Privacy
Policy

At Checkout:

• Full name
• Email address (used to deliver download links)
• WhatsApp / phone number (optional, for order support)
• UPI transaction reference / UTR number
• Payment screenshot (optional, stored in encrypted storage)

Automatically Collected:

• IP address (logged at time of download for fraud prevention)
• Browser and device type (via standard web logs)
• Pages visited and time spent (anonymous analytics only)

• Order Fulfillment: Your name and email are used to deliver download links and send order status updates.
• Fraud Prevention: IP addresses and payment references help us detect and block fraudulent orders.
• Customer Support: Contact details may be used to resolve disputes or support requests.
• Product Improvement: Anonymized usage data helps us improve the store experience.

We do not use your data for advertising, profiling, or third-party marketing.

Your data is stored securely on Supabase — a SOC 2 Type II compliant infrastructure provider. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Payment screenshots are stored in an access-controlled private bucket and are only accessible to verified admins.

We enforce Row-Level Security (RLS) policies on all database tables to ensure no unauthorized access to your order data.

• Session Cookies: Used only to maintain your cart across page loads. No third-party tracking cookies.
• localStorage: Used to store your cart contents and applied coupon codes locally in your browser.
• No Analytics Scripts: We do not use Google Analytics, Facebook Pixel, or similar third-party tracking.

We use the following trusted services to operate our store:

• Supabase — Database, authentication, and file storage.
• Resend — Transactional email delivery (order confirmations).
• VirusTotal API — Automated malware scanning of all uploaded files.

Each of these services has their own privacy policy. We share only the minimum data required for them to function.

You have the right to:

• Access — Request a copy of all personal data we hold about you.
• Correction — Request correction of inaccurate data.
• Deletion — Request deletion of your personal data, subject to legal retention requirements.
• Portability — Request your data in a machine-readable format.

To exercise any of these rights, contact us. We will respond within 30 days.

We retain order data (name, email, UTR) for a minimum of 3 years as required by financial record-keeping regulations. You may request anonymization of your personal identifiers after this period. Download logs are retained for 12 months.

Pearl Digital Store is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated via a site notice. Continued use of Pearl after changes constitutes acceptance.

For privacy-related questions, data requests, or concerns, please reach out via our Contact page. We aim to respond within 48 hours.