Legal – Mutate Skincare

Privacy Policy

This Privacy Policy explains how InHerAura Skincare Private Limited ('Mutate Skincare', 'we', 'us', or 'our') collects, uses, shares, and protects your personal information when you visit or make a purchase from our website.

Last updated: June 2025

1. Introduction

InHerAura Skincare Private Limited operates the Mutate Skincare brand and website. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy is prepared in compliance with applicable Indian law, including the Digital Personal Data Protection Act, 2023 (DPDP Act), as well as applicable international standards including the requirements of Meta Platforms, Google, and Shopify.

By accessing our website or placing an order, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your data as described herein.

2. Information We Collect

We collect information that is necessary to fulfil your orders, provide customer support, improve our services, and communicate with you about our products. The categories of personal information we collect include:

Identity & Contact Information

Full name
Email address
Phone number (including WhatsApp number)
Shipping address
Billing address

Payment Information

Payment method type (card, UPI, net banking, wallet)
Transaction identifiers and references
Billing confirmation data (processed securely by our payment partners — we do not store complete card numbers or UPI credentials on our servers)

Technical & Usage Data

Device type, operating system, and browser information
IP address and approximate geolocation
Pages visited, time spent, and click behaviour on our website
Referral source (how you arrived at our website)
Cookie identifiers and session data

Communications

Messages, queries, and complaints submitted via our contact form or by email
WhatsApp conversations with our support team
Survey responses and feedback provided voluntarily

3. How We Use Your Information

We use your personal information for the following purposes, each of which is based on a lawful reason under applicable data protection law.

Order Fulfilment & Delivery: processing and confirming your orders; coordinating delivery with our logistics partners; sending shipment tracking information; resolving delivery exceptions, failed deliveries, and returns.

Customer Support: responding to queries, complaints, and claims; verifying identity before processing refunds or replacements; maintaining records of support interactions.

Fraud Prevention & Security: detecting and preventing fraudulent orders and chargebacks; verifying the authenticity of refund and damage claims; maintaining the integrity of our ordering system.

Website Improvement & Analytics: understanding how customers use our website; testing and improving website features and content; measuring the performance of marketing campaigns.

Marketing Communications (with your consent): sending product updates, offers, and new launches via email; SMS communications regarding promotions and order status; WhatsApp messages related to order fulfilment or promotional campaigns.

Legal Compliance: complying with applicable Indian law and regulatory requirements; maintaining records as required for tax and accounting purposes.

4. Marketing Communications

With your consent, we may contact you with marketing communications via email, SMS, and WhatsApp. You may withdraw your consent and unsubscribe from marketing communications at any time by:

Clicking the 'Unsubscribe' link at the bottom of any marketing email
Replying 'STOP' or 'UNSUBSCRIBE' to any SMS communication
Contacting us directly at info@mutateskincare.com with your request
Messaging us on WhatsApp requesting removal from our list

Please note that unsubscribing from marketing communications will not affect transactional messages related to your active orders (such as shipping confirmations and delivery updates), which will continue to be sent as necessary to fulfil your purchase.

5. Third-Party Service Providers

To operate our business, we engage trusted third-party service providers who may process your personal data on our behalf. These include:

E-Commerce Platform: Shopify Inc.
Payment Processing: Razorpay Software Private Limited; Cashfree Payments India Private Limited
Logistics & Delivery: Shiprocket; Delhivery Limited; other third-party courier providers
Analytics & Advertising: Google Analytics (Google LLC); Google Ads (Google LLC); Meta Platforms, Inc. (Facebook, Instagram)

Each of these providers operates under their own privacy policies and, where applicable, their own compliance obligations. We encourage you to review their privacy practices if you have concerns about how they handle data.

6. Cookies & Tracking Technologies

We use cookies, pixels, and similar tracking technologies on our website to improve your browsing experience, understand how our website is used, and deliver relevant advertising. For detailed information about the cookies we use and your choices, please read our Cookie Policy.

7. Data Security

We implement reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include secure HTTPS encryption, access controls, and use of PCI-DSS compliant payment processors.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as is necessary to fulfil the purposes described in this Privacy Policy, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Order and transaction records are typically retained for seven (7) years in accordance with Indian accounting and tax regulations. Customer support records are retained for a period sufficient to resolve any pending claims or disputes. Marketing data is retained until you withdraw consent or request deletion.

9. Your Rights

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, you have the following rights in relation to your personal data:

Right of Access — to obtain a summary of personal data we hold about you
Right to Correction — to request correction of inaccurate or incomplete data
Right to Erasure — to request deletion of personal data where applicable
Right to Withdraw Consent — to withdraw consent for processing based on consent at any time
Right to Grievance Redressal — to raise a complaint with our designated grievance officer

To exercise any of these rights, please contact us at info@mutateskincare.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

10. Children's Privacy

Our website and products are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at info@mutateskincare.com and we will take prompt steps to delete such data.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the 'Last Updated' date at the top of this page. We encourage you to review this Privacy Policy periodically.

Your continued use of our website following any changes constitutes acceptance of the updated Privacy Policy.