, or corporate restructuring, your stored data may be transferred to the new entity as part of the transaction. We will ensure data security and compliance during such transitions and notify you in case of significant changes.

5.4 Legal and Regulatory Compliance

We may disclose your personal data if required by:

• Government authorities or law enforcement agencies in response to lawful requests, subpoenas, or legal investigations.
• Court orders or regulatory requirements to comply with applicable laws.
• Fraud prevention and security monitoring to protect against unauthorized access, fraudulent activities, or potential misuse of our platform.

5.5 Data Security with Third-Party Integrations

While we carefully select third-party service providers, their individual privacy policies and data handling practices may differ from ours. We encourage you to review their privacy policies when using integrated services on our platform.

By continuing to use our platform, you acknowledge and consent to necessary data sharing as outlined above.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, in accordance with legal, contractual, and operational requirements.

6.1 Purpose-Based Retention

Your data is stored to:

• Ensure seamless platform functionality and personalized user experience.
• Maintain customer support records and facilitate communication regarding your Velvet Rituals account.
• Comply with legal, tax, and regulatory obligations.
• Prevent, detect, and investigate fraudulent, unauthorized, or illegal activities.

6.2 Retention Periods

We retain different types of data for specific durations, based on legal and business needs:

• User Account Data: Retained as long as your account is active or as needed for customer service purposes.
• Order and Transaction Records: Stored for three years after contract fulfillment, unless legally required otherwise.
• Accounting and Tax Data: Retained for up to ten years in compliance with financial regulations.
• Marketing and Communication Data: Stored until you withdraw consent or request deletion.

6.3 Requesting Data Deletion

• You have the right to request the deletion of your personal data by contacting our data protection officer.
• Certain data may still be retained in compliance with legal requirements or to prevent fraudulent activity.
• Deleted data may persist in backup archives for a limited period as part of standard security practices.

If you would like to modify, delete, or inquire about the retention of your data, please contact us at datenschutz@velvetrituals.com or privacy@velvetrituals.com.

7. AI-Powered Services and Data Processing

We may use Al-powered technologies to enhance your experience on our platform, including personalized recommendations, automated customer support, and content optimization.

7.1 Use of Al Features

If you engage with Al-powered features, your text inputs, images, uploaded content, and interactions ("Input") may be processed by third-party AI service providers. These providers may use your data for:

• Enhancing AI-driven recommendations tailored to your preferences.
• Automating customer support for quicker query resolution.
• Analyzing user behavior trends to improve platform functionality.

7.2 Data Sharing with Al Providers

By using Al-powered features, you acknowledge and consent to the processing of your Input by third-party AI vendors. While we take necessary precautions to partner with trusted AI service providers, their independent data practices may vary. We encourage you to review their privacy policies for transparency.

7.3 Revoking Consent for Al Processing

If you do not wish to share your Input with Al services, you should avoid using Al-powered features on our platform. For further inquiries or to withdraw consent, you may contact our Data Protection Officer at datenschutz@velvetrituals.com or privacy@velvetrituals.com.

8. Protection of Minors

We are committed to protecting the privacy of minors and ensuring that our services are only accessible to adults.

8.1 No Data Collection from Minors

Our platform and services are strictly intended for users who are 18 years of age or older (or the equivalent minimum age as per jurisdictional laws). We do not knowingly collect, store, or process personal data from individuals under this age threshold. We apply a soft age-gate on entry and reserve the right to request age confirmation in high-risk scenarios. Reports of under-age accounts trigger immediate suspension and deletion review.

8.2 Parental Monitoring and Responsibility

We encourage parents and legal guardians to monitor their children's online activity and educate them on responsible internet use.

8.3 Data Deletion for Minors

If we discover that a minor has falsely provided personal information, we will take immediate steps to delete the data and restrict access to our services. If you are a parent or guardian and believe that a minor has registered or shared personal data with us, please contact our Data Protection Officer at datenschutz@velvetrituals.com or privacy@velvetrituals.com for immediate removal.

9. Data Security

We are committed to ensuring the highest level of security for your personal data by implementing technical and organizational measures to protect against unauthorized access, misuse, loss, or disclosure.

9.1 Security Measures

• We use TLS encryption for secure data transmission between your device and our servers, ensuring that your data remains protected.
• Personal data is stored on secure servers with restricted access, preventing unauthorized individuals from accessing sensitive information.
• Additional identity verification measures may be required before granting access to personal accounts to enhance security.

9.2 Payment Security

Payment transactions are processed exclusively by third-party payment providers with strong security protocols. While we carefully select partners with industry-standard security practices, we do not control their security measures and disclaim liability for any breaches caused by them.

9.3 No Absolute Guarantee

Despite our robust security measures, no method of internet transmission or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your data has been compromised, please contact our Data Protection Officer at datenschutz@velvetrituals.com or privacy@velvetrituals.com immediately.

10. International Data Transfers

We may transfer your personal data to countries outside your country of residence for the purposes outlined in this Privacy Policy. These transfers may involve jurisdictions with different or less stringent data protection laws than those in your home country.

10.1 Compliance with Data Protection Laws

To ensure the security and lawful processing of your personal data in cross-border transfers, we implement the following safeguards:

• European Users: If your data is transferred outside the European Economic Area (EEA), we ensure compliance with the EU General Data Protection Regulation (GDPR) by using Standard Contractual Clauses (SCCs) or other legally recognized mechanisms.
• Indian Users: Data transfers comply with the provisions of the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable regulations.

10.2 Legal Obligations and Disclosures

Your data may become subject to disclosure under the laws of the country where it is processed, including requests from government authorities, regulatory agencies, or courts. Some jurisdictions have international agreements for exchanging information for law enforcement, taxation, and security purposes.

10.3 Security Measures for International Transfers

When transferring personal data across borders, we take reasonable steps to ensure:

• Your data is accurate and processed in a secure and lawful manner.
• Adequate technical and organizational safeguards are in place to prevent unauthorized access.
• Your data is not stored for longer than necessary for its intended purpose.

If you have any questions about international data transfers or wish to obtain a copy of the safeguards applied, please contact our Data Protection Officer at datenschutz@velvetrituals.com or privacy@velvetrituals.com.

11. Your Rights Under GDPR and Indian Data Protection Laws

You have rights regarding your personal data, including the right to access, rectify, erase, restrict processing, and data portability. To exercise any of your rights, please contact our Data Protection Officer.

11.1 Right to Access (Article 15 GDPR & DPDP Act Section 11)

You have the right to request a copy of the personal data we hold about you, along with details about:

• The purposes of data processing.
• The categories of personal data collected.
• Third parties with whom your data has been shared.
• The duration for which your data is stored or the criteria used to determine that period.
• Your rights regarding correction, deletion, restriction, or objection to processing.

Under India's DPDP Act, you have the right to request information on how your data has been processed, including any disclosures made to third parties.

11.2 Right to Rectification (Article 16 GDPR & DPDP Act Section 12)

If the personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request corrections. We may verify the accuracy of the updated information before making any changes.

Under Indian law, companies are obligated to ensure that inaccurate personal data is corrected in a timely manner if requested by the user.

11.3 Right to Erasure ("Right to be Forgotten") (Article 17 GDPR & DPDP Act Section 14)

You may request the deletion of your personal data under certain circumstances, such as:

• The data is no longer necessary for the purpose it was collected.
• You withdraw consent, and no other legal basis for processing exists.
• You object to processing (see Section 11.7).
• The data has been unlawfully processed.

Exceptions: We may deny deletion requests if data retention is necessary for:

• Compliance with legal obligations (such as tax records, accounting, and audits).
• Establishing, exercising, or defending legal claims.
• Contractual performance.

In India, under the DPDP Act, the "Right to be Forgotten" allows individuals to request restriction or removal of public access to their personal data when it is no longer required or is inaccurate. However, this does not require companies to delete data completely in all cases.

11.4 Right to Restriction of Processing (Article 18 GDPR & DPDP Act Section 13)

You can request that we restrict the processing of your personal data if:

• You contest the accuracy of the data while we verify its correctness.
• Processing is unlawful, but you prefer restriction over deletion.
• The data is no longer required for processing, but you need it for legal claims.
• You object to processing, and we are assessing whether we have overriding legitimate interests.

In India, under the DPDP Act, you have the right to limit the use of your data for specific purposes, such as preventing further marketing communications.

11.5 Right to Data Portability (Article 20 GDPR)

You may request your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer your data directly to another service provider, where technically feasible.

This right is not yet explicitly recognized under Indian law, but Indian users can still request copies of their stored data.

11.6 Right to Withdraw Consent (Article 7(3) GDPR & DPDP Act Section 6)

You can withdraw your consent to data processing at any time. This will not affect the lawfulness of any processing carried out before withdrawal. However, withdrawing consent may limit your access to certain services.

In India, under the DPDP Act, withdrawal of consent must be as easy as giving consent, and companies cannot deny services solely based on consent withdrawal unless consent was the only legal basis for processing the data.

11.7 Right to Object to Processing (Article 21 GDPR & DPDP Act Section 9)

You may object to the processing of your personal data if:

• It is processed based on legitimate interests, and you believe your rights override our interests.
• Your data is used for direct marketing, in which case we will immediately stop processing for that purpose.

Under Indian law, individuals can opt-out of certain types of data processing, especially for marketing purposes.

11.8 Right to Lodge a Complaint with a Regulatory Authority

If you believe we have violated data protection laws, you can lodge a complaint with the relevant regulatory body:

• For EU users: Contact your local Data Protection Supervisory Authority in the EU.
• For Indian users: File a grievance under the DPDP Act, 2023, with the Data Protection Board of India once operational.

In both cases, you can also escalate the matter legally if necessary.

11.9 Exercising Your Rights

To exercise any of your rights, or if you have any concerns about your personal data, you can contact our Data Protection Officer at datenschutz@velvetrituals.com or privacy@velvetrituals.com.

We aim to respond to all valid requests within 30 days, subject to any legal or operational constraints. If your request is complex, we may require additional time, but we will inform you accordingly.

12. Changes to This Privacy Policy and Your Responsibilities

We may update this Privacy Policy periodically to reflect changes in our practices, regulatory updates, or improvements in our services.

12.1 Notification of Changes

Any modifications to this Privacy Policy will be posted on our website and/or within our services with an updated "Last Revised" date. If we make substantial changes that significantly impact your rights, we will notify you through email, in-app notifications, or website alerts before the changes take effect. If required by law, we may seek your explicit consent for certain policy changes.

12.2 Your Responsibility to Stay Informed

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your data. By continuing to use our services after 30 days from the revised policy's effective date, you acknowledge and agree to the updated terms. If you do not agree with the updates, you should discontinue the use of our services immediately. If you believe that our data practices violate applicable laws, you also have the right to file a complaint with the relevant data protection authority in your region.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or website notices. Continued use of our services constitutes acceptance of the updated policy.

14. Contact Information

For privacy inquiries or exercising your rights, contact us at datenschutz@velvetrituals.com or privacy@velvetrituals.com.