Certified Himalayan rudraksha · ships across India

Privacy Policy

Last updated: 14 Jun 2026

Effective date: 14 June 2026

Rudraksha Kavach ("Rudraksha Kavach", "we", "us" or "our") operates the online store at rudrakshakavach.com, through which we sell authentic Rudraksha beads, rudraksha, tulsi and karungali malas, spiritual jewellery, natural-stone bracelets and gemstones across India. Many of our items are lab-certified.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, who we share it with, and the rights you have over your data. It is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).

Please read this policy together with our Terms & Conditions and our Shipping, Returns and Refund policies. By using our website or placing an order, you agree to the practices described here.

Who we are (Data Fiduciary)

The Rudraksha Kavach store is owned and operated by SnazzyWorks, a sole proprietorship registered in India, with its registered office at:

Survey No. 242/1&2/38, Ground Floor, Dsk No. 2E, D. P. Road, Baner, Pune – 411045, Maharashtra, India.

GSTIN: 27HXGPD1259E1ZL

For the purposes of the DPDP Act, SnazzyWorks is the Data Fiduciary that determines the purpose and means of processing your personal data. In this policy, references to "we", "us" and "our" mean SnazzyWorks operating the Rudraksha Kavach store.

The personal data we collect

We collect only the data needed to run the store, fulfil your orders and support you. The categories are:

  • Identity data — your name, and the name on your account or order.
  • Contact data — email address and mobile/phone number.
  • Address data — shipping address and billing address (including PIN code, city and state).
  • Account and order data — your account login details, order history, products purchased, order status and tracking information, invoices, and any communication or support requests you send us.
  • Payment data — payment is processed by our payment gateway, Razorpay (supporting UPI, cards, net-banking and wallets). We receive a confirmation of payment and a transaction reference. We do not collect or store your full card number, CVV or UPI PIN on our servers — that information is handled directly by Razorpay on its PCI-DSS-compliant systems.
  • Device and usage data — your IP address, browser type, device and operating-system information, pages viewed and similar technical data collected automatically when you use the website.
  • Cookies and similar technologies — small data files stored on your device, as described in the "Cookies and tracking" section below.

We do not require or collect special-category birth details, health data, biometric data or government identity numbers to sell or ship our products. Please do not send us such information.

How we collect your data

We collect personal data:

  • Directly from you — when you create an account, place an order, enter your shipping or billing details, contact us by email or WhatsApp, or sign up for updates.
  • Automatically — through cookies and server logs when you browse the website.
  • From our service providers — for example, payment confirmation from Razorpay and delivery-status updates from our courier partners.

Why we use your data, and our lawful basis

Under the DPDP Act we process your personal data on the basis of your consent, and where applicable for certain legitimate uses permitted by law (such as responding to your requests and complying with legal obligations). We use your data for the following purposes:

  • To process and fulfil your orders — to take payment via Razorpay, raise your tax invoice, pack and dispatch your items, and keep you updated on order and delivery status.
  • To manage your account — to register you, authenticate logins, and let you view your orders and tracking.
  • To provide customer support — to answer your questions and resolve issues, including returns, replacements, cancellations and refunds.
  • To handle returns, replacements and refunds — including assessing unboxing-video evidence for damaged or wrong-item claims.
  • To comply with law — to meet tax, GST-invoicing, accounting, consumer-protection and anti-fraud obligations.
  • To improve and secure our website — to understand how the store is used, fix problems, prevent fraud and keep the platform safe.
  • To send you updates and offers — only where you have opted in. You can withdraw this consent and unsubscribe at any time.

Prices on the store are inclusive of applicable GST. Rudraksha beads are GST-exempt (0%), while other items such as jewellery and gemstones attract GST as applicable. A tax invoice is issued for every order; preparing and retaining these invoices is part of how we process your order and address details.

Who we share your data with

We do not sell, rent or trade your personal data. We share it only with trusted partners ("Data Processors") who help us run the store, and only to the extent needed:

  • Payment gateway — Razorpay, to securely process your payment.
  • Logistics and courier partners — third-party couriers, to deliver your order and provide tracking. They receive your name, delivery address and phone number.
  • Communication providers — our email and SMS communication service providers, to send order confirmations, dispatch and delivery updates, and (if you opted in) marketing messages. WhatsApp (+91 83903 38556) is a manual customer-support channel we use to assist you, not an automated messaging integration.
  • Hosting and technology providers — who host our website, store and database.
  • Professional and legal advisers, and authorities — where we are required to share data by law, court order or a lawful request, or to prevent fraud or protect our rights, our customers or the public.
  • Business transfer — if the business is merged, acquired or its assets are sold, your data may be transferred to the successor entity, subject to this policy.

We require our processors to protect your data and to use it only for the purposes we specify.

We do not currently use any third-party analytics, advertising or cross-site tracking tools on the store. We rely only on minimal server logs to keep the site secure and functioning. If we introduce analytics in the future, we will update this policy first.

Cookies and tracking

We use only essential, functional cookies to make the store work — namely a login/session cookie (_medusa_jwt), a cart cookie (_medusa_cart_id) and a caching cookie (_medusa_cache_id). These keep you signed in, remember your cart, run the checkout, and help pages load efficiently.

We do not set any analytics or marketing cookies, and we do not track you across other websites. Because we use only strictly-essential cookies, no cookie-consent banner is shown and none is required.

You can control or disable cookies through your browser settings. Please note that if you block these essential cookies, parts of the website — such as the cart and checkout — may not function correctly.

How long we keep your data

We keep your personal data only for as long as needed for the purposes set out in this policy, and then delete or anonymise it. In particular:

  • Order, invoice and tax records are retained for 8 years to meet Indian tax, GST and accounting requirements.
  • Account data is kept while your account is active, and is deleted or anonymised within about 90 days of account closure, except for records we must retain by law.
  • Support tickets and server-log / usage data are retained for up to 24 months.
  • Marketing-related data is retained until you withdraw consent or unsubscribe.

Where we are required by law to retain certain records (for example, tax invoices), we will keep them for the legally required period even if you ask for deletion of other data.

How we protect your data

We use reasonable security practices and procedures to protect your personal data, including:

  • Encryption in transit — the website is served over HTTPS/SSL, so data exchanged with us is encrypted.
  • Restricted access — access to personal and order data is limited to authorised persons on a need-to-know basis.
  • Secure payment processing — card and UPI details are handled directly by Razorpay on its PCI-DSS-compliant infrastructure; we never see or store your full card number, CVV or UPI PIN.
  • Operational safeguards — we take reasonable steps to keep our systems and the data we hold secure.

No method of transmission or storage is completely secure, so while we work hard to protect your data, we cannot guarantee absolute security. If a personal-data breach occurs, we will act in accordance with applicable law, including notifying the Data Protection Board of India and affected users where required.

Your rights as a Data Principal

Under the DPDP Act, you (the "Data Principal") have the following rights in respect of your personal data:

  • Right to access — to ask for a summary of the personal data we hold about you and how we process it.
  • Right to correction and completion — to have inaccurate or misleading data corrected, and incomplete data completed.
  • Right to updating — to have your data kept up to date.
  • Right to erasure — to ask us to delete your personal data, except where we must keep it to comply with the law.
  • Right to withdraw consent — to withdraw any consent you have given, at any time, as easily as you gave it. Withdrawing consent will not affect processing already carried out, and may mean we can no longer provide certain services.
  • Right of grievance redressal — to have your complaints addressed by us (see the Grievance Officer details below).
  • Right to nominate — to nominate another individual to exercise your rights in the event of your death or incapacity.

How to exercise your rights

To exercise any of these rights, please contact our Grievance Officer using the details below, or email us from the email address registered with your account. We may need to verify your identity before acting on a request, to protect your data. We will respond to your request within 30 days, in line with the timelines required by law.

You can also unsubscribe from marketing messages at any time by using the "unsubscribe" link in our emails or by contacting us.

Children's data

Our store is intended for adults. We do not knowingly collect personal data from children under the age of 18 without the consent of a parent or legal guardian. We do not undertake tracking, behavioural monitoring or targeted advertising directed at children. If you are under 18, please use the website only with the involvement of your parent or guardian. If we learn that we have collected a child's data without the required consent, we will delete it.

Cross-border transfer of data

We primarily process and store personal data in India. Razorpay processes your payment data within India. Where a service provider processes limited data outside India, we do so only in compliance with the DPDP Act, 2023 and applicable law, and only to countries not restricted by the Government of India.

Grievance Officer and how to contact us

If you have any questions, requests or complaints about your personal data or this policy, please contact our Grievance Officer, appointed in accordance with the DPDP Act, 2023 and the Consumer Protection (E-Commerce) Rules, 2020:

Grievance Officer: Rohan

Email: support@rudrakshakavach.com

WhatsApp: +91 83903 38556

Operating entity: SnazzyWorks

Address: Survey No. 242/1&2/38, Ground Floor, Dsk No. 2E, D. P. Road, Baner, Pune – 411045, Maharashtra, India.

We will acknowledge your complaint within 48 hours and aim to resolve it within one month of receipt.

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India in accordance with the DPDP Act.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. When we do, we will revise the "Effective date" above and publish the updated policy on this page. Significant changes may also be notified to you by email or through the website. Please review this page periodically to stay informed.

Governing law

This Privacy Policy is governed by the laws of India. Any disputes relating to it are subject to the exclusive jurisdiction of the courts at Pune, Maharashtra.