&Skip to content
Use code WELCOME10 — 10% off your first order
Launch Special — 20% off orders above ₹1999 with code LAUNCH20
Free shipping on all orders above ₹499
₹500 off on orders above ₹3000 — Use FLAT500
Legal

Privacy Policy

Last updated: 12 April 2026

At Proteinverse, we respect your privacy and are committed to protecting the personal data you share with us. This policy explains what information we collect, why we collect it, how we use it, and your rights under the Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Who We Are

Proteinverse is a health, beauty, and wellness supplement retailer operating two physical stores in Gujarat, India (Ahmedabad and Gandhinagar), with an online store launching 30 April 2026 at proteinverse.co.in.

Data Fiduciary (as defined under the DPDP Act, 2023):

Proteinverse

Owner: Lucky Valecha

Email: contact@proteinverse.co.in

WhatsApp: +91 74340 12123

2. Information We Collect

We collect personal data only when it is necessary to provide our services, fulfil orders, or improve your experience.

2.1 Information You Provide Directly

  • Contact form submissions: Name, email address, phone number (optional), subject, and message content when you reach out through our website or WhatsApp.
  • Email subscriptions: Email address when you sign up for product updates, offers, or our newsletter.
  • WooCommerce orders (launching Phase 2): Full name, billing and shipping address, email, phone number, and order details when you make a purchase through our online store.
  • Account registration (launching Phase 2): Name, email, and password when you create a customer account.

2.2 Information Collected Automatically

  • Device and browser information: IP address, browser type, device type, screen resolution, and operating system.
  • Usage data: Pages viewed, time spent on pages, referring URL, and click interactions, collected through Google Analytics 4 (GA4).
  • Cookies and similar technologies: Essential cookies for site functionality, analytics cookies for understanding visitor behaviour, and preference cookies for remembering your settings (such as dark/light mode). See our Cookie Policy for full details.

2.3 Information from Third Parties

  • Payment processors (launching Phase 2): When you make a payment through Razorpay, we receive transaction confirmation, payment status, and a masked payment reference. We do not store your full card number, CVV, or bank login credentials.
  • Social media: If you interact with our Instagram feed embedded on the website, Instagram may collect data according to their own privacy policy.

3. Purpose of Data Collection

Under the DPDP Act, 2023, we process your personal data only for lawful purposes. Specifically, we use your data to:

  1. Respond to enquiries — to answer your questions about products, availability, and supplement guidance.
  2. Process orders — to fulfil purchases, arrange shipping, and send order confirmations (Phase 2).
  3. Send communications — to share product updates, offers, and health tips if you have opted in to receive them. You can unsubscribe at any time.
  4. Improve our website — to understand how visitors use our site, identify technical issues, and make the experience better.
  5. Prevent fraud — to detect suspicious activity and protect both you and our business.
  6. Comply with legal obligations — to meet requirements under Indian law, including tax and accounting regulations.

4. Lawful Basis for Processing

Under the DPDP Act, 2023, we rely on the following lawful bases:

  • Consent: For marketing communications, newsletter subscriptions, and non-essential cookies. You can withdraw consent at any time.
  • Legitimate use: For processing orders, responding to enquiries, fraud prevention, and website analytics.
  • Legal obligation: For tax records, GST compliance, and other regulatory requirements under Indian law.

5. Data Sharing

We do not sell, rent, or trade your personal data. We share it only with the following categories of service providers, and only to the extent necessary:

  • Hosting provider (Hostinger): Our website is hosted on Hostinger servers. They process data as needed to serve our website.
  • Analytics (Google Analytics 4): We use GA4 to understand website traffic. Google processes anonymised usage data. Google's Privacy Policy.
  • Payment processing (Razorpay — Phase 2): Razorpay handles payment transactions securely and is PCI DSS compliant. Razorpay's Privacy Policy.
  • Shipping partners (Phase 2): Courier companies receive your name, address, and phone number to deliver your order.
  • WhatsApp (Meta): Messages you send us through WhatsApp are subject to WhatsApp's Privacy Policy.

All third-party service providers are contractually required to protect your data and use it only for the specified purpose.

6. Data Storage and Security

Your data is stored on secure servers provided by our hosting partner. We implement appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption for all data transmitted between your browser and our website.
  • Restricted access to personal data — only authorised personnel can access customer information.
  • Regular security updates and monitoring of our website infrastructure.
  • Secure password hashing for customer accounts (Phase 2).

While we take all reasonable steps to protect your data, no system is 100% secure. If we become aware of a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required under the DPDP Act, 2023.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected:

  • Contact form messages: Retained for up to 12 months after the enquiry is resolved, then deleted.
  • Email subscriptions: Retained until you unsubscribe.
  • Order data (Phase 2): Retained for a minimum of 8 years as required under the Income Tax Act and GST regulations.
  • Account data (Phase 2): Retained until you request account deletion.
  • Analytics data: GA4 retains data for 14 months by default. We do not extend this period.
  • Cookies: See our Cookie Policy for cookie-specific retention periods.

8. Your Rights Under the DPDP Act, 2023

As a Data Principal (the person whose data is being processed), you have the following rights:

  • Right to access: You can request a summary of the personal data we hold about you and how it is being processed.
  • Right to correction: You can ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: You can request that we delete your personal data, subject to legal retention requirements (e.g., tax records).
  • Right to withdraw consent: If processing is based on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.
  • Right to nominate: You can nominate another person to exercise your rights on your behalf in the event of your death or incapacity, as provided under the DPDP Act.
  • Right to grievance redressal: If you are not satisfied with how we handle your data, you have the right to file a complaint with the Data Protection Board of India.

To exercise any of these rights, contact us at contact@proteinverse.co.in or message us on WhatsApp. We will respond within 30 days.

9. Children's Privacy

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. Under the DPDP Act, 2023, processing of a child's personal data requires verifiable consent from a parent or legal guardian.

If we discover that we have inadvertently collected data from a child without appropriate parental consent, we will delete it promptly. If you believe a child has provided us with personal data, please contact us immediately at contact@proteinverse.co.in.

10. Cookies

We use cookies and similar technologies to make our website work, remember your preferences, and understand how visitors interact with our pages. For a detailed breakdown of the cookies we use and how to manage them, please see our Cookie Policy.

11. Third-Party Links

Our website may contain links to external websites (such as Google Maps, Instagram, WhatsApp, and payment providers). We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing any personal data.

12. Grievance Officer

In accordance with the DPDP Act, 2023, the following person is designated as the Grievance Officer for any data protection concerns:

Name: Lucky Valecha

Email: contact@proteinverse.co.in

WhatsApp: +91 74340 12123

Response time: Within 30 days of receiving your request.

If you are unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make significant changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or a notice on our website.

We encourage you to review this page periodically to stay informed about how we protect your data.

Questions About Your Data?

If you have any questions about this Privacy Policy or want to exercise your data rights, reach out to us directly.

Chat on WhatsApp Email Us