The Book and Box

Privacy Policy The Book and Box Company

  1. Who we are
  • Legal name: The Book and Box Company
  • Nature of business: E-commerce printing and packaging (custom books, boxes, and
    related printed products)
  • Website/App: https://thebookandbox.co/
  • Contact email: contact@thebookandbox.co
  • Contact number: +91 – 91766 51232
  • Registered/Corporate address: No.40, Peter’s Road, Royapettah, Chennai – 6000014
  1. Scope This Privacy Policy explains how The Book and Box Company (also “we”, “us”,
    “our”) collects, uses, shares, and protects personal information when you visit our
    website/app, place an order, contact support, or pay using Razorpay and other payment
    methods. By using our services, you consent to this Privacy Policy.
  2. Information we collect a) Information you provide
  • Contact details: name, email, phone number, billing and shipping address
  • Account details: username, passwords (hashed), communication preferences
  • Order details: products ordered, quantities, customization options, instructions
  • Content for printing: files, images, text, artwork, photographs, names or other personal
    data you upload for us to print
  • Support communications: messages, call recordings (if any), feedback, survey
    responses
  • Tax/GST information where applicable
    b) Payment data
  • We use Razorpay Software Private Limited (“Razorpay”) to process payments (cards,
    UPI, net banking, wallets, pay later).
  • We do not collect or store your full card numbers, CVV, or UPI PIN. Such data is
    captured and processed by Razorpay on its secure, PCI-DSS compliant systems.
  • We may receive limited payment information from Razorpay (e.g., transaction ID,
    masked card details like last 4 digits, card network, payment status, issuer bank, UPI
    VPA mask, failure reason) to confirm and fulfill your order, handle refunds, and prevent
    fraud.
    c) Automatically collected data
  • Device and usage data: IP address, browser type/version, device identifiers, operating
    system, referral URLs, pages viewed, time/date, session duration
  • Cookies, pixels, SDKs, and similar technologies. See “Cookies” below.
  1. How we use your information
  • Provide, process, and deliver orders; print and package uploaded content
  • Process payments, refunds, and reconciliations via Razorpay
  • Communicate order updates, invoices, support responses, and service notices
  • Improve, troubleshoot, and personalize our website/app and services
  • Prevent, detect, and investigate fraud, abuse, and security incidents
  • Comply with legal, accounting, taxation, KYC, and regulatory obligations
  • Marketing and promotions (only with your consent or as permitted by law); you can opt
    out at any time
  1. Special note on content you upload for printing
  • You control and are responsible for the content you submit, including ensuring you have
    the rights, permissions, and, where applicable, consent of any individuals whose
    personal data is included.
  • We process such content solely to provide the requested printing/packaging services,
    quality checks, and customer support. We do not use your uploaded content for
    advertising without your permission.
  1. Legal bases/grounds for processing Depending on your location and applicable law, we rely
    on:
  • Performance of a contract (to fulfill your order)
  • Legitimate interests (e.g., security, fraud prevention, service improvement)
  • Consent (e.g., certain marketing cookies, promotional emails/SMS/WhatsApp)
  • Compliance with legal obligations (tax, accounting, regulatory requirements)
  1. Sharing and disclosure We do not sell your personal information. We may share it with:
  • Payment processor: Razorpay Software Private Limited to process payments, risk
    checks, refunds, and chargebacks.
  • Logistics and delivery partners: to ship your orders and manage returns
  • Printing, packaging, and fulfillment partners: to produce and deliver your customized
    products
  • Cloud hosting, analytics, and IT/security providers: to operate our website/app and
    services
  • Customer support tools and communication platforms: for emails, SMS, WhatsApp,
    calls
  • Professional advisors and auditors: for compliance and business operations
  • Government, law enforcement, and regulators: where required by law or to protect
    rights, safety, and security
  • Business transfers: in connection with mergers, acquisitions, financing, or sale of
    assets, subject to appropriate safeguards
  1. Payments via Razorpay
  • We have integrated Razorpay as our payment gateway to accept cards (including
    tokenized cards as permitted by RBI), UPI, net banking, wallets, and pay-later options.
  • Razorpay collects and processes your payment data in accordance with PCI-DSS and
    applicable RBI guidelines. We receive only the information necessary to confirm
    payment, fulfill your order, and manage refunds.
  • We do not store full card data or UPI PINs on our servers. Razorpay may store tokenized
    card details or masked identifiers in compliance with Indian regulations to enable faster
    future checkouts if you consent.
  1. Cookies and tracking technologies
  • Types: strictly necessary cookies, performance/analytics, functionality, and
    advertising/retargeting cookies
  • Purposes: log-in/session management, remembering preferences, analytics, improving
    site performance, and measuring marketing effectiveness
  • Your choices: you can manage cookie preferences via our cookie banner or your browser
    settings. Blocking certain cookies may impact site functionality.
  1. Data retention
  • Orders, invoices, and related transaction records: retained for as long as needed to
    fulfill your order and for legal, tax, and accounting purposes, typically up to 8 years from
    the end of the relevant financial year or longer if required by law.
  • Customer account data: retained while your account is active and for a reasonable
    period thereafter or as required by law.
  • Marketing data: retained until you opt out or for a period consistent with applicable law
    and our operational needs.
  • Uploaded print content: retained only as long as necessary to fulfill your order, handle
    reprints/quality issues, comply with law, or as you instruct. You may request deletion
    subject to lawful retention requirements.
  1. Data security
  • We implement administrative, technical, and physical safeguards designed to protect
    personal data, including encryption in transit, access controls, and secure development
    practices.
  • Payment data security: Online payments are processed by Razorpay on PCI-DSS
    compliant systems. Do not share your full card details, CVV, or UPI PIN with anyone,
    including our staff.
  1. International data transfers
  • We may store or process data on servers or with service providers located outside your
    state or country. Where required, we apply appropriate safeguards (such as contractual
    protections) to protect your information.
  1. Your rights and choices Subject to applicable law, you may have the right to:
  • Access and obtain a copy of your personal data
  • Correct or update inaccurate data
  • Delete/erase data, or restrict/object to certain processing
  • Withdraw consent for processing that relies on consent (e.g., marketing)
  • Opt out of marketing communications at any time from emails/SMS/WhatsApp links or
    by contacting us
  • Lodge a complaint with a data protection authority where applicable
    To exercise rights, contact us at [Insert privacy/contact email]. We may need to verify your
    identity before responding. We aim to respond within applicable statutory timeframes.
  1. Communications preferences
  • Transactional messages: We will send service and order-related communications even if
    you opt out of marketing.
  • Marketing: You can opt out via the unsubscribe link or by contacting us.
  1. Children’s privacy
  • Our services are intended for individuals 18 years and older. We do not knowingly
    collect personal data from children. If you believe a child has provided data, contact us
    to delete it.
  1. Third-party links and services
  • Our site may contain links to third-party websites or services (including Razorpay’s
    pages). We are not responsible for their privacy practices. Review their policies before
    providing personal information.
  1. Changes to this policy
  • We may update this Privacy Policy from time to time. The “Effective date” indicates the
    latest revision. Material changes will be notified via our website/app or by email where
    appropriate.
  1. Contact and grievance redressal
  • For questions, requests, or complaints about this Privacy Policy or your personal data,
    contact: Email: [Insert privacy/contact email] Phone: [Insert phone] Address: [Insert full
    postal address]
  • Grievance Officer (as per applicable Indian law): Name: [Insert name] Email: [Insert
    grievance officer email] Address: [Insert address] Working hours: [Insert hours and time
    zone]
  1. Jurisdiction
  • This Privacy Policy is governed by the laws of India, without prejudice to rights you may
    have under other applicable laws based on your location.
    Note: Replace bracketed placeholders with your actual company details and URLs, and add
    links to your Terms & Conditions, Refund/Cancellation Policy, and Shipping/Delivery Policy on
    your website.