Overview
OtakuIsland ("we", "us", "our") operates the website otakuisland.in and associated digital platforms. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website or make a purchase from us.
This policy is drafted in accordance with India's Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and in alignment with the forthcoming Digital Personal Data Protection Act, 2023.
By using our website, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.
Data We Collect
We collect different types of data depending on your interaction with our platform:
| Category | Data Points | Required? |
|---|---|---|
| Identity | Full name, email address, phone number | Yes β to process orders |
| Delivery | Shipping address, PIN code, city, state | Yes β to deliver orders |
| Payment | Transaction IDs, payment method type (not card numbers) | Yes β for records |
| Account | Username, password (hashed), order history, wishlist | Optional β only if you register |
| Usage | Pages visited, products viewed, search queries, time on site | No β collected automatically |
| Device | IP address, browser type, OS, device type, referral URL | No β collected automatically |
| Communications | Support chat messages, emails, product reviews submitted | No β only when you contact us |
How We Collect Your Data
We collect data through the following means:
- Directly from you: When you fill in checkout forms, register an account, contact support, or submit reviews
- Automatically: When you browse our website, we automatically collect usage data via cookies, log files, and analytics tools
- From third parties: Payment processors (Razorpay), logistics partners (Shiprocket/Delhivery), and social login providers (Google) may share relevant data with us
- From your device: Browser metadata, IP address, and device information collected via standard web server logs
Why We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Process and fulfill your orders | Contract performance | Name, address, phone, payment data |
| Send order confirmations & shipping updates | Contract performance | Email, phone |
| Manage your account and login | Contract performance | Email, hashed password |
| Respond to support queries and complaints | Legitimate interest | Email, phone, order data |
| Send promotional offers, new arrivals & newsletters | Consent | Email, phone (if opted in) |
| Improve website performance and user experience | Legitimate interest | Usage data, device data |
| Prevent fraud and abuse | Legitimate interest / Legal obligation | IP, device, order patterns |
| Comply with legal and tax obligations | Legal obligation | Identity, payment, GST data |
| Conduct analytics and business improvement | Legitimate interest | Anonymized usage data |
We will not use your data for purposes incompatible with those listed above without obtaining your explicit consent.
Data Sharing & Disclosure
5.1 We Do Not Sell Your Data. OtakuIsland does not sell, rent, or trade your personal information to any third party for their marketing purposes.
5.2 Service Providers. We share your data with trusted third-party service providers who process it strictly on our behalf and under our instructions. These include:
| Partner | Purpose | Data Shared |
|---|---|---|
| Razorpay | Payment processing | Name, email, phone, order amount |
| Shiprocket / Delhivery / BlueDart | Order delivery & tracking | Name, address, phone, order ID |
| Google Analytics | Website traffic analytics | Anonymized usage data |
| Meta Pixel (optional) | Ad performance tracking | Anonymized browsing events |
| Supabase | Database & backend services | All customer data (encrypted) |
| Cloudflare | CDN, security, caching | IP addresses, request data |
| Email / SMS provider | Transactional communications | Email address, phone number |
5.3 Legal Disclosures. We may disclose your personal information if required by law, court order, government authority, or to protect the rights, property, or safety of OtakuIsland, our customers, or others.
5.4 Business Transfers. In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website before your data is transferred or becomes subject to a different privacy policy.
Cookies & Tracking Technologies
6.1 What Are Cookies? Cookies are small text files placed on your device when you visit a website. They help us provide a better, faster, and more personalised experience.
6.2 Types of Cookies We Use:
| Type | Purpose | Duration | Can Opt Out? |
|---|---|---|---|
| Essential | Session management, cart, login state | Session | No β required for site function |
| Preference | Remember your language, currency, display settings | 1 year | Yes |
| Analytics | Google Analytics β understanding site traffic | 2 years | Yes |
| Marketing | Meta Pixel, retargeting ads | 90 days | Yes |
6.3 Managing Cookies. You can control and delete cookies through your browser settings. However, disabling essential cookies may impact the functionality of the website (e.g., your cart may not work correctly). Most browsers allow you to refuse cookies or accept them selectively.
6.4 Do Not Track. Some browsers include a "Do Not Track" (DNT) feature that signals websites not to track you. Our website does not currently respond to DNT signals, but you may use browser extensions or opt-out tools for analytics platforms directly.
Data Storage & Security
7.1 Where Is Your Data Stored? Your data is stored on secure cloud servers provided by Supabase (hosted on AWS) and protected by Cloudflare's security infrastructure. All data at rest is encrypted using industry-standard AES-256 encryption. All data in transit is protected using TLS/SSL.
7.2 Security Measures. We implement the following security controls to protect your data:
- End-to-end SSL/TLS encryption for all web traffic
- Password hashing using bcrypt (passwords are never stored in plain text)
- Role-based access controls limiting employee access to customer data
- Regular security audits and vulnerability assessments
- Cloudflare DDoS protection and Web Application Firewall (WAF)
- Razorpay PCI DSS compliance for payment data
- Two-factor authentication for administrative accounts
7.3 Data Breach Response. In the event of a data breach that poses risk to your rights, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection regulations. We will notify you via the email address associated with your account.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Order & transaction records | 7 years | GST / tax compliance (Income Tax Act) |
| Account data (active users) | Duration of account + 2 years after deletion | Legal and support purposes |
| Support communications | 3 years | Dispute resolution |
| Marketing consent records | Until consent withdrawn + 1 year | Proof of consent |
| Server & access logs | 90 days | Security and debugging |
| Analytics data | 26 months (Google Analytics default) | Performance analysis |
| Cookie data | Per cookie type (see Section 6) | Session / preference management |
After the applicable retention period, your data is either permanently deleted or anonymized so that it can no longer be linked to you as an individual.
Your Privacy Rights
Under Indian data protection law and our own commitment to transparency, you have the following rights regarding your personal data:
9.1 How to Exercise Your Rights. To exercise any of the rights above, email us at privacy@otakuisland.in with the subject line "Privacy Rights Request" and include your registered email address and the nature of your request. We will respond within 30 days.
9.2 Identity Verification. To protect your data, we may ask you to verify your identity before processing any access, correction, or deletion request. We will not process requests where we cannot verify the requestor's identity with reasonable confidence.
9.3 Limitations. Certain data cannot be deleted if its retention is required by law (e.g., financial records for tax purposes). In such cases, we will inform you of the specific legal obligation that prevents deletion.
Children's Privacy
OtakuIsland's services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information without parental consent, we will promptly delete that information from our systems.
If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us immediately at privacy@otakuisland.in.
Users between 13 and 18 years of age may use the website only with verifiable parental consent and under parental supervision. By allowing your minor child to use our website, you as a parent or guardian agree to this Privacy Policy on their behalf.
Third-Party Links & Services
Our website may contain links to third-party websites, social media platforms, and partner services. These links are provided for your convenience and information. OtakuIsland has no control over the content or privacy practices of such third-party sites and does not accept any responsibility for them.
Visiting a third-party site from a link on our website means you are subject to that site's own privacy policy and terms of service. We encourage you to read the privacy policies of every website you visit.
Social media sharing buttons (Instagram, YouTube, etc.) may also set cookies and track your activity even if you do not click them β this is governed by the respective platform's privacy policies, not ours.
Marketing Communications
12.1 Opt-In. We will only send you marketing emails, SMS, or WhatsApp messages if you have explicitly opted in during registration or checkout, or if you have previously purchased from us (in which case we may send you relevant product updates under legitimate interest).
12.2 Opt-Out. You can unsubscribe from marketing communications at any time by:
- Clicking the "Unsubscribe" link in any marketing email
- Replying "STOP" to any marketing SMS
- Contacting us at support@otakuisland.in with the subject "Unsubscribe"
- Updating your preferences in your OtakuIsland account settings
12.3 Transactional Communications. Even if you unsubscribe from marketing, you will continue to receive essential transactional communications such as order confirmations, shipping notifications, and account security alerts. These cannot be opted out of as they are necessary for your use of our services.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:
- Update the "Last Updated" date at the top of this policy
- Display a notice on our website homepage for at least 7 days
- Send an email notification to registered users for material changes
Your continued use of OtakuIsland after the effective date of any changes constitutes your acceptance of the updated policy. If you disagree with the changes, you should discontinue use of the website and request deletion of your account.
Contact & Grievance Officer
In accordance with the Information Technology Act, 2000 and the IT (Intermediary Guidelines) Rules, 2021, OtakuIsland has appointed a Grievance Officer to address privacy-related complaints and concerns.
If you have any questions about this Privacy Policy, wish to exercise your rights, or wish to file a complaint about how we handle your data, please contact: