Privacy Policy

1. Introduction

Vaidham ("Vaidham", "we", "us", or "our") operates the website https://www.vaidham.com/ and associated mobile/web applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. By using our services, you agree to the practices described herein.

2. Information We Collect

2.1 Information You Provide

• Name, email address, and mobile phone number during account creation
• Delivery addresses and billing information for orders
• Payment information (processed securely via Razorpay; we do not store card details)
• Health assessment responses submitted voluntarily via our AI wellness tools
• Communications you send us (support requests, reviews, feedback)

2.2 Information Collected Automatically

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, products viewed, search queries, time spent)
• Location data if you use the Store Locator feature and grant permission
• Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

• To process and fulfil your orders, including delivery and invoicing
• To verify your identity via OTP-based authentication
• To provide personalised product recommendations and wellness guidance
• To send order updates, shipping notifications, and transactional messages via SMS, WhatsApp, and email
• To respond to customer support queries
• To comply with legal and regulatory obligations (FSSAI, GST, Consumer Protection Act)
• To detect and prevent fraudulent transactions
• To improve our platform through analytics and A/B testing

4. Sharing Your Information

We do not sell your personal data. We share information only with:

• Payment processors (Razorpay) for secure payment handling
• Logistics partners (NimbusPost and affiliated couriers) for order delivery
• Communication service providers (Twilio for SMS/OTP, WhatsApp Business API) for transactional messages
• Cloud infrastructure providers (Neon, Vercel) that store or process data on our behalf
• Law enforcement or regulatory bodies when required by applicable Indian law

All third-party processors are bound by data processing agreements consistent with applicable privacy laws.

5. Data Retention

We retain your account data for as long as your account remains active. Order records are retained for 7 years as required by Indian tax and financial regulations. Health assessment data is retained for 2 years unless you request deletion. You may request deletion of your account and associated data by emailing us (see Section 10).

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest on our database, bcrypt hashing for passwords, and two-factor authentication (2FA) for administrative accounts. However, no transmission over the internet is completely secure; we cannot guarantee absolute security.

7. Cookies

We use the following types of cookies:

• Essential cookies: Required for authentication and cart functionality
• Analytics cookies: To understand how users interact with our platform
• Marketing cookies: To measure campaign effectiveness (with your consent)

You may disable non-essential cookies through your browser settings, though this may affect some features.

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact us immediately for deletion.

9. Your Rights

Under applicable Indian data protection laws, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal retention obligations)
• Withdraw consent for marketing communications at any time
• Port your data in a machine-readable format

10. Contact Us

For privacy-related queries or to exercise your rights, contact our Data Protection Officer:

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified via email or a prominent notice on our website. Continued use of our services after updates constitutes acceptance of the revised policy.