Privacy Policy

We collect the following types of information:

• Account information: name, email address, and/or mobile phone number
• Order data: items purchased, shipping address, order history
• Payment data: payment method and transaction reference (we do not store card numbers)
• Device data: IP address, browser type, device type, and usage behaviour on our site
• Communications: messages sent via contact forms or customer support

We offer login via mobile OTP and email/password. Your phone number is used to send a one-time password for authentication. We do not use your phone number for marketing without explicit consent.

Passwords are stored as bcrypt hashes — never in plain text. OTPs expire within 5 minutes and are hashed in our database.

If you sign in with Google, we receive your name, email, and profile picture from Google. We use this only to create or link your account.

We collect and store your shipping address to fulfil orders and for your convenience in future purchases. You may add, edit, or delete saved addresses from your account dashboard.

Order history is stored indefinitely for legal and customer support purposes. You may request a copy of your data at any time.

All payments are processed by Razorpay, a PCI DSS-compliant payment gateway. Misha Edits does not store credit/debit card numbers, CVVs, or UPI PINs.

We store only the Razorpay payment ID and order reference for reconciliation purposes.

We use browser localStorage to persist your shopping cart, wishlist, and authentication token between sessions. This data stays on your device and is not shared with third parties.

We may use essential cookies to maintain your session. We do not use advertising or tracking cookies.

We use your data to process and fulfil orders, send order confirmations, respond to customer support inquiries, improve our website, and detect fraud. We do not sell your personal data to any third party.

We use: Razorpay (payment processing), Google Identity Services (social login), Cloudinary (image hosting), and Supabase / PostgreSQL (database). Each has its own privacy policy.

Account data is retained as long as your account is active. Order data is retained for a minimum of 7 years for legal and tax compliance.

OTP records are automatically deleted 24 hours after creation.

You have the right to access, correct, or request deletion of your personal data, and to opt out of marketing communications at any time.

To exercise these rights, email us at privacy@mishaedits.in. We will respond within 30 days.

Our services are not directed to children under 13. We do not knowingly collect data from minors.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email.