Last revised 20 May 2026. SOISU Furniture LLP (“SOISU”, “we”) is the Data Fiduciary for data collected through decor.soisu.com.

1 · What we collect

  • Account data — name, email, password (hashed), phone (optional).
  • Order data — shipping address, items, order history.
  • Payment metadata — transaction ID, last 4 digits of card. We never see or store full card numbers; that is Razorpay's responsibility.
  • Behavioural — pages viewed, items added to cart, abandoned carts. Used to improve the site and to send relevant editorial.
  • Cookies — strictly-necessary (cart, session) and analytics (GA4, Plausible). We do not use third-party advertising cookies.

2 · How we use it

  • To fulfil your order — share with our logistics partner (Delhivery, Shiprocket, BlueDart).
  • To send order updates via WhatsApp and email — order confirmation, QC photo, dispatch, delivery, returns.
  • To send editorial (Journal articles, festive drops, Studio program invitations) — only if you opt in.
  • To improve the site and the product.
  • To comply with Indian law — GST invoicing, tax filings.

3 · Who we share with

We share only what each partner needs to do their job:

  • Razorpay — payment processing.
  • Delhivery / Shiprocket / BlueDart — shipping address, phone, order details.
  • Shopify — catalog and checkout backend.
  • Sanity.io — editorial content (no customer data).
  • AiSensy — WhatsApp Business API for order updates and customer support.
  • Google Analytics 4, Plausible — anonymised analytics.

We do not sell or rent your data. We do not share it with third parties for their marketing.

4 · Your rights under DPDP Act 2023

Under India's Digital Personal Data Protection Act 2023, you have the right to:

  • Access the data we hold about you.
  • Correct any inaccuracy.
  • Withdraw consent (we'll keep only what we're legally required to — orders for tax filings, for instance).
  • Erase your data on request, where lawful.
  • Nominate someone to act on your behalf in case of incapacity.
  • Lodge a grievance with our Data Protection Officer.

To exercise any of these, write to rohan@soisu.com. We'll respond within 30 days.

5 · Security

We use Netlify for hosting (TLS 1.3, HSTS), Shopify for commerce (SOC 2 Type II), and Razorpay for payments (PCI-DSS Level 1). Passwords are bcrypt-hashed; we never see your password in plain text.

6 · Children

SOISU Decor is not intended for users under 18. We do not knowingly collect data from minors.

7 · Contact

For any question on this policy, or to exercise any DPDP right, write to rohan@soisu.com or WhatsApp +91 79779 59379.