Privacy Policy
At Setu Prakashani, we value your privacy and are committed to protecting your personal information. This policy explains what we collect, why we use it, who we share it with, and the choices available to you.
Last updated:
Data Controller
The data controller responsible for your personal information on this website is:
- Entity: Setu Prakashani
- Address: 12A, Shankar Ghosh Lane, Kolkata 700006
- Contact: setuprakashani@gmail.com, +91 9073816944
- Jurisdiction: Kolkata, West Bengal, India
Information We Collect
Depending on how you use our store, we may collect:
- Account: name, email address, phone number, and password hash (passwords are never stored in plain text)
- Orders: shipping and billing addresses, order line items, and payment method type (we do not store full card numbers, Cashfree and Razorpay tokenize card data)
- Automatically collected: IP address, device and browser type, session identifiers, and approximate location (country and city) inferred from your connection at the edge for currency and regional pricing
- OAuth sign-in: when you use Google sign-in, we receive profile fields provided by Google (such as name, email, and profile image) and link them to your Account record
- International orders: country and currency selection (via country-data-list and edge geo detection); we store an exchange-rate snapshot on each order (exchange_rate_at_order) for pricing and invoicing
- Communications: contact form inquiries (inquiries), exam copy requests, and support tickets matched to your email or customer profile
- Newsletter: email address when you subscribe via the site footer, plus consent timestamp and optional IP address and browser user-agent string stored as proof of opt-in
How We Use Your Information
We use personal information to:
We separate how we use email and messaging by purpose:
- Transactional (service) communications, order confirmations, payment receipts, shipping and delivery updates, return/RTO notices, password or security alerts, and responses to your support or data requests. These are sent when needed to operate your order or account and are not promotional.
- Marketing communications, newsletters, new-release announcements, and promotional offers. We send these only when you opt in via the footer form (or account marketing preference). Every marketing email includes an unsubscribe link to our confirmation page. You can also turn off marketing under Account → Privacy & Data without affecting transactional messages.
- Process and fulfil orders, including inventory reservation, payment capture, Shiprocket shipment creation, and AWB tracking
- Process payments, Cashfree for INR transactions; Razorpay for non-INR currencies and INR fallback where applicable
- Provide customer support, handle returns and RTO (return-to-origin) cases, and respond to inquiries
- Assess fraud risk and Cash-on-Delivery (COD) eligibility based on order and address signals
- Improve our website and services using aggregated, non-identifying analytics where possible
Data Sharing
We do not sell or rent your personal data. We share limited information only with trusted processors who help us operate the store:
- Shiprocket, shipping labels, courier tracking, and delivery serviceability checks
- Cashfree, INR payment processing
- Razorpay, non-INR payments and INR fallback processing
- Resend, transactional email (order updates, contact confirmations)
- Google, OAuth authentication when you choose Google sign-in
- Government or legal authorities, when required by applicable law, court order, or lawful request
We do not sell personal data. Under the California Consumer Privacy Act (CCPA), we do not sell or share personal information for cross-context behavioural advertising.
Requests to delete data held directly by third-party processors (for example, your Google account) must be submitted to those providers. We can assist with data we control; see Your Rights below.
Data Security
We use industry-standard encryption (TLS in transit), secure cloud infrastructure, access controls, and password hashing to protect your data. Payment card data is handled by certified payment gateways: we do not store full card numbers on our servers. No method of transmission over the internet is 100% secure; please use a strong, unique password for your account.
Data Retention
We retain personal information only as long as necessary:
- Account data, while your account is active; archived or anonymised after a verified deletion request (subject to legal holds)
- Order, invoice, and payment records: 8 years for GST and tax compliance (statutory business retention policy; orders are not auto-deleted)
- Newsletter consent proof (IP address and user-agent from footer signup): 2 years after your last marketing interaction, then deleted or anonymised; not used for any purpose other than demonstrating opt-in
- Marketing subscriber list, until you unsubscribe via the link in our emails or account privacy settings
- Cookies and local storage, per the retention periods listed in Cookies below
- Support inquiries and tickets, for the period needed to resolve your request and maintain a reasonable audit trail
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access, request a copy of the personal data we hold about you
- Rectification, ask us to correct inaccurate or incomplete data
- Erasure, request deletion of your data, subject to legal retention requirements
- Portability, receive your data in a structured, commonly used format where applicable
- Limit promotional processing, stop marketing emails, cart-recovery messages, and on-site promotional popups (account privacy toggle)
- Object, object to processing based on legitimate interests where applicable
- CCPA (California): right to know, delete, and opt out of sale/sharing (we do not sell personal data)
California residents and other visitors can read our dedicated Do Not Sell or Share page for opt-out information and cookie controls.
India: Digital Personal Data Protection Act (DPDP): If you are in India, you may exercise data-principal rights including access, correction, erasure, and grievance redressal. Cross-border processing may occur when we use cloud and payment providers with infrastructure outside India; we rely on contractual safeguards and applicable law. This summary is for transparency and does not constitute legal advice: formal compliance review is recommended.
Self-service: Account holders can export or delete data in your account privacy settings. The Limit promotional processing toggle stops marketing emails, abandoned-cart recovery, and promotional popups. It does not disable essential cookies, payment processing, order fulfilment, or analytics you have separately consented to via cookie preferences.
Guest and verified requests: Submit a structured request via our data request form. We email a verification link before processing. You may also contact us at setuprakashani@gmail.com if you prefer email.
Grievance contact for Indian users: setuprakashani@gmail.com · +91 9073816944
Cookies & Local Storage
We use cookies and browser storage to keep you signed in, remember your cart and checkout progress, and store your currency preference. A first-party country cookie supports regional pricing and currency display; it is not used for advertising. Essential storage is required for the site to function.
Essential storage
next-auth.session-token | __Secure-next-auth.session-token | next-auth.csrf-token | __Host-next-auth.csrf-token
Authentication (NextAuth.js session + CSRF)
Type: http cookie · Retention: Session or up to 30 days (rolling session expiry)
sp_cookie_consent
Cookie consent choice (Phase 4 — first-party JSON, SameSite=Lax)
Type: http cookie · Retention: 12 months
user_country
Stores ISO country code from edge geo lookup for currency and regional pricing
Type: http cookie · Retention: Until cleared or browser reset; re-set on next visit if missing
cart_token
Anonymous/guest cart session identifier (links browser to cart before login)
Type: http cookie · Retention: 30 days (httpOnly; set in cart API maxAge)
shopping-cart-storage
Cart persist (cartStore — items only via partialize)
Type: localStorage · Retention: Until cleared by you or browser storage reset
checkout-storage
Checkout persist (checkoutStore)
Type: localStorage · Retention: Until cleared by you or browser storage reset
Not persisted: reservationExpiresAt, acceptedTerms
currency-storage
Currency preference (currencyStore)
Type: localStorage · Retention: Until cleared by you or browser storage reset
REACT_QUERY_OFFLINE_CACHE
TanStack Query cache persist (homepage queries excluded)
Type: localStorage · Retention: Until cleared by you or browser storage reset
Optional storage
marketing_popup_session
CMS marketing modal — once per session frequency (shown only when marketing cookie consent is true)
Type: sessionStorage · Retention: Browser session
marketing_popup_shown_*
CMS marketing modal — once per user per popup id (prefix key; marketing consent required)
Type: localStorage · Retention: Until cleared
article-draft-storage
Author article draft (logged-in author flows)
Type: localStorage · Retention: Until draft is published or storage is cleared
Analytics & marketing
When you allow analytics cookies, we load a privacy-focused analytics script to understand page usage, routes, and aggregated country/device statistics. No third-party advertising pixels run today. Analytics scripts never load until you grant consent via our cookie banner or footer "Cookie settings" link.
You can manage non-essential cookies using the cookie banner on your first visit, or reopen preferences anytime via the "Cookie settings" link in the site footer. You can also clear browser storage at any time; essential cookies may be re-set when you return.
Changes to This Policy
We may update this policy when our practices or legal requirements change. Material updates will be posted on this page with a revised effective date shown at the top. Continued use of the website after changes constitutes acceptance of the updated policy.
Minors
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors without verifiable parental or guardian consent. If you believe we have collected a minor's data without consent, please contact us at setuprakashani@gmail.com and we will take appropriate steps to delete it.
Newsletter unsubscribe: use the link in any marketing email (our newsletter unsubscribe page). Account marketing emails (for example cart reminders) use our marketing unsubscribe page. You can also manage preferences in your account.