Privacy Policy
Last updated: 3 June 2026
This Privacy Policy explains how Shiksho (“we”, “us”, “our”) collects, uses, and protects your personal information when you use our mobile application (the “App”) and our website at shiksho.co (the “Service”).
By using the Service, you agree to the terms described below. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
When you create an account, place an order, or contact us, we collect:
- Account details: first name, last name, email address, mobile phone number.
- Authentication credentials: a hashed password (if you sign up by email) or a one-time verification code sent by SMS (if you sign in by phone). We never store SMS verification codes after they expire.
- Shipping & billing information: postal address, city, province, postal code, and a contact phone number for delivery.
- Order details: the products you buy, quantities, prices, dates, and payment outcome (success / failed / refunded).
- Wishlist: the product identifiers you save to your wishlist.
- Customer support messages: any messages, complaints, or returns requests you send us.
1.2 Information Collected Automatically
- Device push token: if you allow notifications, your device generates a Firebase Cloud Messaging (FCM) token. We store this token along with your account ID and a single flag indicating whether your device is “ios”, “android”, or “web”. This token cannot be used to identify you outside the Service.
- Server logs: our web server records standard request metadata — IP address, timestamp, User-Agent string, requested URL, and HTTP status code. These logs are kept for a maximum of 30 days and are used only for security monitoring and debugging.
- Local app storage: the App stores your login session, theme preference, language, wishlist, and a small cart cache directly on your device. This data is not transmitted to us unless you take an action that requires it (e.g. checking out).
1.3 Information We Do NOT Collect
We do not use any third-party analytics service. We do not embed advertising trackers, social media pixels, or session replay tools. We do not load fonts, scripts, or stylesheets from external CDNs. We do not sell your data to anyone, under any circumstances.
2. How We Use Your Information
We use the information described above to:
- Create and manage your account and authenticate you on the Service.
- Process your orders, prepare shipments, and arrange returns.
- Send you transactional messages — order confirmations, shipment updates, and important account notifications — via SMS, email, and in-app push.
- Send you marketing notifications (new arrivals, promotions) only if you have opted in to notifications. You can opt out at any time from your device’s system settings.
- Provide customer support and respond to your inquiries.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
3. Third-Party Service Providers
We use a small number of third-party services that may receive limited information about you for the sole purpose of delivering the Service:
| Provider | Purpose | What They See |
|---|---|---|
| Google (Firebase Cloud Messaging) | Push notification delivery | Your FCM device token + the notification content (title, body). They do not see your account ID, email, or any order details. |
| SMS Gateway | Sending one-time SMS verification codes for sign-in | Your mobile phone number and the OTP code, only for the moment of delivery. |
| Payment gateway operators (as you choose at checkout) | Processing online payments | Your order amount and a transaction reference. We do not see, store, or transmit your bank card number — it is entered directly on the gateway’s secure page. |
| Shipping carriers (post, courier of your choice) | Delivering your physical order | Your name, delivery address, contact phone, and parcel weight/contents declaration as required by carrier policy. |
Each of these providers is governed by their own privacy policy and is contractually permitted to use your data only for the stated purpose.
4. Data Retention
- Account & order data: retained for as long as your account is active, plus 7 years thereafter, to comply with commercial record-keeping requirements.
- Push tokens: retained while your device remains active; pruned automatically after 180 days of inactivity.
- Server logs: maximum 30 days, then automatically deleted.
- Customer support messages: 2 years after the conversation closes.
5. Data Security
We protect your information with the following safeguards:
- Encrypted transmission: all communication between the App and our servers uses HTTPS (TLS 1.2 or higher) with a paid, long-term SSL certificate.
- Password storage: passwords are hashed using industry-standard algorithms; we cannot recover your original password.
- Server hardening: our servers are protected by firewall rules, brute-force detection, and a dedicated Web Application Firewall layer.
- Least-privilege access: only specific Shiksho administrators with a business need can access customer records, and all such access is logged.
- API credentials: sensitive API keys live exclusively on the server and are never exposed to the App or browser.
No method of electronic transmission or storage is 100% secure. If we ever experience a data incident that affects your personal information, we will notify you and the relevant authorities as required by law.
6. Your Rights
You have the following rights regarding your personal data. To exercise any of them, email privacy@shiksho.co from the email address registered to your account, or contact us through the App.
- Access: request a copy of the personal data we hold about you.
- Correction: request that we correct inaccurate or incomplete data. (Most fields can also be edited yourself in the App under Account → Profile.)
- Deletion: request that we delete your account and associated personal data. We will honor this within 30 days, except for records we are legally required to retain (such as tax invoices for completed orders).
- Withdrawal of consent: turn off push notifications at any time from your device settings; unsubscribe from marketing SMS by replying STOP. Disabling these channels does not affect transactional messages (order confirmations, shipment updates) that we send to fulfill our contract with you.
- Data portability: request your account and order history in a machine-readable format (JSON).
- Complaint: if you believe we have mishandled your data, please contact us first. You also have the right to lodge a complaint with the relevant data protection authority.
7. Children’s Privacy
The Service is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe a child under 13 has provided us with personal information, please contact us at privacy@shiksho.co and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make a material change, we will update the “Last updated” date at the top of this page and, where appropriate, notify you in the App. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.
9. Contact Us
If you have any questions about this Privacy Policy or our handling of your personal information, please contact us:
- Email: privacy@shiksho.co
- Website: https://shiksho.co
