Privacy policy

Last updated: March 2026

1. Introduction

At Kraashi, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with and what rights you have over your data. This policy applies to all visitors and customers of kraashi.com and is fully compliant with the EU General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés), enforced by the CNIL.

Data Controller: Karan Sharma, operating as Kraashi Paris, France support@kraashi.com

2. What Data We Collect

When you visit our website or place an order, we may collect the following personal data:

Identity and Contact Data

Full name
Email address
Delivery address
Phone number (if provided)

Order and Transaction Data

Products purchased
Order value and history
Payment confirmation (we do not store card details — these are handled securely by Stripe)

Technical Data

IP address
Browser type and version
Device type
Pages visited and time spent on site
Referring website

Marketing Data

Your preferences for receiving marketing communications from us

3. How We Collect Your Data

We collect your data in the following ways:

Directly from you when you place an order, create an account or contact us
Automatically through cookies and tracking technologies when you visit our website
From third party services such as Stripe (payments) and Squarespace (website platform)

4. Why We Use Your Data and Our Legal Basis

We only process your data when we have a valid legal basis to do so under GDPR:

  
    Purpose
    Legal Basis
  
    Processing and fulfilling your order
    Performance of a contract
  
    Sending order confirmation and tracking
    Performance of a contract
  
    Responding to your enquiries
    Performance of a contract
  
    Sending marketing emails (if opted in)
    Your consent
  
    Improving our website and user experience
    Legitimate interests
  
    Complying with legal obligations
    Legal obligation
  
    Fraud prevention and security
    Legitimate interests

Purpose	Legal Basis
Processing and fulfilling your order	Performance of a contract
Sending order confirmation and tracking	Performance of a contract
Responding to your enquiries	Performance of a contract
Sending marketing emails (if opted in)	Your consent
Improving our website and user experience	Legitimate interests
Complying with legal obligations	Legal obligation
Fraud prevention and security	Legitimate interests

5. Cookies

Our website uses cookies to improve your browsing experience and analyse website traffic. In compliance with French CNIL regulations, we will ask for your consent before placing any non-essential cookies on your device.

Types of cookies we use:

Essential cookies — required for the website to function, no consent needed
Analytics cookies — help us understand how visitors use our site (requires consent)
Marketing cookies — used for targeted advertising (requires consent)

You can accept or reject non-essential cookies via our cookie banner when you first visit our website. You can change your preferences at any time via our Cookie Settings link in the website footer. Rejecting cookies is just as easy as accepting them.

6. Who We Share Your Data With

We only share your data with trusted third parties where necessary to operate our business:

Stripe — payment processing (GDPR compliant)
Squarespace — website hosting and ecommerce platform (GDPR compliant)
Fulfilment partners — your name and delivery address are shared with our fulfilment partners solely for the purpose of delivering your order
Email marketing tools — if you have opted in to marketing emails (GDPR compliant providers only)

We do not sell, rent or trade your personal data to any third party for marketing purposes.

7. International Data Transfers

Some of our third party service providers may process your data outside the European Union. Where this occurs, we ensure appropriate safeguards are in place such as Standard Contractual Clauses approved by the European Commission, to ensure your data receives the same level of protection as within the EU.

8. How Long We Keep Your Data

We only retain your personal data for as long as necessary:

  
    Data Type
    Retention Period
  
    Order and transaction data
    5 years (French legal requirement for accounting records)
  
    Customer account data
    Until account deletion or 3 years of inactivity
  
    Marketing preferences
    Until you unsubscribe or withdraw consent
  
    Technical and analytics data
    13 months maximum (CNIL recommendation)

Data Type	Retention Period
Order and transaction data	5 years (French legal requirement for accounting records)
Customer account data	Until account deletion or 3 years of inactivity
Marketing preferences	Until you unsubscribe or withdraw consent
Technical and analytics data	13 months maximum (CNIL recommendation)

9. Your Rights Under GDPR

As an EU resident you have the following rights regarding your personal data:

Right of access — you can request a copy of the data we hold about you
Right to rectification — you can ask us to correct inaccurate data
Right to erasure — you can ask us to delete your data in certain circumstances
Right to restriction — you can ask us to limit how we use your data
Right to data portability — you can request your data in a machine-readable format
Right to object — you can object to processing based on legitimate interests or for direct marketing
Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at support@kraashi.com or via our Contact page. We will respond within 30 days. We may need to verify your identity before processing your request.

10. Marketing Communications

We will only send you marketing emails if you have explicitly opted in. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at support@kraashi.com. Withdrawing consent does not affect the lawfulness of any processing carried out before you withdrew consent.

11. Data Security

We take the security of your personal data seriously. Our website uses SSL encryption for all data transmissions. Payments are processed securely by Stripe and we do not store any card details on our systems. We take appropriate technical and organisational measures to protect your data against unauthorised access, loss or destruction. In the event of a data breach that poses a risk to your rights, we will notify the relevant authorities within 72 hours as required by GDPR. Research And Markets

12. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@kraashi.com and we will delete it promptly.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the French data protection authority, the CNIL, at cnil.fr or with the data protection authority in your country of residence.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

15. Contact Us

For any questions, requests or concerns regarding this Privacy Policy or your personal data, please contact us at support@kraashi.com or via our Contact page. We aim to respond within 30 days.

PRIVACY POLICY