Privacy Policy

Klaarme ("we", "us", or "our") operates a digital platform for boutique and couture fashion stores, including services for store management, virtual try-on, inventory, staffing, and customer-facing shopping. This Privacy Policy describes how we collect, use, store, and protect personal data when you use our platform, whether as a store owner, staff member, or end customer. We are committed to protecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), India, and applicable regulations. We also aim to align with international best practices, including the General Data Protection Regulation (GDPR) for users in the European Union. By using Klaarme, you agree to the collection and use of information as described in this policy.

Klaarme is the data controller for personal data collected on this platform. Contact for privacy inquiries: Email: [email protected] Website: https://klaarme.com For store owners using Klaarme as their business management tool, you may also act as a data controller for your customers' data processed through our platform. You are responsible for ensuring you have a lawful basis for processing your customers' data.

We collect the following categories of personal data: **Account & Identity** - Mobile phone number (used as primary identifier and for OTP authentication) - Name, email address (optional) - Profile information **Store Owner & Staff Data** - Store name, address, business details - Employee ID, designation, date of joining - Attendance records, check-in/check-out times and location (if geo-fencing enabled) - Salary and payroll information - Documents uploaded by the store owner **Customer Data** - Body measurements and sizing profiles - Order history, garment preferences - Payment information (processed via Razorpay; we do not store full card details) - Try-on session images (uploaded by you or store staff for virtual fitting) - Appointment details **Usage & Technical Data** - Device type, browser type, IP address - Pages visited, features used, session duration - Cookies and similar tracking technologies (see Section 7) **Communications** - WhatsApp and SMS messages sent via the platform (through MSG91 or Meta WhatsApp Business API) - Notification preferences

We use your personal data for the following purposes: **Platform Operation** - Creating and managing your account - Processing orders, payments, and invoices - Managing inventory, staff, appointments, and store operations - Sending OTP authentication codes **Customer Experience** - Enabling virtual try-on using AI (garment and fabric visualisation) - Storing measurements for repeat orders - Order tracking and delivery notifications **Communications** - Transactional notifications: order confirmations, payment receipts, appointment reminders - WhatsApp and SMS messages (with your consent) - Marketing campaigns from stores you have engaged with (opt-in only) **Business Operations** - Payroll processing, attendance tracking, and HR management for store employees - Analytics and platform improvement - Legal and compliance obligations **Security & Fraud Prevention** - Detecting and preventing unauthorised access - Maintaining audit logs

Under the DPDPA 2023 and applicable law, we rely on the following bases for processing: - **Consent**: When you sign up, you consent to our use of your mobile number and personal data. For WhatsApp/SMS marketing, we obtain explicit opt-in consent. - **Contract**: Processing necessary to fulfil orders, manage staff, and deliver platform services you have subscribed to. - **Legal Obligation**: Tax records, financial data retention required by Indian law. - **Legitimate Interests**: Platform security, fraud prevention, analytics to improve the service.

We do not sell your personal data. We share data with third parties only as necessary to operate the platform: **Payment Processing** Razorpay (Razorpay Software Private Limited) processes payments. Razorpay is PCI-DSS compliant. Their privacy policy governs data they receive. **Messaging & Notifications** - MSG91 (Walkover Web Solutions Pvt Ltd): SMS and WhatsApp delivery - Meta Platforms (WhatsApp Business API): WhatsApp message delivery **Cloud Infrastructure** Data is stored on Railway (Railway Corp), with servers located in India. We choose India-region hosting to keep your data within Indian jurisdiction. **AI Features** Try-on images are processed by Google Gemini AI for garment/fabric visualisation. Images are transmitted securely and not retained by Google beyond processing. Do not upload images containing sensitive or identifying personal information beyond what is necessary for the try-on. **Legal Disclosure** We may disclose data to law enforcement or government authorities if required by law, court order, or to protect rights, safety, or property.

We use cookies and similar technologies: **Essential Cookies** - Authentication token (HttpOnly JWT cookie): Required for secure login. Cannot be disabled. **Analytics Cookies** - Usage analytics to understand how users interact with the platform and improve features. You can control non-essential cookies through your browser settings. Disabling analytics cookies does not affect your ability to use the platform.

We retain personal data for as long as necessary for the purposes described: - **Account data**: Retained while your account is active, and for 30 days after deletion request (to allow recovery) - **Order and payment records**: 7 years, as required by Indian tax and accounting law (GST compliance) - **Try-on images**: Retained for the duration of the session and associated order; deleted upon account deletion request - **Attendance and payroll records**: As required by Indian labour laws (typically 3–5 years) - **Communication logs**: 90 days for transactional messages; 1 year for audit compliance After retention periods, data is securely deleted or anonymised.

Under the DPDPA 2023 and applicable law, you have the following rights: - **Right to Access**: Request a copy of personal data we hold about you - **Right to Correction**: Request correction of inaccurate or incomplete data - **Right to Erasure**: Request deletion of your personal data (subject to legal retention requirements) - **Right to Data Portability**: Receive your data in a structured, machine-readable format - **Right to Withdraw Consent**: Withdraw consent for marketing or non-essential data processing at any time - **Right to Grievance Redressal**: Lodge a complaint with us or with the Data Protection Board of India To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. **Store Owners**: You are also responsible for facilitating your customers' data rights for data you process through our platform.

We implement appropriate technical and organisational measures to protect your personal data: - HTTPS encryption for all data in transit - HttpOnly JWT cookies to prevent XSS-based token theft - Passwords are not stored; authentication uses OTP via verified mobile number - Access controls: role-based permissions restrict data access to authorised personnel - Razorpay handles payment card data under PCI-DSS compliance - Regular security reviews No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions.

Klaarme is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, contact [email protected] and we will delete it promptly.

Our platform is primarily intended for users in India. Data is stored in India. If you access the platform from outside India, be aware that your data will be transferred to and processed in India, where data protection laws may differ from your jurisdiction. For EU/EEA users: We are working towards full GDPR compliance. Where GDPR applies, we rely on consent and legitimate interests as our legal bases, and we honour all rights under GDPR Articles 15–22.

We may update this Privacy Policy from time to time. We will notify users of material changes via the platform or by WhatsApp/SMS to your registered number. The updated policy will be effective from the date of publication. Continued use of Klaarme after changes constitutes acceptance of the revised policy.

For privacy-related questions, requests, or complaints: Email: [email protected] Website: https://klaarme.com/about We aim to respond to all privacy inquiries within 30 days.