Legal
Privacy Policy
Last updated: June 2025
Stack Your Scoops ("we", "our", or "us") is operated by Stack Your Scoops Internet Private Limited, a company incorporated under the Companies Act, 2013, with its registered office in Bengaluru, Karnataka, India. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website at stackyourscoops.com or place an order with us. By using our platform, you consent to the practices described herein, in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Amendment) Act, 2008.
Information We Collect
We collect personal information you provide voluntarily when you register an account, place an order, subscribe to our newsletter, or contact our support team. This includes your full name, email address, mobile number, shipping address (including pincode, city, state), and any communication preferences you specify.
When you complete a purchase, our payment processing partner Razorpay collects billing details including UPI VPAs, card details (tokenised as per RBI mandate), and net banking credentials. We never store raw card numbers on our servers. We also collect your order history, wishlist data, and product review content.
We automatically collect certain technical data when you visit our platform, including your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and device identifiers. This data helps us detect fraud, optimise our platform performance, and improve user experience. We may also collect location data at city or region granularity if you permit location access, which we use to show relevant delivery estimates and regional promotional offers.
If you choose to sign in using Google OAuth, we receive your name, email address, and profile picture from Google's OpenID Connect service. We do not request or store your Google account password. We only access the minimum scopes necessary to create and manage your Stack Your Scoops account.
How We Use Your Data
We use your personal data primarily to fulfil your orders — this includes processing payments via Razorpay, generating GST invoices, coordinating with our logistics partners (Shiprocket, Delhivery, DTDC, and others) for dispatch and delivery, and sending you order confirmation, shipping tracking, and delivery notifications via email and SMS.
With your consent, we use your email address and mobile number to send marketing communications including new mystery box launches, seasonal sale announcements, exclusive member offers, and curated newsletters. You can opt out of marketing emails at any time using the unsubscribe link in any email, or through your Account Settings page. Transactional messages (order updates, OTPs) cannot be opted out of as they are essential to delivering our service.
We analyse aggregated, anonymised order and browsing data to improve our product curation, personalise your homepage recommendations, detect and prevent fraudulent activity, and conduct internal research into customer preferences. Our mystery box randomisation algorithm uses your past order history and wishlist interactions to reduce the chance of sending duplicate items in subscription boxes.
We use your data to comply with legal obligations, including maintaining GST records as required under the Central Goods and Services Tax Act, 2017, responding to lawful government requests, and conducting Know Your Customer (KYC) verification where required by our payment partner or applicable regulations.
Payment & Financial Data
All payment transactions on Stack Your Scoops are processed exclusively through Razorpay Software Private Limited, a PCI DSS Level 1 compliant payment aggregator regulated by the Reserve Bank of India (RBI). When you initiate a payment, you are interacting directly with Razorpay's secure payment infrastructure. We receive only a payment reference ID and payment status confirmation — never your raw card number, CVV, or banking credentials.
Razorpay complies with the RBI's tokenisation guidelines, which means card-on-file storage (for saved cards) is handled through card network tokens issued by Visa, Mastercard, or RuPay — not actual card numbers. UPI payments are processed through the National Payments Corporation of India (NPCI) UPI infrastructure. Wallet payments (Paytm, PhonePe, Amazon Pay) are facilitated through respective wallet providers' APIs.
Stack Your Scoops issues GST-compliant tax invoices for every order. We are registered under GST with GSTIN 29AABCM1234R1ZP (Karnataka). Our invoices display the applicable CGST and SGST (or IGST for inter-state orders) breakdown as required under the CGST Act, 2017. These invoice records are retained for a period of 7 years as mandated by Indian tax law. Refund transactions, where applicable, are processed back to the original payment method within 5–7 business days, subject to your bank or payment provider's processing timelines.
Your Rights
Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights with respect to your personal data that we process:
- Right to Access: You may request a summary of the personal data we hold about you, along with details of how it has been processed and with whom it has been shared.
- Right to Correction: You may request correction of inaccurate or incomplete personal data. Most basic information (name, phone, address) can be updated directly in your Account Settings.
- Right to Erasure: You may request deletion of your personal data. We will comply unless retention is required by law (e.g., GST invoice records must be retained for 7 years).
- Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to Grievance Redressal: You may contact our Data Protection Officer (details below) to raise any grievance. We will acknowledge within 48 hours and respond within 30 days.
To exercise any of these rights, please email stackyourscoop@gmail.com with the subject line "Data Rights Request". We may require you to verify your identity before processing the request.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. If you request account deletion, we will delete your profile data, order history (where not legally required), and marketing preferences within 30 days of your verified request.
Financial records, GST invoices, and transaction data are retained for a minimum of 7 years as mandated by the Income Tax Act, 1961, and the CGST Act, 2017. Server logs containing IP addresses and technical data are retained for 90 days and then automatically purged. Anonymised, aggregated analytics data (which cannot be attributed back to you) may be retained indefinitely for business intelligence purposes.
Inactive accounts (no login for 3 consecutive years) will receive a notice before any data deletion action is taken, in line with the DPDP Act's purpose-limitation principle. You will have 30 days to reactivate your account before anonymisation of your personal identifiers is initiated.
Contact Us
For privacy-related queries, data rights requests, or to reach our Data Protection Officer, please write to us at stackyourscoop@gmail.com or visit our contact page. We aim to respond to all privacy enquiries within 30 working days.
Get in Touch