Privacy Policy

Overview

Rukhmani Graphics ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the choices you can make about your information.

This policy applies to all services and websites operated by Rukhmani Graphics, including the printing services catalogue, ordering, payments, customer account management, and related support channels.

Scope & Applicability

This Policy applies to all users of our services: visitors to our website, account holders, customers placing orders, and administrators who use our internal tools. It covers all personal data collected through our websites, mobile apps, customer support channels, payment processors, and any offline interactions related to order fulfilment.

Personal Data We Collect

We collect different categories of personal data depending on your interaction with our services:

• Account & identity data: Name, email address, profile picture (when you sign in via Google Authentication), display name.
• Contact details: Phone number(s) and postal delivery address used for order fulfilment and notifications.
• Authentication data: Login tokens, session identifiers, authentication provider ID (e.g., Google user id).
• Transaction data: Order history, items ordered, configurations selected (stored as JSON), payment type, timestamps, invoice data, RukCoins balances and usage.
• Usage & analytics: Page visits, feature usage, device and browser data, IP address, geolocation derived from IP, timestamps, and performance metrics.
• Support records: Messages, emails, call notes, and attachments you provide while requesting support.
• Logs & security data: Access logs, error logs, audit trails, and automated fraud detection signals.
• Optional user-provided data: Extra notes for orders, business names, tax/GST information if you provide them.

We treat sensitive categories of data (health, biometric, political, religious) with absolute caution — we do not intentionally collect such data. If you provide sensitive data in a free-text field, we will handle it as described under "Sanitization & Minimalization".

How We Use Personal Data

We use personal data for these primary purposes:

• Service delivery: To process and fulfil orders, arrange pickup or delivery, manage printing jobs, bind or prepare goods, and provide estimated delivery times.
• Payments & billing: To perform payment processing, apply or deduct RukCoins in your wallet, issue refunds, and maintain transactional records.
• Account & authentication: To create and manage your account, authenticate you (via Google), and provide secure access.
• Communications: To send transactional emails, order confirmations, SMS or voice verification calls, support replies, and important policy updates.
• Security & fraud prevention: To detect and prevent fraud, misuse, security threats, and to investigate incidents.
• Analytics & product improvement: To analyze usage to improve features, UI/UX, pricing, and reliability of our platform.
• Legal & compliance: To respond to lawful requests from government or law enforcement authorities and to comply with applicable laws (e.g., taxation, accounting, anti-money-laundering obligations).
• Marketing (optional): Only when you opt in, we may send promotional offers, newsletters, or product updates — you can opt out at any time.

We only process personal data for the purposes described and where there is a legitimate and documented reason to do so.

Legal Basis for Processing

Where applicable laws require us to identify the legal basis for processing personal data, we rely on one or more of the following:

• Performance of a contract: Processing necessary to perform a contract with you (for example, fulfill an order, deliver goods, process a payment).
• Legal obligation: Compliance with legal obligations such as tax, accounting, or responding to lawful requests from authorities.
• Legitimate interests: For fraud prevention, system security, and improving our service (balanced against your rights and freedoms).
• Consent: For marketing communications or other optional processing where we explicitly request consent; you may withdraw consent at any time.

Payments & RukCoins

Accepted payment methods

We process card, UPI and other INR payments using Razorpay (or other supported payment gateways). When you choose a gateway, payment data is processed by that gateway according to their policies.

RukCoins

RukCoins are an internal, non-transferable store credit maintained in your customer wallet within our system. Rate: 1 RukCoin = ₹2. RukCoins may be issued via promotions or by manual crediting. You can apply RukCoins toward eligible orders as described in the ordering UX.

RukCoins processing & deductions

• When you place an order and choose to pay with RukCoins, we will recompute the server-side canonical total and atomically deduct your balance using a transactional database operation (SELECT ... FOR UPDATE, followed by UPDATE). If deduction fails, the order will not be completed.
• RukCoins are non-refundable except where required by applicable law or specific admin decisions; any refunds or reversals will be handled as account credit at our discretion.

Payment data

We do not store raw card details on our servers. Payment instrument details are handled by payment processors (e.g., Razorpay). We store transaction references, payment status, timestamps, and masked invoice data needed for refunds and accounting.

Third Parties & Service Providers

We use external providers to deliver core functionality. These providers process personal data on our behalf as data processors. Typical categories include:

• Authentication provider: Google (for social sign-in and profile information).
• Payment processors: Razorpay (or other payment gateway partners) for payment acceptance and settlement.
• Hosting & infrastructure: Cloud and database hosts that store and serve our application.
• Analytics & error tracking: Tools to measure usage and monitor service health.
• Delivery & logistics partners: Where required for order fulfilment, your name and address may be shared with the delivery partner (only the minimum data necessary).

All third-party providers are vetted; we review contracts to ensure they implement appropriate security and confidentiality measures. We will not sell your personal data to advertisers or unaffiliated third parties.

Cookie Policy

We use cookies and similar technologies (local storage, pixels) to provide, secure, and improve our services. Cookies enable sign-in persistence, session management, analytics, and basic personalization.

Types of cookies we use

• Essential/Strictly necessary: Required for authentication, session management, and to keep you logged in. Without these, the site will not function correctly.
• Performance & analytics: Collect anonymous usage data to improve site performance and product features.
• Functional: Remember preferences such as language or UI choices.
• Advertising & tracking: Only used if you opt in; these are not set without consent.

Manage cookies

Most browsers allow you to control cookies via settings. Blocking essential cookies may affect functionality. For analytics opt-out, see cookie consent controls available on our site.

Security Measures

We apply technical and organisational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction.

• Encryption: TLS encryption for data in transit; sensitive data (where applicable) is encrypted at rest.
• Access controls: Role-based access to production systems; minimal privileges for staff and admin consoles.
• Operational security: Hardened servers, regular patching, secure development lifecycle, and code reviews.
• Monitoring & detection: Intrusion detection, application logging, and alerting for suspicious activity.
• Backups: Encrypted backups and disaster recovery procedures to prevent data loss and support business continuity.

While we take strong measures, no system is perfectly secure. If you become aware of any security vulnerability in our services, please contact us immediately.

Data Retention

We retain personal data only as long as necessary for the purposes described and to meet business, legal, or auditing obligations.

• Account & profile: Retained until you delete the account, subject to legal or regulatory obligations.
• Orders & transactions: Retained for accounting, tax, and audit obligations (typically 7 years or per local law).
• Logs & security events: Retained for a limited period to support incident response and fraud prevention (policy-determined retention window).
• Marketing opt-ins: Retained until you withdraw consent.

If you request deletion, we will remove or anonymize personal data unless we are required to retain it (for example, for tax or legal compliance).

Your Rights

Depending on your jurisdiction, you may have rights over your personal data. We describe common rights below and how to exercise them.

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can request correction of inaccurate or incomplete personal data.
• Deletion: You can ask us to delete your personal data — subject to legal retention obligations.
• Portability: Request a structured, machine-readable export of data you provided.
• Restriction: Request restriction of processing in certain cases.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where processing is based on consent, you can withdraw consent at any time.

To exercise any of these rights, contact us using the details in the Contact section. We will verify your identity before fulfilling sensitive requests.

Children's Data

Our services are not intended for children under the age of 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children without parental consent. If you believe we have collected data from a child in violation of this policy, contact us and we will promptly delete the data where required.

International Transfers

Data we collect may be processed and stored in India or in other countries where our service providers operate. When personal data is transferred across borders, we will implement appropriate safeguards such as standard contractual clauses or other lawful mechanisms.

Logs, Audits & Monitoring

We collect and retain logs for security, compliance, and operational reasons. Logs typically include IP addresses, timestamps, request metadata, and system events. Audit trails are retained to support business processes, troubleshooting, and forensic actions in the event of an incident.

Access to logs is restricted and monitored. We retain audit records per our internal retention schedule to meet legal and business requirements.

Data Breach & Incident Notification

In the event of a security breach that materially affects personal data, we will investigate promptly, contain the incident, and notify affected users and regulators as required by applicable law.

1. Immediate containment and triage.
2. Internal investigation and assessment of harm.
3. Notification to affected users and authorities where required by law.
4. Review and remediation to prevent recurrence.

Contact & Data Controller

For privacy enquiries, data access requests, or to exercise your rights, contact our Data Protection team:

When contacting us, please provide enough information to identify yourself so we can respond to your request securely. We may require proof of identity for sensitive requests.

Changes to This Policy

We will update this Privacy Policy from time to time. When we make material changes, we will post the updated effective date and, when appropriate, notify registered users via email or in-product notifications.