Legal & Compliance

Privacy
Policy

We collect only what we need, we never sell your data, and we give you full control over what we hold. This policy explains exactly what we do with your personal information — in plain language.

Effective: 1 June 2025  ·  Last updated: June 2025  ·  Applies to: meyush.com & meyush.co.in

Plain-Language Summary — The Short Version

🔒

We never sell your data

Your personal information is never sold, rented, or traded to third parties for marketing purposes. Ever.

📦

We collect only what's needed

We collect your name, email, and shipping address to fulfil your order. Payment details go directly to our payment processor — we never see your card number.

✉️

You control your email

If you sign up for our newsletter, you can unsubscribe at any time with one click. We will not email you without your permission.

🗑️

You can request deletion

Email us at hello@meyush.com and we will delete your personal data within 30 days, subject to legal retention requirements.

01

Who we are

This Privacy Policy applies to MEYUSH, a premium herbal wellness brand operated by MEYUSH, based at Sonarpur, Kolkata, West Bengal 700150, India.

We operate two websites:

• meyush.com — our international store, serving customers in the USA, UK, Australia, UAE, and worldwide, with prices in USD

• meyush.co.in — our India store, serving domestic customers with prices in INR

Both websites are built on the Wix platform. For privacy purposes, MEYUSH is the data controller — meaning we determine how and why your personal data is processed. Our primary contact for all privacy matters is hello@meyush.com.

02

What personal data we collect

We collect personal data in three ways: information you give us directly, information collected automatically when you use our website, and information from third parties (such as payment processors). Here is exactly what that includes:

Information you provide to us

DataWhen collectedWhy

Full nameAt checkoutTo address your order and shipping label

Email addressAt checkout, newsletter signup, or contact formOrder confirmation, shipping updates, and (with consent) marketing

Shipping addressAt checkoutTo deliver your order

Phone numberAt checkout (optional)For courier contact if there is a delivery issue

Message contentVia contact formTo respond to your enquiry

Waitlist emailComing Soon product signupTo notify you when a product launches

Payment information

We do not collect or store your payment card details. All payment processing is handled directly by our payment partners — Stripe (international) and Razorpay (India). These providers are PCI-DSS compliant and process your card data on their own secure servers. We receive only a transaction confirmation and the last four digits of your card for reference.

Information collected automatically

• IP address — used to estimate your general location for currency display (INR vs USD) and for security purposes

• Browser type and device — used to ensure the website displays correctly on your device

• Pages visited and time spent — collected via analytics to understand how our website is used and to improve it

• Referral source — how you arrived at our website (e.g. Google search, Instagram link)

• Cookies and similar technologies — see the Cookies section below for full details

We do not collect: sensitive personal data (such as health information, ethnicity, or biometric data), government ID numbers, or any data relating to children under the age of 16.

03

How we use your data

We use your personal data only for the following purposes:

To fulfil your order

When you place an order, we use your name, email, address, and phone number to process your payment, pack your products, arrange shipping, and send you tracking information. This is the primary reason we collect data, and it is necessary to perform our contract with you.

To communicate with you about your order

We send transactional emails including order confirmation, dispatch notification, and delivery updates. These are not marketing emails — they are essential communications related to your purchase and you cannot opt out of them without cancelling your order.

To send marketing communications (with your consent only)

If you subscribe to our newsletter or tick the marketing consent box at checkout, we may send you emails about new products, farmer stories, blog posts, promotions, and seasonal launches. You can unsubscribe at any time using the unsubscribe link in any email, or by emailing hello@meyush.com. We will never send you marketing communications without your explicit consent.

To improve our website and products

We use anonymised analytics data to understand how visitors use our website — which pages are most visited, where people drop off, and how our product pages perform. This helps us make our website easier to use and our products better. This data is aggregated and does not identify you personally.

To prevent fraud and maintain security

We may use IP address and transaction data to detect and prevent fraudulent orders. This is a legitimate interest that protects both MEYUSH and our genuine customers.

To comply with legal obligations

We may be required to retain certain data (such as purchase records) for tax, accounting, or legal compliance purposes under Indian law and the laws of other jurisdictions where we operate.

04

Legal basis for processing

For customers in the European Union, United Kingdom, and other jurisdictions with similar frameworks, we process your personal data on the following legal bases under the GDPR and equivalent laws:

Processing ActivityLegal Basis

Fulfilling your order and delivering productsContract — necessary to perform our contract with you (Art. 6(1)(b) GDPR)

Sending order confirmation and shipping updatesContract — necessary to perform our contract with you

Sending marketing newsletters and product launchesConsent — you have given clear, affirmative consent (Art. 6(1)(a) GDPR)

Website analytics and performance improvementLegitimate interests — improving our service, balanced against your privacy rights (Art. 6(1)(f) GDPR)

Fraud prevention and securityLegitimate interests — protecting our business and customers from fraud

Retaining purchase records for tax purposesLegal obligation — required by applicable tax and accounting law (Art. 6(1)(c) GDPR)

For customers in India, we process data in compliance with the Digital Personal Data Protection Act 2023 (DPDPA) and its associated regulations. Your consent is obtained at the point of data collection and you retain the rights described in the Your Rights section below.

05

Who we share your data with

We never sell, rent, or trade your personal data. We share data only with the service providers we need to operate our business, and only to the minimum extent required.

The following third-party service providers may receive your personal data as necessary to operate our service:

ProviderPurposeData SharedLocation

Wix.comWebsite platform and hostingAll data you submit via our websiteUSA (adequacy / SCCs)

StripePayment processing (international)Name, email, billing address, transaction amountUSA (adequacy / SCCs)

RazorpayPayment processing (India)Name, email, billing address, transaction amountIndia

Shipping courier (e.g. India Post, DHL, FedEx)Order fulfilment and deliveryFull name, delivery address, phone numberVaries by destination

Google AnalyticsWebsite traffic and behaviour analyticsAnonymised IP, page views, device type, session dataUSA (adequacy / SCCs)

Wix Ascend / Email marketingEmail newsletters (with consent)Name, email address, email engagement dataUSA (adequacy / SCCs)

Instagram / MetaSocial media integration (embedded posts)No personal data transmitted unless you interactUSA

We require all third-party providers to maintain appropriate security standards and to use your data only for the purposes we specify. We do not permit them to use your data for their own marketing purposes.

Legal disclosures

We may disclose your personal data if required to do so by law, court order, or government authority — for example, in connection with a legal investigation, tax audit, or regulatory requirement. We will notify you of any such disclosure where we are legally permitted to do so.

Business transfers

In the event of a merger, acquisition, or sale of all or part of MEYUSH, your personal data may be transferred as part of that transaction. We will notify you via email before your data is transferred and becomes subject to a different privacy policy.

06

Cookies and tracking technologies

Our website uses cookies — small text files placed on your device — and similar tracking technologies. Here is what we use and why:

Cookie TypePurposeDurationCan you opt out?

Essential / FunctionalKeep your cart active, remember your region (India/international), maintain your session while browsingSession to 30 daysNo — required for the website to function

AnalyticsGoogle Analytics — understand page views, traffic sources, device types. Data is anonymised.Up to 2 yearsYes — via our cookie banner or browser settings

Marketing / RetargetingMeta Pixel (Facebook/Instagram) — used to measure ad performance and show relevant ads to people who have visited our siteUp to 180 daysYes — via our cookie banner

PreferenceRemember your cookie consent choice and language/currency preference1 yearNo — needed to remember your choices

Managing cookies

When you first visit our website, you will be shown a cookie consent banner. You can accept all cookies, reject non-essential cookies, or customise your preferences. You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer.

You can also control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website — for example, your cart may not persist between sessions. For instructions on managing cookies in your browser, visit aboutcookies.org.

07

How long we keep your data

We keep your personal data only for as long as is necessary for the purpose it was collected, or as required by law.

Data TypeRetention PeriodReason

Order and transaction records7 yearsRequired for tax and accounting purposes under Indian law (and equivalent international obligations)

Customer account dataDuration of account + 2 years after last activityTo service your account and handle any disputes

Email marketing listUntil you unsubscribe or request deletionActive consent basis

Contact form messages2 yearsTo maintain a record of customer communications

Waitlist emailsUntil the product launches + 6 months, or until you unsubscribeTo fulfil the purpose you provided your email for

Analytics data26 months (Google Analytics default)To understand long-term trends

Cookie consent records3 yearsTo demonstrate compliance with consent requirements

When data is no longer needed, we delete or anonymise it securely. If you request deletion of your account or data before a retention period expires, we will delete what we can immediately and restrict processing of the remainder to legal compliance purposes only.

08

International data transfers

MEYUSH is based in India. When you place an order from the United States, United Kingdom, European Union, Australia, or any other country, your personal data will be transferred to and processed in India.

Additionally, some of our third-party service providers (including Wix and Stripe) process data in the United States. Where data is transferred from the EU or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms, to ensure your data is protected.

By using our website and placing an order, you acknowledge that your data may be transferred internationally as described in this policy. We take reasonable steps to ensure that any international transfer is conducted securely and in compliance with applicable data protection laws.

09

Your rights over your personal data

Depending on where you are located, you have the following rights regarding your personal data. We honour these rights for all customers, regardless of jurisdiction.

👁️

Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days.

✏️

Right to Rectification

If any data we hold is inaccurate or incomplete, you can ask us to correct it.

🗑️

Right to Erasure

You can ask us to delete your personal data. We will do so within 30 days, subject to legal retention requirements.

⏸️

Right to Restrict Processing

You can ask us to stop using your data for certain purposes while a dispute is resolved.

📤

Right to Data Portability

You can request your data in a structured, machine-readable format (e.g. CSV) to transfer to another provider.

🚫

Right to Object

You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds.

↩️

Right to Withdraw Consent

Where we rely on consent (e.g. marketing emails), you can withdraw it at any time. This does not affect processing before withdrawal.

🤖

Right Against Automated Decisions

We do not use automated decision-making or profiling that produces legal or significant effects on you.

How to exercise your rights

To exercise any of the above rights, email us at hello@meyush.com with the subject line "Data Rights Request". We may ask you to verify your identity before processing your request. We will respond within 30 days (or within the timeframe required by applicable law, if shorter).

Unsubscribing from marketing

The fastest way to stop receiving marketing emails is to click the unsubscribe link at the bottom of any email we send. This takes effect immediately. Alternatively, email us and we will remove you manually within 5 business days.

Right to lodge a complaint

If you believe we have mishandled your personal data and are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

• India: Data Protection Board of India (once fully constituted under the DPDPA 2023)

• European Union: Your national Data Protection Authority (e.g. CNIL in France, BfDI in Germany)

• United Kingdom: Information Commissioner's Office (ICO) at ico.org.uk

• United States: Your state Attorney General's office (specific rights vary by state — California residents have additional rights under the CCPA/CPRA)

• Australia: Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

We would always prefer to resolve any concern directly before you escalate to a regulator. Please email us first — we will respond personally and work to put things right.

10

Children's privacy

Our website and products are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@meyush.com and we will delete that information promptly.

11

How we protect your data

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. These include:

• SSL / TLS encryption on all pages of meyush.com and meyush.co.in — all data transmitted to and from our website is encrypted in transit

• PCI-DSS compliant payment processing via Stripe and Razorpay — we never transmit or store raw card data on our servers

• Access controls — access to customer data within the MEYUSH team is limited to those who need it to fulfil your order

• Wix platform security — our website infrastructure is managed by Wix, which maintains its own comprehensive security programme

• Regular review — we review our data practices periodically and update this policy when our practices change

No method of data transmission over the internet is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

12

Changes to this policy

We may update this Privacy Policy from time to time — for example, when we launch new products, add new third-party services, or when the law changes. When we make significant changes, we will:

• Update the "Last updated" date at the top of this page

• Post a notice on our website homepage for at least 30 days after the change

• Where the change significantly affects how we use your data, email you directly with a summary of what has changed

We encourage you to review this policy periodically. Your continued use of our website after a policy update constitutes acceptance of the revised terms, to the extent permitted by applicable law.

Previous versions of this policy are available on request — email hello@meyush.com.

13

Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please get in touch. We read every email ourselves.

We're here to help

Email: hello@meyush.com
Subject: Privacy — [your request]
Address: MEYUSH, Sonarpur, Kolkata,
West Bengal 700150, India

We respond to all privacy enquiries within 5 business days.

Email Us

A note from us: Privacy policies are often written for lawyers, not people. We have tried to write this one so that you can actually read it and understand what we do with your information. If anything is unclear, or if something here concerns you, please ask. We will explain it plainly.