Privacy Policy

Last updated: September 19, 2025

Box of Art (“we,” “us,” or “our”) operates this store and website, including all related information, content, features, tools, products, and services, in order to provide you (“you,” “your,” or “customer”) with a curated shopping experience (the “Services”). Our store is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy explains how we collect, use, and disclose your personal information when you visit, use, or make a purchase through our Services, or otherwise interact with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy will control with respect to the collection, processing, and disclosure of your personal information.

By accessing or using our Services, you confirm that you have read and understood this Privacy Policy.

1. Personal Information We Collect

When we use the term “personal information,” we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

• Contact Details: including your name, address, billing address, shipping address, phone number, and email address. We collect this to confirm and deliver your orders, send order updates, provide customer support, and contact you if needed.
• Financial Information: including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation, and other payment details. We do not store your full card details or CVV on our servers. All sensitive financial data is encrypted and processed directly through Razorpay’s secure payment gateway.
• Account Information: including your username, password, security questions, preferences, and settings. We collect this to let you manage your account, track orders, save favorite products, and receive personalized product suggestions.
• Transaction Information: including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange, or cancel, and your past transactions. We collect this to complete transactions, provide you order history, and suggest products based on your interests.
• Communications with Us: including the information you include in communications with us, for example, when sending a customer support inquiry. We collect this to answer your questions, provide support, and improve customer service.
• Device Information: including information about your device, browser, or network connection, your IP address, and other unique identifiers. We collect this to keep our site secure, optimize user experience, and analyze website performance.
• Usage Information: including information regarding your interaction with the Services, including how and when you interact with or navigate the Services. We collect this to understand user behavior, personalize product recommendations, and improve marketing campaigns.
• Marketing & Subscription Data: including your preferences when you subscribe to our newsletter via Mailchimp. Information collected through opt-ins for promotions, SMS, and WhatsApp marketing updates. We collect this to send you special offers, abandoned cart reminders, product launches, and exclusive deals.
• Optional Customization Data: including if you order custom posters or personalized products, we may collect images, text, or design inputs you provide, and Special instructions related to your customization. We collect this to create and deliver the exact customized product you request.

Data Retention for Customization: Any personal images, text, or customization details you share are used only for the purpose of completing your order. Once your customized product has been successfully shipped, this data is safely deleted from our systems. We do not reuse, resell, or store your customization details for future purposes.

2. Sources of Personal Information

We may collect personal information from the following sources:

a) Directly From You
Most of the information we collect is provided directly by you. This includes when you browse or purchase products on our website, create or update your account, subscribe to our newsletter via Mailchimp, opt-in for WhatsApp or SMS updates, contact us through email or support forms, or share customization details for personalized orders. All of this information is shared at your discretion, which means you remain in full control of what you choose to provide.

b) Automatically When You Use Our Website
We also collect certain information automatically when you interact with our website. This includes technical details such as your IP address, browser type, device type, operating system, referral source, and general usage patterns like the pages you visit, time spent on each page, and clicks or navigation behavior. Cookies and similar technologies are also used to remember your cart, save login details, and personalize your shopping experience. This automatic collection helps us secure our website, improve its performance, and recommend products that may be more relevant to you.

c) From Service Providers
Some personal information is shared with us by trusted third-party providers who help us operate our business. For instance, Razorpay provides us with payment confirmations and transaction IDs (but not your sensitive card details), Hostinger and WordPress collect server logs and technical analytics to keep the site secure, Mailchimp provides data about your subscription preferences and campaign engagement, and our WhatsApp API provider enables order updates and customer support messages. These providers act as partners and ensure that your shopping experience is safe, professional, and seamless.

d) From Cookies & Similar Technologies
We use cookies, pixels, and tracking technologies to enhance your browsing and shopping experience. These tools allow us to remember your preferences, keep items in your cart, simplify your login process, track product interests, and measure the effectiveness of advertisements across platforms such as Google and Meta. By doing so, we are able to personalize your shopping journey and show you offers that are more relevant to your interests.

e) From Publicly Available Sources
In rare cases, we may collect information about you from publicly accessible sources or social media platforms. For example, if you tag our brand on Instagram, leave a public review, or interact with our ads on platforms like Facebook or YouTube, we may use that information to better understand customer feedback, engage with our community, and improve our marketing reach.

3. How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

a) To Provide, Tailor, and Improve Our Services
We use your personal information to deliver the core services of our business. This includes processing your payments through Razorpay, fulfilling your orders, arranging shipping, and managing returns or exchanges. We also use your data to remember your preferences, save items in your cart, and recommend products that match your interests. By analyzing your shopping patterns and interactions with our website, we are able to improve our store’s functionality, personalize your experience, and provide you with a smoother and more enjoyable journey every time you visit.

b) For Marketing and Advertising
With your consent, we may use your personal information to send you promotional offers, product updates, and newsletters through channels such as email (via Mailchimp), SMS, and WhatsApp notifications. This may also include abandoned cart reminders, special discounts, or product recommendations tailored to your interests. Your opt-in data is kept secure and never shared with third parties except for messaging or advertising partners who help us run these services. We also use cookies and advertising tools to deliver targeted ads on platforms like Google and Meta, so you can see more relevant offers.

c) For Security and Fraud Prevention
We use your personal data to protect both you and our business from potential risks. This includes verifying transactions, detecting suspicious or fraudulent activity, and ensuring a safe checkout experience. Your account information, if you create one, is secured and encrypted, and we strongly advise you to keep your login credentials private. Our systems and service providers also monitor for potential threats to maintain a safe and reliable platform.

d) To Communicate With You
Your personal information helps us stay connected with you. We may use it to provide customer support, confirm your orders, send shipping updates, answer inquiries, or resolve issues related to your purchases. These communications ensure that you always have clarity about your transactions, and we can maintain a healthy business relationship with you.

e) To Comply With Legal Requirements
In some cases, we may be required to use your personal information to comply with applicable laws or respond to valid legal processes, such as requests from government authorities or law enforcement. This may also include using your data for dispute resolution, enforcing our policies, or investigating potential violations of terms and conditions.

4. How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

a) With Service Providers and Business Partners
We may share your personal information with trusted third-party service providers who perform essential business functions on our behalf. For example, Razorpay processes your payments and provides us with transaction confirmations, Hostinger and WordPress provide hosting and technical infrastructure, Mailchimp manages our email campaigns, and our WhatsApp API partner enables us to send real-time updates. These providers only receive the information necessary to deliver their services and are contractually obligated to keep your data secure.

b) With Marketing and Advertising Partners
In order to show you relevant offers, we may share limited information with marketing and advertising partners. This includes platforms like Google, Meta (Facebook/Instagram), or other ad networks that help us deliver targeted ads based on your browsing activity and preferences. These partners handle your data in accordance with their own privacy policies. Depending on your location, you may also have the right to opt out of targeted advertising.

c) When You Give Us Consent or Direction
We may disclose your information when you specifically authorize us to do so. For example, if you ask us to ship products to another address, use a social media login to access our site, or otherwise choose to link your account with third-party platforms, we will share the necessary details to complete your request.

d) Within Our Business or Corporate Group
If Box of Art operates with affiliates, subsidiaries, or under a larger corporate structure in the future, we may share personal information within our business group. This ensures smooth operations, consolidated services, and consistency in customer experience across all platforms under our brand.

e) In Connection With Business Transactions
In the event of a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred to another entity as part of the transaction. Such transfers will be handled in accordance with this Privacy Policy, ensuring that your data continues to be protected.

f) For Legal or Safety Reasons
We may also disclose your personal information if required by law, regulation, legal process, or government request. This includes situations where we must enforce our terms and policies, protect our legal rights, investigate fraud or suspicious activities, or ensure the safety of our customers and the public.

5. Relationship With Third-Party Platforms (Hostinger, WordPress, Razorpay, Mailchimp, WhatsApp API)

Our website and services rely on several trusted third-party platforms that help us operate efficiently, securely, and professionally. While these partners may process or store certain types of information, they do so only to support the functioning of our business and are bound by their own privacy and security policies.

a) Hostinger (Website Hosting Provider)
Our website is hosted on Hostinger, which provides the servers and infrastructure needed to keep our platform online and secure. Hostinger may collect technical data such as server logs, IP addresses, error logs, and traffic information for security and performance monitoring. This information ensures that the website remains fast, reliable, and protected from malicious activity.

b) WordPress (Website Platform)
We use WordPress to build and manage our website. WordPress may collect certain technical information through plugins, themes, and built-in tools, such as analytics data, cookies, and browser/device details. This helps us manage content, improve user experience, and keep the platform updated with the latest security standards.

c) Razorpay (Payment Gateway)
All payments on our website are processed securely through Razorpay. When you make a purchase, Razorpay handles sensitive financial information such as your debit/credit card details, UPI, or net banking information. Box of Art does not store or have direct access to your full payment details. Razorpay provides us only with transaction confirmations, payment status, and reference IDs so we can complete your order. Razorpay follows strict security measures, including PCI-DSS compliance, to protect your financial data.

d) Mailchimp (Email Marketing Platform)
We use Mailchimp to manage newsletters, promotional campaigns, and customer communications. If you subscribe to our mailing list, Mailchimp stores your email address, subscription preferences, and engagement details (like whether you opened or clicked our emails). This data helps us send you relevant offers and updates. Mailchimp does not use your personal information for their own marketing but processes it strictly to enable our communication with you.

e) WhatsApp API (Customer Communication)
We use an authorized WhatsApp API provider to send you order confirmations, shipping updates, and customer support messages directly to your WhatsApp account (only if you opt in). The WhatsApp API allows us to connect with you faster and more conveniently, but the data you share in WhatsApp chats may also be processed by Meta (WhatsApp’s parent company) under their own privacy policy. We only use this channel to provide service-related communication and not for unsolicited spam.

6. Third-Party Websites and Links

Our website may include links to third-party websites, applications, or online platforms that are not directly operated or controlled by Box of Art. These may include links to social media platforms (such as Instagram, Facebook, or YouTube), payment providers, advertising networks, or other external resources that we use to improve your shopping experience.

When you click on these links or interact with embedded third-party features, such as social media buttons, your information may be collected and processed by those third parties under their own privacy and security policies. We do not control, endorse, or take responsibility for the content, practices, or data handling methods of these external sites. This means that once you leave our website or interact with a third-party service, the privacy and security of your information will be governed by that platform’s terms.

We strongly encourage you to review the privacy policies of any third-party websites or services you visit, especially before providing them with personal information. Please note that any personal data you share publicly on third-party platforms, such as posting a review or tagging our brand on social media, may be visible to other users and may be used by the platform in ways that are outside of our control.

7. Children’s Data

Our services are not designed or intended for use by children under the age of majority in their jurisdiction (for example, under 18 years of age in India). We do not knowingly collect, store, or process personal information from children. If we become aware that a child has provided us with personal data, we will take immediate steps to delete such information from our systems.

Parents or legal guardians who believe that their child has shared personal information with us are encouraged to contact us directly using the details provided in the “Contact” section of this Privacy Policy. Upon verification, we will promptly remove the child’s information from our records.

We also confirm that, as of the date of this Privacy Policy, we do not knowingly “sell” or “share” the personal data of individuals under the age of 16, as defined by applicable data protection laws.

8. Security and Retention of Your Information

a) Security of Your Information
We take the protection of your personal information very seriously. Our website is hosted on Hostinger and built on WordPress, both of which provide advanced security features such as SSL encryption, firewalls, and regular system monitoring. Payments are processed through Razorpay, which follows PCI-DSS compliance standards to ensure that your financial data remains safe. We also use trusted third-party tools like Mailchimp and WhatsApp API, which apply their own industry-standard safeguards to protect customer data.

Despite these measures, it is important to note that no method of data transmission over the internet or method of electronic storage is 100% secure. While we work hard to safeguard your information, we cannot guarantee “perfect security.” Customers are encouraged to protect their accounts by keeping login credentials private and avoiding the use of unsecured networks when sharing sensitive data.

b) Retention of Your Information
We only retain personal information for as long as it is necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. For example:

• Order-related information (such as shipping details, billing details, and payment confirmations) is stored until the order is successfully completed, delivered, and any applicable return or warranty period has passed.
• Customization data that you provide for personalized products (such as images, text, or design inputs) is deleted immediately after your order has been processed and shipped, unless required for legal, accounting, or fraud-prevention purposes.
• Account information is retained for as long as you maintain an account with us. If you delete your account, we will remove your information from our active systems within a reasonable time, unless retention is required by law.
• Transaction logs, communications, and support records may be stored for a limited period to comply with legal obligations, resolve disputes, or enforce our terms and conditions.

Once the retention period has expired, or once the purpose for collecting the data has been fulfilled, your personal information will be securely deleted, anonymized, or removed from our systems.

9. Your Rights and Choices

As a customer of Box of Art, you have certain rights regarding the personal information we collect and process about you. These rights may vary depending on the laws that apply in your location, but generally include the following:

a) Right to Access and Know
You have the right to request details about the personal information we hold about you, including the type of data collected, the purposes of processing, and the parties with whom it has been shared.

b) Right to Rectification
If you believe that any information we hold about you is inaccurate, incomplete, or outdated, you have the right to request corrections or updates.

c) Right to Erasure (Right to be Forgotten)
You can request that we delete your personal information from our systems once it is no longer necessary for the purpose it was collected, or if you withdraw your consent. Please note that certain legal or financial records may need to be retained as required by law.

d) Right to Restrict Processing
You have the right to request that we limit or restrict how your personal information is used, especially in situations where the accuracy of the data is contested or where processing is no longer necessary.

e) Right to Data Portability
Where technically feasible, you may request a copy of your personal information in a commonly used, machine-readable format so that you can transfer it to another service provider.

f) Right to Withdraw Consent
If we process your information based on your consent (such as for marketing emails or WhatsApp communication), you may withdraw your consent at any time by following the unsubscribe instructions in our emails or by contacting us directly.

g) Right to Object
You have the right to object to certain types of processing, such as direct marketing or automated decision-making, if you do not wish your information to be used in that way.

How to Exercise Your Rights

To exercise any of the above rights, please contact us at the details provided in the “Contact Us” section of this Privacy Policy. We may require reasonable verification of your identity before fulfilling your request to protect your data from unauthorized access.

We will respond to your request within a reasonable timeframe as required under applicable laws. Please note that some rights may not apply in certain cases due to legal, contractual, or technical restrictions.

10. International Transfers

As part of our business operations, some of your personal information may be transferred to, stored in, or processed in countries outside of your home country, including locations where data protection laws may be different or less comprehensive than those in your jurisdiction.

For example:

• Hostinger may store website data on international servers.
• Mailchimp (our email marketing provider) and WhatsApp API (used for communication) may process information in the United States or other regions.
• Razorpay may involve international banking networks when processing certain payment transactions.

When we transfer your personal information internationally, we ensure that appropriate safeguards are in place to protect your data. These safeguards may include:

• Using service providers that comply with recognized security frameworks and data protection regulations.
• Relying on standard contractual clauses or equivalent legal mechanisms, where applicable.
• Ensuring that only the minimum necessary data is transferred to fulfill the intended purpose.

By using our services, you acknowledge and agree that your information may be transferred and processed outside your home country, subject to the privacy and security practices described in this Privacy Policy.

11. Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or the technologies we use. Any changes will be effective immediately upon posting the updated Privacy Policy on our website, unless otherwise required by law.

When we make significant updates, we will notify you by one or more of the following methods:

• Posting a clear notice on our website homepage.
• Sending an email notification to subscribers or registered customers.
• Communicating through WhatsApp or other customer communication channels, where appropriate.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle and protect your personal information. Your continued use of our website and services after the updated policy has been posted will constitute your acceptance of the changes.

If you do not agree with the updated terms, you may discontinue using our services or contact us to exercise your rights under the “Your Rights and Choices” section.

12. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or the way we handle your personal information, you can reach out to us directly using the details below:

Box of Art – Customer Support
📧 Email: support@boxofarts.com
📞 Phone/WhatsApp: 7303766723
🌐 Website: https://boxofarts.com/contact-us/

We are committed to responding to your inquiries within a reasonable time and will do our best to resolve any concerns regarding your privacy or the protection of your data.

If you are not satisfied with how we handle your request, you may also have the right to lodge a complaint with your local data protection authority, depending on your jurisdiction.