Privacy policy

PRIVACY POLICY AND DATA PROTECTION AGREEMENT

Jurisdiction: Republic of India Effective Date: February 2026

SECTION 1: PREAMBLE AND DEFINITIONS

1.1. This Privacy Policy (“Policy”) constitutes a legally binding agreement between My-Homeland (hereinafter referred to as the “Data Fiduciary”) and the individual user (hereinafter referred to as the “Data Principal”).

1.2. “Personal Data” shall mean any data about an individual who is identifiable by or in relation to such data.

1.3. “Processing” in relation to personal data, means a wholly or partly automated operation or set of operations performed on personal data.

1.4. This platform operates exclusively within the territory of India and is intended for use by residents of India only.

SECTION 2: DATA COLLECTION AND CONSENT

2.1. The Data Fiduciary collects Personal Data including, but not limited to, name, residential address, billing details, contact numbers, and electronic mail addresses for the sole purpose of executing the contract of sale.

2.2. By accessing the platform or providing Personal Data, the Data Principal provides affirmative and unconditional consent for the processing of such data as per the terms of this Policy.

2.3. Right to Amendment: The Company reserves the unilateral right to modify, alter, or update this Policy at any time without prior notice to the User.

2.4. Responsibility to Review: It is the sole responsibility of the User to review this Policy periodically. Continued use of the Services following any such changes shall constitute the User’s formal acceptance of the revised Policy.

SECTION 3: THIRD-PARTY DATA PROCESSING AND SECURITY AUDITS

3.1. Platform Hosting: The platform is hosted on Shopify Inc. servers. These servers maintain rigorous global security certifications, including SOC 2 Type II and SOC 3 audits, which verify the integrity of data processing and storage. Shopify is further certified as a PCI-DSS Level 1 compliant service provider.

3.2. Marketing and Analytics: The Data Fiduciary utilizes Google Analytics and Meta (Pixel & CAPI) for data analysis and targeted advertising.

3.2.1. Google Analytics adheres to ISO/IEC 27001 standards, ensuring robust information security management systems.

3.2.2. Meta utilizes advanced encryption and Data Processing Agreements that comply with industry-standard privacy frameworks to ensure the pseudonymization of user data.

SECTION 4: FINANCIAL DATA AND PAYMENT INDEMNITY

4.1. The Data Fiduciary does not store sensitive financial credentials on its local servers.

4.2. All financial transactions are processed through authorized, third-party gateways including Razorpay (for prepaid transactions) and GoKwik (for checkout and Cash-on-Delivery verification).

4.3. These gateways utilize 128-bit AES encryption and maintain PCI-DSS Level 1 certification to ensure the highest degree of transactional security.

4.4. The platform employs SSL/TLS (HTTPS) encryption protocols to secure all data in transit.

SECTION 5: USER RESPONSIBILITIES AND LIMITATION OF LIABILITY

5.1. Endpoint Security: The Data Principal is solely responsible for ensuring the security of the device used to access the Services. This includes the installation and regular maintenance of licensed anti-virus software and performing periodic security scans to detect malware or spyware.

5.2. Confidentiality of Credentials: The Data Principal shall not disclose One-Time Passwords (OTPs), account passwords, or sensitive financial information to anyone.

5.3. Network Security and Safe Browsing: The Data Principal must ensure that all interactions with the platform are conducted over secure, private, and encrypted network connections.

5.3.1. The use of public, unsecured, or "open" Wi-Fi networks (including those found in cafes, airports, or public transit) is strictly prohibited for conducting transactions on this platform due to the high risk of "man-in-the-middle" attacks.

5.3.2. The Data Principal is responsible for practicing safe browsing, which includes avoiding suspicious third-party links, phishing emails, and unverified browser extensions that may intercept data.

5.4. Exclusion of Liability: The Data Fiduciary shall not be held liable for any financial or non-financial loss, data breach, or unauthorized account or device access resulting from the Data Principal’s failure to maintain endpoint security, the use of compromised/public networks, or the disclosure of credentials.

5.5. Indemnity: The Data Principal agrees to indemnify and hold the Data Fiduciary harmless against any claims, losses, or legal actions arising from a breach of security originating from the Data Principal’s hardware, software, or network environment.


SECTION 6: GRIEVANCE REDRESSAL MECHANISM

6.1. In accordance with the Consumer Protection (E-Commerce) Rules, 2020, any discrepancies or grievances shall be addressed to the designated Grievance Officer.

6.2. Contact Details: Officer: Customer Support Lead. Email: support@my-homeland.com 

SECTION 7: GOVERNING LAW AND JURISDICTION

7.1. This Policy shall be governed by and construed in accordance with the laws of the Republic of India.

7.2. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in Delhi, India.