Home Privacy Policy
Legal

Privacy Policy

Last updated: March 2026  ·  Effective: March 2026

1. Introduction & Data Controller

This Privacy Policy is issued by Mom's Salty Fish, a sole proprietorship owned and operated by Dhanalakshmi, at 3/203, South Street, Vanagiri (P.O), Sirkazhi (T.K), Mayiladuthurai (D.T), Tamil Nadu – 609105, India.

This policy explains how we collect, use, store, and protect your personal data when you visit or make a purchase on momssaltyfish.com. It is governed by the Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000 of India.

By using our website and placing an order, you consent to the collection and use of your data as described in this policy.

2. What Data We Collect

We collect the following personal data when you interact with our website:

  • Account data: Full name, email address, phone number (when you register or log in)
  • Order data: Delivery address (name, street, city, state, pincode), order history, items purchased, payment status
  • Communication data: Messages you send us via the contact form, WhatsApp, or email
  • Technical data: IP address, browser type, device type, pages visited (collected automatically via server logs)

We do not store your UPI ID, bank account details, or any payment credentials. All payment processing is handled securely by Razorpay — we only receive a payment confirmation and transaction ID.

3. How We Use Your Data

We use your personal data strictly for the following purposes:

  • Order fulfilment: Processing your order, packing, and dispatching via India Post
  • Delivery communication: Sending order confirmation, dispatch notification, and tracking details via email
  • Customer support: Responding to your queries, complaints, or refund requests
  • Account management: Maintaining your login, order history, and profile
  • Legal compliance: Maintaining GST and sales records as required by Indian tax law (GST Act, 2017)

We do not use your data for unsolicited marketing, profiling, or selling to third parties.

4. Third Parties We Share Data With

We share your data only with trusted service providers necessary to fulfil your order:

  • Razorpay (Payment Gateway): Processes UPI payments. Razorpay receives your name, phone number, and order amount. They are governed by their own Privacy Policy.
  • India Post (Courier): Receives your name and delivery address to deliver your parcel. No financial data is shared.
  • Zoho Mail (Email Service): Used to send transactional emails (order confirmation, shipping updates, OTP). Email content is routed through Zoho's servers.
  • Cloudinary (Image Hosting): Stores product images on our website. No customer data is shared with Cloudinary.

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.

5. Data Retention

We retain your personal data for the following periods:

  • Order records: 7 years from the date of order (as required by GST laws and Indian accounting standards)
  • Account data: As long as your account is active, or until you request deletion
  • Contact form data: Up to 1 year after the issue is resolved
  • Technical/server logs: Up to 90 days

6. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • HTTPS encryption on all pages of our website
  • Passwords stored using industry-standard hashing (bcrypt)
  • OTP-based login — no plain-text passwords stored
  • Payment data handled entirely by Razorpay (PCI-DSS compliant)
  • Restricted access to customer data — only the business owner has access

While we take all reasonable precautions, no internet transmission is 100% secure. In the unlikely event of a data breach, we will notify affected users as required by the DPDP Act, 2023.

7. Your Rights Under Indian Law

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to access: Request a summary of personal data we hold about you
  • Right to correction: Ask us to correct inaccurate personal data
  • Right to erasure: Request deletion of your account and personal data (subject to legal retention obligations)
  • Right to grievance redressal: Raise a complaint if you believe your data rights have been violated

To exercise any of these rights, contact us at support@momssaltyfish.com or via WhatsApp. We will respond within 7 business days. If unresolved, you may approach the Data Protection Board of India once it is constituted under the DPDP Act.

8. Cookies

Our website uses minimal browser storage (localStorage) to maintain your shopping cart and login session on your device. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

Our website is intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe a minor has provided personal data to us, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The revised policy will be posted on this page with the updated date. Continued use of the website after changes constitutes acceptance of the revised policy.

11. Contact & Grievance Officer

For any privacy-related concerns or data requests, contact:

  • Name: Dhanalakshmi (Proprietor)
  • Email: support@momssaltyfish.com
  • WhatsApp: +91 88708 41167
  • Address: 3/203, South Street, Vanagiri (P.O), Sirkazhi (T.K), Mayiladuthurai (D.T), Tamil Nadu – 609105

Have a privacy concern or want to access your data? Contact us.

WhatsApp Us

Business: Mom's Salty Fish  |  Proprietor: Dhanalakshmi  |  FSSAI Lic. No.: 22425438000422  |  GSTIN: 33ELZPD8857E1ZI  |  3/203, South Street, Vanagiri (P.O), Sirkazhi (T.K), Mayiladuthurai (D.T), Tamil Nadu – 609105