Legal

Privacy Policy

Last updated: June 2025

Grace Home Candles ("we", "our", "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website gracehomecandles.in or make a purchase from us.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.

1. Information We Collect

We collect information you voluntarily provide when you:

  • Initiate an inquiry or order (name, email, phone number, shipping address)
  • Contact us via our contact form or email
  • Subscribe to our newsletter (email address)
  • Leave a review or enquiry
  • Communicate with us via WhatsApp

We also automatically collect certain technical data when you visit our website, including:

  • IP address (anonymised where possible)
  • Browser type and version
  • Pages visited and time spent
  • Referring URLs
  • Device type (mobile, desktop)

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfil your orders
  • Send order confirmations and shipping notifications
  • Respond to customer service enquiries
  • Send marketing communications (only if you have opted in)
  • Improve our website and product offerings
  • Comply with legal obligations
  • Prevent fraudulent transactions and protect against criminal activity

3. Payment Information

All payment processing is handled by Razorpay, a PCI-DSS compliant payment gateway. We do not store, process, or have access to your card numbers, CVV, UPI credentials, or other sensitive payment information. Please refer to Razorpay's Privacy Policy for details on how they handle your payment data.

4. Data Storage & Security

Your order data and contact information are stored securely on Supabase, a cloud database platform with enterprise-grade encryption. We implement the following security measures:

  • 256-bit SSL/TLS encryption for all data in transit
  • Encrypted storage at rest
  • Strict Row-Level Security (RLS) on all database tables
  • No storage of sensitive payment credentials on our servers
  • Rate limiting on all form submissions to prevent abuse
  • Input sanitisation to prevent cross-site scripting (XSS)
  • Regular security audits and dependency updates

Despite our security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Cookies

We use minimal cookies to ensure our website functions correctly. These include:

  • Session storage: Used to maintain your shopping cart during your visit. This data is not transmitted to our servers and is cleared when you close your browser tab.
  • Analytics cookies: We may use anonymised analytics (e.g. Google Analytics) to understand how visitors use our site. No personally identifiable information is collected for analytics purposes.

You can control cookie settings through your browser preferences. Disabling cookies may affect some website functionality.

6. Third-Party Services

We use the following third-party services that may process your data:

  • Razorpay — Payment processing
  • WhatsApp — Communication and order finalization
  • Supabase — Database and backend services
  • Google Fonts — Typography (no personal data collected)
  • Unsplash — Product imagery (no personal data collected)
  • Shiprocket / Delhivery — Delivery and logistics (name, address, phone shared for delivery purposes only)

We do not sell, trade, or rent your personal information to any third party for marketing purposes.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, including for tax and accounting obligations (typically 7 years for financial records as required by Indian law). Newsletter subscribers may unsubscribe at any time.

8. Your Rights

Under applicable Indian data protection laws and general data protection principles, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Withdraw consent for marketing communications at any time
  • Lodge a complaint with the relevant data protection authority

To exercise any of these rights, please contact us at privacy@gracehomecandles.in.

9. Children's Privacy

Our website and products are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: