Privacy policy
PRIVACY POLICY
Effective date: July 1, 2026
Veracyl ("Veracyl", "we", "us") respects your privacy and handles personal data in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the Digital Personal Data Protection Rules, 2025 (the "DPDP Rules"), as they come into force in phases. This Privacy Policy explains what personal data we collect, why, how we use and share it, how long we keep it, and your rights.
1. WHO WE ARE (DATA FIDUCIARY)
1.1. For the purposes of the DPDP Act, Veracyl, a partnership firm, is the Data Fiduciary. Contact: connect@veracyl.com | +91 6362570259.
2. PERSONAL DATA WE COLLECT
2.1. Account and contact data: name, email address, phone number, organization or institution, and role.
2.2. Order and transaction data: products ordered, order history, billing and shipping addresses, and payment confirmation. We do not store full card details; payments are processed by third-party providers.
2.3. Credential and verification data: information and documents you provide to prove you are a Qualified Researcher, which may include institutional affiliation, professional or institutional identification, and a statement of research purpose.
2.4. Technical and usage data: IP address, device and browser information, and cookies (see Section 9).
2.5. Communications: correspondence you send to us.
2.6. We do not knowingly collect data from persons below the applicable minimum age or from children without the consent required by law.
3. PURPOSES AND LEGAL BASIS
3.1. We process personal data to: (a) create and manage your account; (b) process, verify, and fulfill orders, including the order-then-verify credential check; (c) arrange shipping and handle customs where applicable; (d) process payments and refunds; (e) provide support and respond to enquiries; (f) comply with legal, tax, and regulatory obligations; and (g) protect against fraud, misuse, and unlawful use of Products.
3.2. We process personal data on the basis of your consent and, where applicable, for the legitimate uses permitted under the DPDP Act. You are given notice of the purposes at the point of collection, and you may withdraw consent as described in Section 8.
4. STORAGE, RETENTION, AND DELETION OF CREDENTIAL AND VERIFICATION DOCUMENTS
4.1. Credential and verification documents are access-restricted and used only to determine eligibility and to maintain a compliance record of that determination.
4.2. We retain verification records for as long as necessary to maintain that compliance record, and for up to five years after your last order, after which they are deleted or anonymized, unless a longer period is required by law or to establish, exercise, or defend legal claims.
4.3. We apply reasonable security safeguards designed to protect personal data against unauthorized access, use, or disclosure, and we maintain procedures to address personal-data breaches in accordance with law.
5. RETENTION (GENERAL)
5.1. We keep other personal data only as long as necessary for the purposes above or as required by law, including tax and accounting records retained for the periods prescribed by applicable law.
6. SHARING AND THIRD PARTIES (DATA PROCESSORS)
6.1. We share personal data with service providers acting on our behalf, including our e-commerce platform, payment processors, shipping and logistics carriers and customs brokers, credential-verification tools, IT and hosting providers, and communications tools.
6.2. We require such providers to process data only on our instructions and to protect it.
6.3. We may disclose personal data where required by law, regulation, or legal process, or to protect rights, safety, and against misuse.
6.4. We do not sell personal data.
7. CROSS-BORDER TRANSFERS
7.1. Some service providers may process data outside India. Where they do, we take the steps required by applicable law to protect that data and to permit the transfer.
8. YOUR RIGHTS AS A DATA PRINCIPAL
8.1. Subject to the DPDP Act and applicable timelines, you have the right to: (a) access a summary of your personal data and its processing; (b) correction, completion, updating, and erasure of your personal data; (c) grievance redressal; and (d) nominate another person to exercise your rights in the event of death or incapacity. Where processing is based on consent, you may withdraw consent at any time; withdrawal does not affect processing already carried out, and we may retain records where retention is required by law or for our compliance record.
8.2. To exercise any right, contact connect@veracyl.com.
9. COOKIES AND SIMILAR TECHNOLOGIES
9.1. The Site uses essential cookies for functionality such as cart, checkout, and security, and may use analytics or preference cookies.
9.2. You can control cookies through your browser. Disabling some cookies may affect Site functionality.
10. GRIEVANCE REDRESSAL
10.1. For any grievance regarding your personal data, contact our Grievance Officer at connect@veracyl.com. We will acknowledge and address grievances within the timelines required by law.
10.2. You may also have the right to complain to the Data Protection Board of India.
11. CHANGES
We may update this Privacy Policy and will post the revised version with a new effective date.
12. CONTACT
connect@veracyl.com | +91 6362570259.