ASURPremium fashion

Legal

Privacy Policy

Last updated: June 2026 · Effective: June 2026

ASUR ("we", "our", "us") is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and your rights under India's Digital Personal Data Protection Act 2023 (DPDP Act) and the General Data Protection Regulation (GDPR).

1. Who We Are

ASUR is a premium Indian streetwear brand operating at asur.in. We are a data fiduciary under the DPDP Act 2023. For privacy queries, contact us at privacy@asur.in.

2. Data We Collect

Account data: Name, email address, phone number, and profile photo when you create an account or sign in via Google/Firebase Authentication.

Order data: Shipping address, order items, payment status, and coupon codes when you place an order. We do not store your full card details — payments are processed by Razorpay.

Wishlist & activity: Products you save, reviews you write, and return requests you submit.

Technical data: IP address, browser type, device type, pages visited, and session duration via server logs and (with your consent) analytics cookies.

Communications: Emails you send us and your communication preferences.

3. How We Use Your Data

  • Processing and fulfilling your orders (legal basis: contract performance)
  • Sending transactional emails — order confirmation, shipping updates, return status (legal basis: contract performance — cannot be opted out)
  • Sending marketing emails about new drops and promotions (legal basis: consent — you can opt out at any time)
  • Improving our website, products, and customer experience (legal basis: legitimate interest)
  • Detecting fraud and ensuring security (legal basis: legitimate interest)
  • Complying with legal obligations including GST filings (legal basis: legal obligation)

4. Cookies

We use the following categories of cookies:

  • Essential: Authentication, cart persistence, security tokens. Cannot be disabled.
  • Analytics (with consent): Aggregate usage data to understand how customers navigate our store. Loaded only after you accept analytics cookies.
  • Marketing (with consent): Used for retargeting and measuring campaign effectiveness.

You can manage your cookie preferences at any time via the "Manage Preferences" banner or by clearing your browser's local storage.

5. Data Sharing

We share your data only as necessary:

  • Razorpay — payment processing (they are a separate data fiduciary)
  • Resend — transactional and marketing email delivery
  • Cloudflare — CDN, image delivery, and DDoS protection
  • MongoDB Atlas — database hosting (data stored in India or EU)
  • Google Firebase — authentication
  • Logistics partners — name and address for delivery (shared only upon shipment)

We do not sell your personal data to third parties. We do not share it for advertising purposes without consent.

6. Data Retention

We retain account data for as long as your account is active. Order records are retained for 7 years for tax/accounting compliance under the GST Act. If you delete your account, your personal information is anonymised within 30 days, but order records are retained for the required legal period.

7. Your Rights

Under the DPDP Act 2023 and GDPR, you have the right to:

  • Access — download a copy of all data we hold about you (via Account → Download my data)
  • Correction — update your name, phone, or email in Account settings
  • Erasure — delete your account and anonymise your personal data (via Account → Delete account)
  • Restrict processing — opt out of marketing emails at any time
  • Data portability — receive your data in a machine-readable format (JSON export)
  • Withdraw consent — for analytics/marketing cookies or marketing emails

To exercise these rights, visit your Account → Notifications page, or email privacy@asur.in. We will respond within 30 days.

8. Security

We implement industry-standard security: TLS 1.3 encryption in transit, bcrypt for tokens, MongoDB Atlas encryption at rest, rate limiting on all APIs, and Sentry for error monitoring. Payments are tokenised by Razorpay — we never see your card number.

9. Children's Privacy

Our services are not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@asur.in and we will delete it promptly.

10. Changes to This Policy

We may update this policy as our practices or laws change. We will notify you of material changes by email (if you have opted in) and by updating the "Last updated" date above. Continued use of our services after changes constitutes acceptance.

11. Contact

Email: privacy@asur.in
Grievance Officer (India): As required by the DPDP Act 2023, complaints can be directed to privacy@asur.in. We will respond within 30 days.