Stack Your Scoops

Legal

Privacy Policy

Last updated: June 2025

Stack Your Scoops ("we", "our", or "us") is operated by Stack Your Scoops Internet Private Limited, a company incorporated under the Companies Act, 2013, with its registered office in Bengaluru, Karnataka, India. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website at stackyourscoops.com or place an order with us. By using our platform, you consent to the practices described herein, in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Amendment) Act, 2008.

Information We Collect

We collect personal information you provide voluntarily when you register an account, place an order, subscribe to our newsletter, or contact our support team. This includes your full name, email address, mobile number, shipping address (including pincode, city, state), and any communication preferences you specify.

When you complete a purchase, our payment processing partner Razorpay collects billing details including UPI VPAs, card details (tokenised as per RBI mandate), and net banking credentials. We never store raw card numbers on our servers. We also collect your order history, wishlist data, and product review content.

We automatically collect certain technical data when you visit our platform, including your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and device identifiers. This data helps us detect fraud, optimise our platform performance, and improve user experience. We may also collect location data at city or region granularity if you permit location access, which we use to show relevant delivery estimates and regional promotional offers.

If you choose to sign in using Google OAuth, we receive your name, email address, and profile picture from Google's OpenID Connect service. We do not request or store your Google account password. We only access the minimum scopes necessary to create and manage your Stack Your Scoops account.

How We Use Your Data

We use your personal data primarily to fulfil your orders — this includes processing payments via Razorpay, generating GST invoices, coordinating with our logistics partners (Shiprocket, Delhivery, DTDC, and others) for dispatch and delivery, and sending you order confirmation, shipping tracking, and delivery notifications via email and SMS.

With your consent, we use your email address and mobile number to send marketing communications including new mystery box launches, seasonal sale announcements, exclusive member offers, and curated newsletters. You can opt out of marketing emails at any time using the unsubscribe link in any email, or through your Account Settings page. Transactional messages (order updates, OTPs) cannot be opted out of as they are essential to delivering our service.

We analyse aggregated, anonymised order and browsing data to improve our product curation, personalise your homepage recommendations, detect and prevent fraudulent activity, and conduct internal research into customer preferences. Our mystery box randomisation algorithm uses your past order history and wishlist interactions to reduce the chance of sending duplicate items in subscription boxes.

We use your data to comply with legal obligations, including maintaining GST records as required under the Central Goods and Services Tax Act, 2017, responding to lawful government requests, and conducting Know Your Customer (KYC) verification where required by our payment partner or applicable regulations.

Payment & Financial Data

All payment transactions on Stack Your Scoops are processed exclusively through Razorpay Software Private Limited, a PCI DSS Level 1 compliant payment aggregator regulated by the Reserve Bank of India (RBI). When you initiate a payment, you are interacting directly with Razorpay's secure payment infrastructure. We receive only a payment reference ID and payment status confirmation — never your raw card number, CVV, or banking credentials.

Razorpay complies with the RBI's tokenisation guidelines, which means card-on-file storage (for saved cards) is handled through card network tokens issued by Visa, Mastercard, or RuPay — not actual card numbers. UPI payments are processed through the National Payments Corporation of India (NPCI) UPI infrastructure. Wallet payments (Paytm, PhonePe, Amazon Pay) are facilitated through respective wallet providers' APIs.

Stack Your Scoops issues GST-compliant tax invoices for every order. We are registered under GST with GSTIN 29AABCM1234R1ZP (Karnataka). Our invoices display the applicable CGST and SGST (or IGST for inter-state orders) breakdown as required under the CGST Act, 2017. These invoice records are retained for a period of 7 years as mandated by Indian tax law. Refund transactions, where applicable, are processed back to the original payment method within 5–7 business days, subject to your bank or payment provider's processing timelines.

Cookies & Tracking

We use cookies, local storage, and similar technologies to operate our platform effectively. Essential cookies are strictly necessary for functions like maintaining your session state, keeping items in your cart, and authenticating your login — these cannot be disabled without impairing platform functionality.

With your consent, we also deploy analytics cookies from Google Analytics 4 (GA4) to understand aggregate traffic patterns, page performance, and user flow. This data is anonymised and does not identify you personally. We use Meta Pixel for measuring the effectiveness of our Facebook and Instagram advertising campaigns. You can opt out of marketing and analytics cookies by selecting "Manage Cookie Preferences" in the cookie banner that appears on your first visit.

We do not use third-party ad-targeting cookies for real-time bidding or programmatic advertising on external ad exchanges. Any retargeting we conduct is done through first-party data uploaded to Meta Custom Audiences or Google Customer Match, using hashed email addresses. You may opt out of interest-based advertising at any time through your Google Account settings at myaccount.google.com or via the Digital Advertising Alliance opt-out portal.

Sharing Your Data

We do not sell your personal data to third parties. We share your information only with trusted service providers who assist us in operating our business, and only to the extent necessary. Our key data-sharing relationships include:

  • Logistics Partners: Your name, phone number, and shipping address are shared with our courier partners (Shiprocket, Delhivery, DTDC, Blue Dart) solely for delivery purposes.
  • Razorpay: Payment-related data is shared with Razorpay as detailed in the Payment section above.
  • Cloud Infrastructure: We host our platform on Vercel and use Neon (PostgreSQL) for our database. Both providers maintain SOC 2 Type II compliance.
  • Customer Support Tools: We use Crisp for live chat. Crisp may process your name and email when you initiate a chat session.

We may also disclose your data when required by law, such as in response to a court order, a request by law enforcement under the Code of Criminal Procedure, 1973, or under obligations arising from the Information Technology Act, 2000. We will, where legally permitted, notify you before disclosing your personal data to government authorities.

Your Rights

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights with respect to your personal data that we process:

  • Right to Access: You may request a summary of the personal data we hold about you, along with details of how it has been processed and with whom it has been shared.
  • Right to Correction: You may request correction of inaccurate or incomplete personal data. Most basic information (name, phone, address) can be updated directly in your Account Settings.
  • Right to Erasure: You may request deletion of your personal data. We will comply unless retention is required by law (e.g., GST invoice records must be retained for 7 years).
  • Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Grievance Redressal: You may contact our Data Protection Officer (details below) to raise any grievance. We will acknowledge within 48 hours and respond within 30 days.

To exercise any of these rights, please email stackyourscoop@gmail.com with the subject line "Data Rights Request". We may require you to verify your identity before processing the request.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. If you request account deletion, we will delete your profile data, order history (where not legally required), and marketing preferences within 30 days of your verified request.

Financial records, GST invoices, and transaction data are retained for a minimum of 7 years as mandated by the Income Tax Act, 1961, and the CGST Act, 2017. Server logs containing IP addresses and technical data are retained for 90 days and then automatically purged. Anonymised, aggregated analytics data (which cannot be attributed back to you) may be retained indefinitely for business intelligence purposes.

Inactive accounts (no login for 3 consecutive years) will receive a notice before any data deletion action is taken, in line with the DPDP Act's purpose-limitation principle. You will have 30 days to reactivate your account before anonymisation of your personal identifiers is initiated.

Contact Us

For privacy-related queries, data rights requests, or to reach our Data Protection Officer, please write to us at stackyourscoop@gmail.com or visit our contact page. We aim to respond to all privacy enquiries within 30 working days.

Get in Touch