Summary: NIAR Commerce Pvt. Ltd. collects only the data necessary to operate the platform, never sells your personal information, and gives you full control over your data. Read on for full details.
1. Who We Are
NIAR Commerce Pvt. Ltd. ("NIAR", "we", "us", "our") is a luxury e-commerce platform incorporated in India. Our registered office is at 12th Floor, The Pinnacle, BKC, Mumbai, Maharashtra 400051. We operate the website niar.in and its associated mobile application.
For all data-related enquiries, contact our Data Protection Officer at: privacy@niar.in
2. Data We Collect
We collect the following categories of personal data:
- Account data: Name, email address, mobile number, date of birth (optional)
- Order data: Delivery address, order history, payment method type (not card numbers — handled by Razorpay)
- Device & usage data: IP address, browser type, pages visited, click events (for analytics)
- Communications: Messages sent to customer support, review content, Q&A responses
- Loyalty & preference data: Wishlist, loyalty points, purchase preferences
We do not store full card numbers, CVV codes, or UPI PINs — all payment processing is handled by Razorpay, a PCI-DSS compliant gateway.
3. How We Use Your Data
- Processing and fulfilling your orders
- Managing your account and loyalty rewards
- Sending order confirmations, shipping updates, and support replies
- Personalising product recommendations and marketing communications (with your consent)
- Fraud prevention and platform security
- Complying with GST and other legal obligations
- Improving our platform through analytics
4. Legal Basis for Processing
We process your data under the following legal bases (as applicable under Indian law and the Digital Personal Data Protection Act 2023):
- Contract: Processing necessary to fulfil your orders
- Legitimate interest: Fraud prevention, platform security, analytics
- Consent: Marketing emails, personalisation, optional cookies
- Legal obligation: GST compliance, audit requirements
5. Data Sharing
We share your data only with parties necessary to deliver our services:
- Sellers: Order details (name, address) shared with the seller fulfilling your order
- Logistics partners: Shiprocket, Blue Dart, Delhivery — for delivery
- Payment processors: Razorpay — for payment authorisation
- Communication services: Resend (email), WhatsApp Business API — for order notifications
- Analytics: Anonymised, aggregated data only
We never sell your personal data to third parties.
6. Cookies
We use the following categories of cookies:
- Essential: Session management, cart persistence, CSRF protection (always active)
- Analytics: Page views, funnel tracking (opt-in via cookie banner)
- Preference: Language, currency, recently viewed items
You can manage your cookie preferences via the banner shown on first visit or through your Account Settings.
7. Your Rights
Under the Digital Personal Data Protection Act 2023 and applicable laws, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Update inaccurate or incomplete data
- Erasure: Request deletion of your account and personal data
- Portability: Receive your data in a machine-readable format
- Withdrawal of consent: Opt out of marketing communications at any time
- Grievance: Lodge a complaint with our Grievance Officer (see Grievance Officer)
To exercise any right, email privacy@niar.in with your registered email address. We respond within 30 days.
8. Data Retention
- Account data: Retained for the duration of your account + 2 years after closure
- Order data: 7 years (GST compliance requirement)
- Analytics data: 24 months (anonymised after 12 months)
- Support tickets: 3 years
9. Security
We implement industry-standard security measures including 256-bit TLS encryption, JWT-based authentication, CSRF protection, rate limiting, and regular security audits. Our infrastructure is hosted on Cloudflare's edge network with enterprise-grade DDoS protection.
10. Changes to This Policy
We may update this policy periodically. Material changes will be notified via email and a prominent notice on the platform at least 30 days before taking effect. The "Last updated" date at the top of this page will always reflect the most recent version.