Privacy policy

Your privacy matters to us — not as a legal checkbox, but as a foundation of the trust we ask for every time you share an address, a card, or a moment with the Blinglane brand. This policy explains, in plain language, what data we collect, why we collect it, how we protect it, and the rights you hold over it.

Who We Are (Data Controller)

This policy is issued by Blinglane Inc., a corporation incorporated under the laws of Canada, with its registered office at 23 Bastion St Suite 108, Fort York, Toronto, Ontario, Canada. Blinglane Inc. is the Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act), the Data Controller under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the equivalent controller under the EU General Data Protection Regulation (GDPR) for our customers in EU jurisdictions.

India correspondence office:
Blinglane Inc.
10th Floor, Tower-B, Unitech Cyber Park
Sector-39, Gurugram
Haryana, India – 122001

For all purposes of this policy, "Blinglane", "we", "us", and "our" refer to Blinglane Inc.

What Personal Data We Collect

We collect only what we need to deliver, support, and improve your Blinglane experience.

Identity and contact information

  • Name, email address, phone number
  • Billing and shipping addresses
  • Date of birth (optional — collected only if you provide it, e.g. for birthday offers)

Payment information

  • Payment-method type, last four digits of card, and tokenised payment identifiers
  • We do not store full card numbers, CVVs, or UPI PINs. All payment data is collected and processed by Razorpay, an RBI-licensed Payment Aggregator – Cross Border (PA-CB), and held on Razorpay's India-localised servers in compliance with the Reserve Bank of India's payment-data localisation mandate.

Behavioural and device information

  • IP address, device type, browser, operating system
  • Pages visited, items viewed, cart activity, time spent
  • Cookies, pixels, and similar tracking technologies (see "Cookies" below)

Marketing preferences

  • Email, SMS, and WhatsApp subscription status
  • Consent timestamps and channel preferences

How We Use Your Data

We use your personal data only for clearly defined purposes:

  • To fulfil your order — process payments, dispatch and deliver, handle returns and refunds
  • To communicate with you — order updates, tracking notifications, customer support
  • To send marketing communications — only where you have opted in (see "Marketing & Consent")
  • To improve our store and products — analytics, A/B testing, personalisation
  • To prevent fraud and protect our business — verifying transactions, flagging suspicious activity
  • To comply with legal obligations — tax records, regulatory filings, response to lawful requests

Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

  • Performance of contract — to deliver the order you placed with us
  • Consent — for marketing communications, optional data, and cookies
  • Legitimate interest — to protect against fraud, improve our service, and operate our business responsibly
  • Legal obligation — to comply with applicable tax, accounting, consumer protection, and data protection law

Under the DPDP Act, your explicit consent is our primary lawful basis for processing personal data in India, supplemented by "legitimate uses" recognised in the Act.

Who We Share Your Data With

We share your personal data only with carefully selected processors who handle it on our behalf, under contractual safeguards:

Processor Purpose Data Location
Shopify Inc. Store hosting, order management, email, SMS, customer support USA / Canada / EU
Razorpay & Cashfree Payment processing under RBI PA-CB framework India
Google LLC Google Analytics 4, Google Ads, Google Tag, Google Merchant Center, Google Business reviews USA / EU
Meta Platforms Inc. Facebook & Instagram advertising pixels and conversions USA / EU
TikTok Inc. TikTok advertising pixel and conversions USA / EU / Singapore
DTDC, DHL Cross-border (Canada → India and international) shipping Global
Bluedart, Delhivery, Ecom-Express India last-mile delivery India

We do not sell, rent, or trade your personal data to any third party. Any sharing strictly serves order delivery, communication, advertising performance, or analytics — and only on your behalf as our customer.

International Data Transfers

Because Blinglane Inc. is incorporated in Canada and uses globally distributed service providers, your personal data may be transferred to, stored in, and processed in countries other than India, including Canada, the United States, the European Union, and other jurisdictions where our processors operate.

For every such transfer, we rely on appropriate safeguards:

  • EU customers (GDPR): Standard Contractual Clauses approved by the European Commission, and additional safeguards where required.
  • India customers (DPDP Act): Transfers to jurisdictions notified by the Central Government, with contractual data-protection safeguards.
  • Canadian customers (PIPEDA): Transfers under comparable-protection arrangements with our service providers.

Payment data tied to Razorpay transactions is held on Razorpay's India-localised servers and is not transferred outside India, in line with RBI requirements.

Data Retention

We retain personal data only for as long as we need it for the purposes set out in this policy, or as required by law.

  • Order and transactional data: retained for 7 years (in line with Indian Income Tax Act record-keeping requirements and Canadian commercial law)
  • Marketing list (email / SMS / WhatsApp subscribers): retained until you unsubscribe or request deletion, whichever is earlier
  • Abandoned-cart data: retained per standard Shopify settings (typically 30 days), then purged
  • Customer-support correspondence: retained for 3 years from the date of last contact
  • Cookies and behavioural data: retained per individual cookie lifespans, disclosed in our cookie banner

Your Rights as a Data Principal

Under the DPDP Act 2023, PIPEDA, and GDPR (as applicable), you have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate or incomplete data
  • Erase your data, subject to legal retention requirements
  • Withdraw consent for marketing or optional processing, at any time
  • Object to or restrict certain processing activities
  • Port your data to another controller in a structured, commonly-used format
  • Nominate another person to exercise these rights on your behalf in the event of death or incapacity (DPDP-specific)
  • Lodge a complaint with the Data Protection Board of India, the Office of the Privacy Commissioner of Canada, or your local EU Data Protection Authority

We will respond to all rights requests within 7 days of receipt — faster than the DPDP statutory norm of 30 days.

How to Exercise Your Rights — Grievance Officer

Under the DPDP Act 2023, we have designated a Grievance Officer to handle all privacy-related requests and complaints:

Grievance Officer: Saurabh Gandhi
Email: gandhi@blinglane.com
Postal address: Blinglane Inc., 23 Bastion St Suite 108, Fort York, Toronto, Ontario, Canada
Response SLA: Within 7 days of receipt

For day-to-day data requests (access, correction, erasure), email care@blinglane.com and we will route your request to the Grievance Officer where required.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the store, remember your preferences, measure performance, and serve relevant advertising. We classify cookies as:

  • Strictly necessary cookies — required for the website to function (cart, checkout, login)
  • Performance cookies — analytics that help us understand how visitors use our site (GA4, Shopify analytics)
  • Advertising cookies — used by Google Ads, Meta Pixel, and TikTok Pixel to deliver relevant ads and measure their effectiveness
  • Functional cookies — remember your preferences (language, region)

You can manage your cookie preferences via our cookie consent banner, which appears on your first visit and can be reopened at any time from the footer of every page.

Marketing Communications & Consent

We send marketing communications (email, SMS, WhatsApp) only where you have given your explicit opt-in consent, either at the point of subscription, account creation, or via a clear marketing-consent checkbox at checkout.

For customers transferred from Bling Fashions Pvt Ltd: Your original subscription status (subscribed or unsubscribed) at the time of transfer to Blinglane Inc. has been preserved as your active consent record, in line with industry practice for business asset transfers. You can unsubscribe at any time via the one-tap link in every email or SMS.

You can withdraw your consent and unsubscribe at any time:

  • Via the unsubscribe link in any marketing email
  • By replying STOP to any marketing SMS or WhatsApp message
  • By emailing care@blinglane.com

Withdrawal of marketing consent does not affect our ability to send you essential transactional messages (order confirmations, shipping updates, refunds).

Children

Blinglane.com and the Blinglane brand are not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact care@blinglane.com and we will delete the data promptly.

Data Security

We implement industry-standard technical and organisational safeguards to protect your personal data, including TLS/SSL encryption in transit, encryption at rest where applicable, role-based access controls, regular security audits of our platforms, and employee confidentiality obligations. Payment data is processed exclusively by Razorpay under PCI-DSS Level 1 compliance.

No system is perfectly secure, however. If a breach affecting your personal data occurs, we will act quickly to investigate, contain, and notify you and the relevant authorities as required by law.

Breach Notification

In the event of a personal data breach likely to result in risk to your rights and freedoms, we will:

  • Notify the Data Protection Board of India within 72 hours of becoming aware of the breach (DPDP Act 2023 requirement)
  • Notify the Office of the Privacy Commissioner of Canada as soon as feasible (PIPEDA requirement)
  • Notify the relevant EU Data Protection Authority within 72 hours where GDPR applies
  • Notify you directly without undue delay where the breach is likely to result in high risk to your rights

Updates to This Policy

We may update this policy from time to time to reflect changes in our practices, our technology, or applicable law. The "Last updated" date at the top reflects the most recent revision. Where changes are material, we will notify you via email and via a clear notice on blinglane.com at least 14 days before the changes take effect.

Contact

For any privacy-related question, request, or complaint:

  • Grievance Officer (DPDP): Saurabh Gandhi - gandhi@blinglane.com
  • Customer Support: care@blinglane.com
  • WhatsApp / Text: +1-425-464-5263
  • Postal address: Blinglane Inc., 23 Bastion St Suite 108, Fort York, Toronto, Ontario, Canada

This Privacy Policy is governed by the laws of the Province of Ontario, Canada, and should be read alongside our Shipping Policy, Returns & Exchanges Policy, and Terms & Conditions. Where the DPDP Act 2023 (India), PIPEDA (Canada), or GDPR (EU) provides you with stronger rights than those described here, those statutory rights prevail.