Privacy policy

Effective Date: 20 May 2026

Overview

This Privacy Policy describes how Value Vibe Furniture Private Limited ("Value Vibe Furniture Pvt Ltd", "Zodiya", "we", "us" or "our"), operating the brand "Zodiya" through the website zodiya.com (the "Site") and related services (collectively, the "Services"), collects, uses, shares and protects your personal data when you visit, interact with, or make a purchase from us.

This policy has been prepared in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

For the purposes of this policy, you are the "Data Principal" and Value Vibe Furniture Pvt Ltd is the "Data Fiduciary" — meaning we determine the purpose and means of processing your personal data.

By using our Services, you confirm that you have read, understood and consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Personal Data We Collect

1.1 Information You Provide Directly

When you create an account, place an order, request a quote, subscribe to our newsletter, book a design consultation, contact our customer service, or otherwise interact with us, we may collect:

  • Identity data — name, gender, date of birth (if voluntarily provided)
  • Contact data — email address, phone number, billing address, shipping address
  • Transaction data — products purchased, order value, payment method, order history
  • Payment data — card details, UPI ID, net banking details, wallet identifiers (processed and stored by our payment gateway partners; we do not store full card numbers on our servers)
  • Communication data — messages, queries, complaints, feedback, reviews and support conversations
  • Marketing preferences — your choices about receiving marketing communications
  • User-generated content — product reviews, ratings, photos uploaded to reviews

1.2 Information Collected Automatically

When you visit or interact with the Services, we (and our service providers) automatically collect:

  • Device and technical data — IP address, browser type, browser version, operating system, device type, device identifiers, screen resolution, time zone
  • Usage data — pages visited, time spent, click paths, referring URLs, products viewed, search queries, cart activity
  • Location data — approximate geographic location derived from IP address
  • Cookies and similar technologies — see Section 6 below

1.3 Information from Third Parties

We may receive personal data about you from:

  • Social media platforms when you interact with our pages or click on our ads (e.g., Meta/Facebook, Instagram, Google)
  • Payment gateways confirming the status of your transactions
  • Courier and logistics partners providing delivery status updates
  • Analytics and advertising partners
  • Publicly available sources

2. How We Use Your Personal Data

We process your personal data for the following specified and lawful purposes:

  • To create and manage your account
  • To process, fulfil and deliver your orders, including arranging shipping, assembly and installation
  • To process payments and prevent fraud
  • To communicate with you about your orders, queries, returns, refunds and warranty claims
  • To provide customer support and respond to your requests
  • To send you marketing communications, offers, catalogues and newsletters (where you have consented or where permitted by law)
  • To personalise your shopping experience and show you relevant products and offers
  • To run advertising campaigns on Meta, Google and other platforms, including retargeting
  • To improve our Site, products, services and overall customer experience
  • To conduct market research and analytics
  • To detect, prevent and address fraud, security breaches, unauthorised access and unlawful activity
  • To comply with applicable laws, court orders, tax obligations (including GST invoicing) and regulatory requirements
  • To enforce our Terms of Service and protect our legal rights

3. Legal Basis for Processing

Under the DPDP Act, we process your personal data on the following legal grounds:

  • Consent — Where you have given us free, specific, informed, unconditional and unambiguous consent (for example, when subscribing to marketing communications or accepting cookies).
  • Legitimate uses permitted under the DPDP Act — including (a) for the specified purpose for which you have voluntarily provided your data (such as completing an order you placed), (b) for compliance with any judgment, decree or order under Indian law, and (c) for responding to a medical emergency or threat to life.

You may withdraw your consent at any time by contacting us using the details in Section 14. Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal, and may limit our ability to provide certain Services to you.

4. How We Share Your Personal Data

We do not sell your personal data. We share your personal data only with the following categories of recipients, and only to the extent necessary:

4.1 Shopify (our platform provider)

Our Site is hosted by Shopify Inc., which provides the e-commerce platform that enables us to sell to you. Shopify collects and processes personal data about your access to and use of the Services in order to provide and improve those services. Shopify may store and process this data on servers located outside India. Please review Shopify's Privacy Policy for more information.

4.2 Payment Gateway Partners

To process payments, we share necessary transaction data with payment service providers (such as Shopify Payments, Razorpay, Cashfree, PayU, or similar). These partners are bound by RBI guidelines and PCI-DSS standards and handle your payment information directly.

4.3 Logistics and Delivery Partners

To deliver your orders, we share your name, delivery address, phone number and order details with courier services and logistics partners (such as Delhivery, Blue Dart, DTDC, India Post, Shiprocket, and our in-house delivery teams across Kerala).

4.4 Marketing and Analytics Service Providers

We use third-party tools to understand and improve our Site and to advertise our products, including:

  • Google Analytics and Google Ads — for site analytics and advertising
  • Meta (Facebook) Pixel and Conversions API — for Instagram and Facebook advertising
  • Email and SMS service providers — for sending order updates and marketing communications
  • WhatsApp Business API providers — for order updates and customer support over WhatsApp
  • Review platforms — for collecting and displaying customer reviews

4.5 Professional Advisors and Authorities

We may share personal data with our auditors, lawyers, accountants and other professional advisors where necessary, and with government, regulatory or law enforcement authorities where required by applicable law, court order, or in response to a legal request.

4.6 Business Transfers

If we undergo a merger, acquisition, restructuring, sale of assets, or other corporate transaction, your personal data may be transferred as part of that transaction. We will notify you and seek any required consent in accordance with applicable law.

5. International Data Transfers

Because we use Shopify and other global service providers, your personal data may be transferred to, stored and processed in countries outside India, including jurisdictions whose data protection laws may differ from those in India. We share personal data outside India only with service providers that adopt reasonable security safeguards. Such transfers are made in accordance with the DPDP Act and any restrictions notified by the Central Government from time to time.

6. Cookies and Tracking Technologies

We use cookies, pixels, tags, web beacons, local storage and similar technologies ("Cookies") to operate the Site, remember your preferences, analyse traffic, and deliver relevant advertising.

The Cookies we use fall broadly into the following categories:

  • Essential Cookies — required for the Site to function (e.g., maintaining your shopping cart, login session, checkout)
  • Performance and Analytics Cookies — help us understand how visitors use our Site (e.g., Google Analytics)
  • Functional Cookies — remember your preferences and choices
  • Advertising and Marketing Cookies — used by us and our advertising partners (such as Meta and Google) to show you relevant ads on other platforms and to measure ad performance

You can control or disable Cookies through your browser settings. Disabling essential Cookies may affect the functionality of the Site, including your ability to complete a purchase.

7. Marketing Communications

With your consent, we may send you marketing communications about new collections, offers, sales and promotions by email, SMS, WhatsApp, push notifications or phone calls. You can opt out at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Replying STOP to marketing SMS messages
  • Sending "STOP" via WhatsApp to opt out of WhatsApp marketing
  • Emailing us at zodiyafurniture@gmail.com with your request

Even if you opt out of marketing, we may still send you transactional and service messages relating to your orders, deliveries, payments and account.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, tax, warranty, or reporting requirements. In particular:

  • Order and invoice records — retained for at least 8 years from the end of the relevant financial year, in line with GST and Companies Act, 2013 requirements
  • Account data — retained for the lifetime of your account, plus a reasonable period thereafter unless erasure is requested
  • Marketing data — retained until you withdraw your consent
  • Server logs and analytics data — retained for a limited period as required by applicable law

When the purpose for which personal data was collected is no longer being served, and retention is not required by law, we will erase such personal data in accordance with the DPDP Rules.

9. Data Security

We have implemented reasonable security safeguards proportionate to the nature, scope and purpose of processing, including:

  • SSL/TLS encryption for data transmitted to and from the Site
  • Access controls and authentication measures
  • Use of PCI-DSS compliant payment gateways
  • Hosting on Shopify's secure infrastructure
  • Regular review of our security practices

Despite these measures, no method of transmission over the internet or electronic storage is fully secure. We cannot guarantee absolute security of personal data, and any transmission of personal data to us is at your own risk.

In the event of a personal data breach affecting you, we will notify you and the Data Protection Board of India in accordance with the DPDP Rules.

10. Your Rights as a Data Principal

Subject to the DPDP Act, you have the following rights in respect of your personal data:

  • Right to access — to obtain a summary of the personal data being processed, the processing activities undertaken, and the identities of all Data Fiduciaries and Data Processors with whom your data has been shared
  • Right to correction and erasure — to request correction of inaccurate or misleading data, completion of incomplete data, updating of data, and erasure of data that is no longer necessary
  • Right to grievance redressal — to raise a grievance with our Grievance Officer (see Section 14)
  • Right to nominate — to nominate another individual to exercise your rights in the event of your death or incapacity
  • Right to withdraw consent — to withdraw any consent previously given, at any time

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within a reasonable period, and in any event no later than ninety (90) days, in accordance with the DPDP Rules. We may verify your identity before acting on your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India.

11. Children's Data

Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal data from children (defined under the DPDP Act as individuals below the age of 18) without verifiable consent of a parent or lawful guardian. We do not undertake tracking or behavioural monitoring of children, nor do we direct targeted advertising at children. If you believe that we have inadvertently collected personal data from a child without appropriate consent, please contact us so we can take steps to delete such information.

12. Third-Party Links

Our Site may contain links to third-party websites, plugins, applications and social media platforms. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

13. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, technology, legal requirements, or for other reasons. The "Effective Date" at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically. Where required by law, we will notify you of material changes and seek fresh consent.

14. Grievance Officer and Contact Information

If you have any questions, concerns, requests, or complaints about this Privacy Policy or our processing of your personal data, please contact our Grievance Officer:

Grievance Officer: [INSERT GRIEVANCE OFFICER NAME]
Company: Value Vibe Furniture Private Limited (operating as "Zodiya")
Registered Address: [INSERT REGISTERED OFFICE ADDRESS WITH PIN CODE]
Email: zodiyafurniture@gmail.com
Phone: +91 7994 32 10 10
CIN: [INSERT CORPORATE IDENTIFICATION NUMBER]
GSTIN: 32AALCV4064B1ZL
Website: zodiya.com

We will acknowledge your communication and aim to resolve grievances within ninety (90) days, in line with the DPDP Rules.

If you remain unsatisfied with our response, you may approach the Data Protection Board of India for redressal.