Privacy Policy

1. Information We Collect

We collect only the minimal data necessary to provide our services effectively and efficiently. As an Indian e-commerce platform specializing in children's footwear, our collection practices are tailored to domestic users, ensuring no international data flows. This includes a variety of data types, each gathered with clear purpose and consent where required. Let us break this down comprehensively to give you full visibility into what we handle and why.

First, personal information forms the core of our interactions. When you create an account, place an order, or subscribe to newsletters, we may ask for details such as your full name, email address, mobile phone number, and shipping or billing address. These are essential for fulfilling orders within India, processing deliveries through local partners, and communicating updates like order status or promotional offers relevant to the Indian market. For instance, your address helps us calculate accurate shipping costs for locations in Mumbai, Pune, or other cities across the country, ensuring timely and cost-effective service without any international shipping complications.

Next, payment information is handled with utmost care, especially since we integrate with Razorpay, a trusted Indian payment gateway. Details like credit or debit card numbers, UPI IDs, net banking credentials, or wallet information are entered directly into Razorpay's secure interface. Firki itself does not store full card details—only tokenized references are retained for recurring transactions if you opt-in. This aligns with PCI-DSS (Payment Card Industry Data Security Standard) Level 1 compliance, which Razorpay maintains rigorously. For example, when you buy a pair of Firki Trek shoes for ₹2,299, the transaction is processed end-to-end in India, with no data leaving the country, minimizing risks associated with international gateways.

We also gather usage data to improve our platform's performance. This encompasses technical details like your IP address (which helps us verify you're accessing from India for geo-targeted content), browser type and version, operating system, pages visited, time and date of access, and referral sources. Cookies and similar technologies facilitate this—essential cookies ensure your cart persists across sessions, while analytics cookies (from tools like Google Analytics, configured for Indian data residency) help us understand user behavior. For example, if many users in Delhi abandon carts on mobile, we might optimize our site for better responsiveness. Importantly, all analytics data is anonymized and aggregated; no individual profiles are built for sale or external use.

A special note on children's data: As a brand dedicated to kids' footwear, we are extra vigilant. We do not knowingly collect personal data from children under 13 years of age without verifiable parental consent, in line with COPPA principles adapted for Indian context under the DPDP Act. If a child interacts with our site (e.g., viewing product images), no personal info is captured. Parents, if you suspect your child's data has been inadvertently collected—perhaps through a shared family account—please contact us immediately at privacy@firkiworld.com, and we'll rectify it promptly. Our site features age-appropriate content, like fun shoe animations, but never solicits input from minors.

Additionally, we may collect communication data from your interactions, such as emails or chat queries via our support system. This helps resolve issues like size exchanges for Firki Pluto shoes. Finally, device information like screen resolution aids in responsive design testing. All collections are voluntary except where necessary for service delivery, and we always provide opt-out mechanisms. Since Firki does not sell internationally, your data stays within India's secure ecosystem, reducing exposure to global risks.

2. How We Use Your Information

Your data is the foundation of a seamless Firki experience, used solely to enhance service quality and fulfill our commitments as an Indian brand. We process it transparently, with no international commercialization in mind. Let's delve into the specifics of our usage practices, ensuring you understand every step.

Primarily, we use your information to process orders, payments, and deliveries. When you add the Firki Jojo model to your cart and checkout, your address and payment details enable us to coordinate with domestic logistics like Delhivery or Blue Dart for swift, tracked delivery across Indian pin codes. This includes generating invoices compliant with GST regulations, calculating taxes accurately, and updating you via SMS or email on shipment progress. Without this, we couldn't guarantee the 3-5 day delivery promise in metro cities.

To improve our website and products, aggregated usage data informs decisions like refining our Explorer Series based on popular sizes or colors. For example, if analytics show high engagement with glide-mode demos in Pune, we might expand stock there. This is all internal—no data is shared for profit outside India.

Communication is key: We send transactional emails (order confirmations) and, with consent, promotional ones about new launches like the Firki Chill series. Opt-out is easy via one-click unsubscribe, and we honor Do Not Disturb (DND) for SMS under TRAI guidelines. Marketing is personalized but limited—e.g., suggesting complementary socks for your recent shoe purchase—always within Indian consumer protection norms.

For fraud prevention and security, we leverage Razorpay's tools to flag suspicious activities, like unusual IP patterns during checkout. This protects you from chargebacks or scams, ensuring safe transactions for families buying multiple pairs.

Finally, we use data to comply with legal requirements, retaining records for 7 years as per tax laws (Income Tax Act, 1961) or for dispute resolution under the Consumer Protection Act, 2019. Audits ensure everything is above board. Since we don't operate internationally, there's no need for cross-border compliance like GDPR, simplifying our processes while upholding Indian standards.

In all cases, processing is based on legal bases under the DPDP Act: consent for marketing, contract necessity for orders, or legitimate interests for site improvements. We review usage annually to minimize data retention—e.g., deleting inactive accounts after 2 years.

3. Sharing Your Information

Firki's commitment to privacy means we never sell, rent, or trade your data—domestically or internationally. As a purely Indian operation, sharing is limited to essential, vetted partners within the country, always under strict agreements. This section outlines our controlled approach in detail.

Our primary sharing occurs with trusted service providers to deliver services. For payments, Razorpay processes transactions securely, accessing only necessary details like card tokens—never full info, and all within India. Logistics partners like Delhivery receive shipping addresses for fulfillment but delete data post-delivery. Email tools (e.g., Sendinblue, hosted in India) handle newsletters, bound by data processing addendums (DPAs) ensuring no further sharing. Analytics providers like Google Analytics (with EU-US Data Privacy Framework compliance but data localized in India) get anonymized metrics only.

In rare cases of legal obligations, we may disclose data if compelled by Indian authorities—e.g., under Section 79 of the IT Act for cyber incidents or court subpoenas. We notify you unless prohibited, and such disclosures are logged for transparency.

For business transfers, if Firki merges or is acquired (hypothetically, by another Indian entity), your data would transfer with notice and opt-out rights, preserving privacy.

We prohibit downstream sharing: Partners sign contracts mandating data use only for Firki's purposes, with audits and breach notifications within 72 hours. No international affiliates exist, so no cross-border risks. For example, when sharing an address with Delhivery, it's encrypted and access-logged, deleted after 30 days.

Affiliates? None—Firki is standalone. Advertising? We use retargeting pixels from Indian networks, but you control via cookie banners. This ecosystem keeps your data safe, focused on Indian families without global complications.

4. Data Security

Security is non-negotiable at Firki—we treat your data like a treasured family photo album, protected with layers of defense. Operating solely in India allows us to leverage local expertise without international vulnerabilities. Here's how we fortify our systems.

At the core is encryption: All data in transit uses HTTPS/SSL (TLS 1.3), while at rest, sensitive info like payment tokens employs AES-256. For instance, your order details are encrypted before storage on AWS Mumbai servers, compliant with Indian data sovereignty.

Access controls are role-based: Only authorized personnel (e.g., customer support for queries) access data via multi-factor authentication (MFA) and IP whitelisting. Regular penetration testing by certified Indian firms simulates threats, addressing vulnerabilities promptly.

Razorpay's PCI-DSS Level 1 certification covers payments, with tokenization ensuring we never handle raw card data. For broader security, we follow ISO 27001 standards, conducting annual audits and employee training on phishing and data handling.

Breach response is proactive: Our incident plan, aligned with DPDP Act, includes 24-hour detection via SIEM tools, containment, and notification to affected users and the Data Protection Board within 72 hours. Post-incident reviews strengthen defenses—e.g., after a simulated breach, we enhanced firewall rules.

Physical security for our Mumbai office includes CCTV and access badges. Backups are encrypted and offsite (within India), tested quarterly. Since no international sales, we avoid forex or global compliance headaches, focusing on robust, localized protection. Your peace of mind is our goal—data safe, adventures free.

5. Cookies and Tracking

Cookies power a smooth Firki journey, but we respect your control. As a domestic site, tracking is minimal and India-focused. Our full Cookie Policy is linked in the footer, but here's an overview.

Essential cookies maintain functionality—like keeping your cart items (e.g., two pairs of Firki Dart) intact. These are first-party, session-based, no consent needed.

Analytics cookies from Google Analytics track anonymized visits, helping optimize load times for Indian networks. Data is pseudonymized (IP masked) and stored in India.

Marketing cookies enable personalized ads on Google (India-targeted), but only with consent via our banner. Third-parties like Facebook Pixel are limited, with opt-out via NAI India.

You can manage via browser (e.g., Chrome's settings) or our tool. No international trackers like those from US firms without safeguards. We review cookies bi-annually, deleting unnecessary ones to respect your digital footprint.

6. Your Rights and Choices

Empowerment is at Firki's heart—you own your data. Under DPDP Act and IT Act, we honor rights promptly, with no international hurdles.

Access and Correction: Request a copy or updates via privacy@firkiworld.com; we'll respond in 30 days, free for first two requests yearly.

Deletion/Erasure: Ask to erase (e.g., post-order data); we comply unless legally retained (e.g., GST records).

Consent Withdrawal: Revoke anytime for marketing—impacts future emails, not past orders.

Opt-Out: Unsubscribe links or DND for SMS. For sales objections, honor permanently.

Grievance Redressal: Our Officer (grievance@firkiworld.com) resolves in 15 days; escalate to Data Protection Board if needed.

No automated decisions affect you—human review for all. For portability, we'll provide in CSV format. These rights ensure control, aligned with Indian law.

7. International Transfers

Firki proudly operates 100% within India—no international sales, no cross-border data transfers for business. All processing happens domestically: servers in Mumbai, partners like Razorpay in Bangalore. If tools like Google require overseas elements, we use India-localized versions with DPAs and adequacy decisions under DPDP Act. Your data never leaves India, eliminating risks like differing global laws. This localization boosts speed (low latency for Indian users) and security (no extradition concerns). We're committed to this model, ensuring Firki remains a safe, homegrown choice.

8. Changes to This Policy

Evolution is key—we may refine this policy for better protection or legal alignment. Material changes (e.g., new consent forms) trigger email notices or homepage banners, with 30-day grace for review. Minor tweaks (e.g., contact updates) post quietly. Check the date at bottom; continued use post-notice means acceptance. We consult legal experts before updates, prioritizing your rights.

9. Contact Us

Your questions drive us forward. Email privacy@firkiworld.com for inquiries, or use our Contact page. We're responsive, aiming for 48-hour replies, and available via phone during business hours. Thank you for trusting Firki—your privacy fuels our shared adventures.