Privacy policy

Privacy Policy

Last updated: 29th April 2026

This Privacy Policy explains how Clockwork Rituals Pvt. Ltd. (“Clockwork”, “we”, “our” or “us”) collects, uses, processes and protects your personal data when you visit, use, or purchase from www.clockworkrituals.com (the “Website”) or otherwise interact with us.

We are committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and the rules made thereunder, and other applicable laws of India.

For the purposes of this policy, Clockwork acts as a Data Fiduciary and you are the Data Principal.

 

 

1. Who we are

Detail

Value

Legal name

Clockwork Rituals Pvt. Ltd.

Registered office

FF 021, Emerald Plaza, Golf Course Ext. Road, Gurugram, Haryana 122018, India

CIN

U20235HR2025PTC135310

GSTIN

06AANCC0100B1ZK

Email

hello@clockworkrituals.com

Grievance Officer

Rohan Arora, Director · grievance@clockworkrituals.com

 

 

2. The personal data we collect

We collect only the personal data we need to operate the Website, fulfil your orders, and improve your experience. The categories are:

Information you give us directly - Identity: full name, email address, mobile number - Order: shipping address, billing address, GSTIN (if you provide it for B2B invoicing) - Account: username, password (stored hashed and salted), preferences - Customer support: contents of messages you send to us - Partner Program (dentists only): clinic name, clinic address, Dental Council of India registration number (if voluntarily provided), bank account details (collected and stored only inside our encrypted partner portal, never on the Website)

Information collected automatically - Device: IP address, browser type and version, operating system, device identifiers - Usage: pages visited, time on page, referring URL, click activity - Cookies and similar technologies (see Section 8)

Information we receive from third parties - Payment confirmation data from Shopify Payments / Razorpay / other authorised payment processors - Delivery status from logistics partners (Bluedart, Delhivery, India Post, etc.) - Identity verification data from KYC providers (only for partner dentists, where applicable)

We do not knowingly collect personal data from anyone under the age of 18.

 

 

3. Why we use your data (purposes)

We process your personal data only for specified, lawful purposes:

  • To accept, process, fulfil and deliver your orders

  • To provide customer support and respond to your queries

  • To send transactional communications (order confirmations, dispatch updates, refund notices)

  • To comply with statutory and regulatory obligations (tax, GST, accounting)

  • To detect and prevent fraud, abuse, and security incidents

  • With your consent, to send marketing communications about new products, offers, and content

  • To analyse Website performance and improve our services

  • To operate the Clockwork Partner Program for licensed dental professionals

 

 

4. The legal basis on which we process your data

We process your personal data on one or more of the following lawful bases under the DPDP Act:

  • Your consent, where you have given clear consent (e.g., subscribing to newsletters)

  • Performance of a contract, where processing is necessary to fulfil our obligations to you (e.g., delivering your order)

  • Compliance with a legal obligation, where required by law (e.g., GST records, tax invoices)

  • Legitimate uses as specified under Section 7 of the DPDP Act, including responding to medical emergencies and ensuring safety in disasters

 

 

5. Your rights as a Data Principal

Under the DPDP Act, you have the following rights:

  • Right to access: request a copy of the personal data we hold about you and information on how it is processed

  • Right to correction: request correction of inaccurate or incomplete data

  • Right to erasure: request deletion of your personal data, subject to legal retention obligations

  • Right to nominate: nominate another individual to exercise your rights in the event of your death or incapacity

  • Right to grievance redressal: contact our Grievance Officer (see Section 11)

  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, write to grievance@clockworkrituals.com with the subject line “DPDP Data Principal Request — [your right]”. We will respond within thirty (30) days.

 

 

6. How long we keep your data (retention)

We retain personal data only as long as necessary to fulfil the purposes for which it was collected, or as required under applicable law:

Data category

Retention period

Order and transaction records

8 years from the date of transaction (per Companies Act, 2013 and GST Act)

Customer account data

Until account deletion is requested, plus 12 months for fraud prevention

Marketing consent and email lists

Until consent is withdrawn or 3 years of inactivity

Customer support correspondence

3 years from the last contact

Partner Program records

6 years from termination of the partnership

Website analytics (anonymised)

26 months

After the applicable retention period, data is deleted, anonymised, or archived securely as required by law.

 

 

7. With whom we share your data

We share personal data only with parties who help us run the business and only on a need-to-know basis. These include:

Service providers (Data Processors): - Shopify Inc. — e-commerce platform and order processing - Razorpay / Shopify Payments — payment processing - Bluedart, Delhivery, India Post and other logistics partners — order delivery - Klaviyo — marketing email delivery (only for those who consent to marketing) - GoAffPro — Partner Program portal (dentist partners only) - Google Analytics — website performance analytics

All such processors are bound by contractual confidentiality and security obligations.

Legal disclosures: We may disclose data when required by law, court order, or to protect Clockwork’s legal rights.

Business transfers: If Clockwork is involved in a merger, acquisition or asset sale, your personal data may be transferred to the successor entity, subject to confidentiality obligations.

We do not sell your personal data to any third party.

 

 

8. Cookies and tracking technologies

We use cookies and similar technologies for these purposes:

  • Strictly necessary — to remember your cart, log you in, and keep your session secure (cannot be disabled)

  • Functional — to remember your preferences and personalise your experience

  • Analytics — to understand how the Website is used (Google Analytics)

  • Attribution — to track Partner Program referrals (GoAffPro affiliate cookie, 30-day duration)

  • Marketing — to measure ad performance, only with your consent

You can manage cookie preferences via the cookie banner on the Website or your browser settings. Disabling certain cookies may impair functionality.

 

 

9. Data transfers outside India

Some of our service providers (such as Shopify and Klaviyo) process data on servers located outside India. We transfer data outside India only:

  • to jurisdictions notified by the Government of India under Section 16 of the DPDP Act, or

  • where the processor has implemented contractually equivalent protections recognised under the DPDP Act.

If you have concerns about international transfers, contact our Grievance Officer.

 

 

10. Security of your data

We implement reasonable security practices and procedures consistent with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and with industry standards including ISO/IEC 27001-aligned controls for our most sensitive data.

These include: - TLS encryption in transit - Encryption at rest for sensitive data such as bank details (held inside the GoAffPro encrypted vault, never on Shopify or our general systems) - Access controls and least-privilege principles for employees and processors - Regular security reviews of our processors

While we take security seriously, no method of internet transmission is fully secure. In the unlikely event of a data breach, we will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act.

 

 

11. Grievance redressal

If you have a complaint about how we handle your personal data, you can contact our Grievance Officer:

Rohan Arora, Grievance Officer Clockwork Rituals Pvt. Ltd. FF 021, Emerald Plaza, Golf Course Ext. Road, Gurugram, Haryana 122018 Email: grievance@clockworkrituals.com

We will acknowledge your complaint within 48 hours and resolve it within 30 days, in accordance with the DPDP Act and Information Technology Rules.

If your concern is not resolved to your satisfaction, you may approach the Data Protection Board of India once it is constituted, or any other authority of competent jurisdiction.

 

 

12. Children’s privacy

The Website is not intended for children under 18. If we discover that we have collected personal data from a person under 18 without verifiable parental consent, we will delete it promptly. If you believe we hold such data, please contact us at grievance@clockworkrituals.com.

 

 

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated to registered users by email at least 14 days before they take effect.

 

 

If anything here is unclear, write to us at grievance@clockworkrituals.com — we will get back to you within one business day.