Privacy policy

PRIVACY POLICY — SOVOR

Last Updated: May 2026 | Version: 2.0

OVERVIEW

This Privacy Policy applies to all services operated by Sovor at sovor.store including: → Sovor Edge Plant Protein Powder, Anti-Skid Mats, Portable Blenders (e-commerce) → Sovor RTO Guard (SaaS — Shopify App)

Owner: Col. Arvind Jadli (Retd.), Sovor Address: 82, Lane No. 3, Sai Lok Colony, Madhu Vihar, GMS Road, Dehradun, Uttarakhand — 248001 Email: arvind@sovor.store

  1. INFORMATION WE COLLECT

A. E-Commerce Customers: → Name, email, phone number → Shipping and billing address → Payment details (processed by Shopify Payments / PhonePe — we never store card details directly) → Order history and purchase preferences → Device information and IP address → Website usage data

B. SaaS Merchants (Sovor RTO Guard): → Shopify store name and domain → Store owner name and email → Order data including order IDs, amounts, and COD status → Customer phone numbers and PIN codes (for risk scoring only) → WhatsApp Business Account credentials → Billing and subscription information → App usage and feature activation data

C. End Consumers of RTO Guard Merchants: → Phone number (for WhatsApp verification) → Delivery PIN code (for risk scoring) → Order ID and COD response signal → No payment data, no full address stored

We act as Data Processor for end consumer data. The merchant is the Data Controller responsible for obtaining necessary consents from their customers.

D. Website Visitors: → Cookies and tracking pixels → Browser type and device information → Analytics data (via Shopify Analytics)

  1. LEGAL BASIS FOR PROCESSING

→ Contract performance: processing orders, delivering products, providing SaaS services → Legitimate interests: fraud prevention, risk scoring, security, service improvement → Consent: marketing communications, non-essential cookies → Legal obligation: GST records, export documentation, FEMA compliance

  1. HOW WE USE YOUR INFORMATION

E-Commerce: → Process and fulfil orders → Send order confirmations and updates → Handle returns and refunds → Improve website and product experience → Send marketing communications (only with consent) → Comply with GST and tax obligations → Export documentation for international orders

SaaS — Sovor RTO Guard: → Provide risk scoring and COD verification → Send WhatsApp verification messages on merchant's behalf → Generate RTO analytics and reports → Process subscription billing → Improve risk models using aggregated and anonymised network data → Send product updates and feature announcements

  1. INFORMATION SHARING

We do not sell your personal data. Ever.

Both business lines: → Shopify Inc. — platform infrastructure → Google Cloud Platform — data hosting → Microsoft Azure — AI features

SaaS only: → Meta Platforms (WhatsApp Business API) — verification messages → India Post (Government of India) — logistics → Groq — AI inference processing

E-Commerce only: → India Post — order fulfilment → PhonePe / Shopify Payments — payment processing → DGFT Portal — export compliance

All parties: → Law enforcement when required by applicable law → In connection with a business transfer (you will be notified)

  1. COOKIES

→ Essential cookies: required for checkout and account functions. Cannot be disabled. → Analytics cookies: Shopify Analytics. Can be disabled. → Marketing cookies: only set with your explicit consent.

To manage: use browser settings or Do Not Track setting.

  1. DATA RETENTION

→ E-commerce order data: 5 years (GST compliance) → International export records: 7 years (FEMA + DGFT) → SaaS order risk data: 36 months (network intelligence) → Marketing data: until you unsubscribe → Account data: until deletion + 90 days for backup purge

  1. YOUR RIGHTS

All users: → Access, Correction, Deletion, Restriction, Portability, Objection

Indian users (DPDP Act 2023): → Right to know, correct, erase, grievance redressal, nominate

EU/UK users (GDPR): → All rights above + right to lodge complaint with local supervisory authority → Right to object to automated decision-making

Saudi Arabia (PDPL) and UAE users: → Rights under respective data protection laws apply

To exercise any right: Email arvind@sovor.store — Subject: "Privacy Request — [Your Right]" Response within 30 days.

  1. CHILDREN'S PRIVACY

Not intended for: → Under 18 (India — DPDP Act 2023) → Under 16 (EU/UK — GDPR) → Under 13 (USA — COPPA)

Contact arvind@sovor.store immediately if a child has provided personal data.

  1. INTERNATIONAL DATA TRANSFERS

Data processed in India on Google Cloud infrastructure. EU/UK: transfers conducted under appropriate safeguards including standard contractual clauses where applicable. GCC: compliant with Saudi PDPL and UAE Federal Decree-Law No. 45 of 2022.

  1. DATA SECURITY

→ SSL/TLS encryption on all pages → Encrypted storage of sensitive credentials → Access controls — authorised personnel only → Regular security monitoring and vulnerability assessments

In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.

  1. CONTACT & GRIEVANCE OFFICER

Col. Arvind Jadli (Retd.) Grievance Officer & Data Controller, Sovor Email: arvind@sovor.store Address: 82, Lane No. 3, Sai Lok Colony, Madhu Vihar, GMS Road, Dehradun, Uttarakhand — 248001, India

Response times: → General queries: 3 business days → Data requests: 30 days → Grievances (DPDP Act): 30 days → Breach notifications: 72 hours

EU/UK users: find your local DPA at edpb.europa.eu

  1. POLICY UPDATES

Material changes require fresh consent where legally required under GDPR, DPDP Act, or other applicable law. Continued use constitutes acceptance for non-material changes only.

Version: 2.0 | Last Updated: May 2026 | Next Review: November 2026