SHANSHAL

Privacy Policy

Last Updated: November 17, 2025

1. Introduction

Welcome to Shanshal ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By using our website, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us when you:

  • Create an Account: Email address and password (stored securely in encrypted form)
  • Complete Your Profile: Name, email address, phone number, delivery address, city, and preferred payment method
  • Place an Order: Customer name, email, phone number, delivery address, city, delivery notes, and payment information
  • Contact Us: Contact information (email or phone), message type, subject, and message content
  • Request Corporate Offerings: Corporate email address, company name, role, and message (when applicable)
  • Link Corporate Email: Corporate email address for verification and association with corporate accounts
  • Subscribe to Newsletter: Email address
  • Upload Content: Corporate logos and other images you upload

2.2 Automatically Collected Information

When you use our website, we automatically collect certain information:

  • Session Data: Authentication tokens and session information stored in cookies
  • Cart Data: Shopping cart contents stored in your browser's local storage
  • Custom Box Data: Custom chocolate box configurations stored in localStorage
  • Usage Data: Information about how you interact with our website (collected through standard web server logs)

2.3 Information from Third Parties

We may receive information about you from third-party services:

  • Authentication Services: User authentication is handled by Supabase Auth
  • Payment Processing: Payment information is processed securely (currently cash on delivery)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management: To create and manage your account, authenticate your identity, and provide access to our services
  • Order Processing: To process, fulfill, and deliver your orders, including communicating with you about your orders
  • Customer Service: To respond to your inquiries, complaints, suggestions, and requests
  • Corporate Services: To verify corporate email addresses, link corporate accounts, and provide corporate discounts and benefits
  • Communication: To send you order confirmations, updates, newsletters (with your consent), and important service-related communications
  • Personalization: To personalize your experience and provide content and features relevant to your interests
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements
  • Business Operations: To analyze usage patterns, improve our services, and develop new features

4. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We share information with trusted third-party service providers who assist us in operating our website, conducting our business, or serving our users (e.g., Supabase for database and authentication services)
  • Corporate Partners: If you link a corporate email and are associated with a corporate account, we may share relevant information with the corporate entity for account management and benefit administration
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of others
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
  • With Your Consent: We may share your information with your explicit consent or at your direction

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Passwords are encrypted and stored securely. Sensitive data is transmitted using encryption protocols
  • Secure Storage: Your data is stored on secure servers provided by Supabase, which implements industry-standard security measures
  • Access Controls: Access to your personal information is restricted to authorized personnel who need it to perform their duties
  • Regular Updates: We regularly update our security practices and systems to protect against unauthorized access, alteration, disclosure, or destruction

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Cookies and Local Storage

We use cookies and local storage technologies to enhance your experience:

  • Authentication Cookies: Used to maintain your login session and authenticate your identity
  • Cart Storage: Shopping cart contents are stored in localStorage to preserve your selections between sessions
  • Custom Box Storage: Custom chocolate box configurations are stored in localStorage
  • Preference Storage: UI preferences (such as sidebar state) may be stored in cookies

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website, including maintaining a shopping cart or staying logged in.

7. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: You can access and update your account information through your profile page
  • Correction: You can correct inaccurate or incomplete information by updating your profile
  • Deletion: You can request deletion of your account and associated data by contacting us
  • Corporate Email: You can link or unlink your corporate email address at any time through your profile settings
  • Newsletter: You can unsubscribe from our newsletter at any time using the unsubscribe link in our emails
  • Data Portability: You can request a copy of your personal data in a structured, machine-readable format
  • Withdraw Consent: You can withdraw your consent for certain data processing activities at any time

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Information: Retained for the duration of your account and for a reasonable period after account closure for legal and business purposes
  • Order Information: Retained for at least 7 years to comply with financial and tax regulations
  • Contact Messages: Retained for as long as necessary to respond to your inquiries and for record-keeping purposes
  • Corporate Email Verification Tokens: Expire after 24 hours or upon successful verification
  • Newsletter Subscriptions: Retained until you unsubscribe or request deletion

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our services, you consent to the transfer of your information to these countries. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Third-Party Services

Our website uses third-party services that may collect information:

  • Supabase: We use Supabase for database storage, authentication, and file storage. Supabase's privacy practices are governed by their own privacy policy
  • Next.js: Our website is built on Next.js, which may collect standard web server logs

We encourage you to review the privacy policies of these third-party services to understand how they handle your information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiries within a reasonable timeframe.

14. Governing Law

This Privacy Policy is governed by and construed in accordance with applicable data protection laws. Any disputes arising from this Privacy Policy will be resolved in accordance with the laws of the jurisdiction in which we operate.