Privacy Policy | Malaiesun.com

Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services.

1. Information We Collect

We collect several types of information to provide and improve our services to you.

1.1 Personal Information

Supabase User ID: We use Supabase for user authentication. When you sign in to this website, Supabase provides us with a unique identifier for your user account (your "Supabase User ID"). This is the ONLY personal identifier we store in our Sanity.io backend in relation to your orders. We do not store your email address, name, or other sensitive personal details directly in our Sanity database for order tracking purposes.
Order Details: When you place an order, we collect information about the products you wish to purchase (product IDs, quantities, prices at the time of order) and your shipping address. This information is linked to your Supabase User ID.
Non-Personal Data: We may collect non-personal data such as browser type, operating system, and website usage statistics to improve our service. This data is aggregated and does not identify individual users.

1.2 How We Use Your Information

To process and fulfill your order inquiries initiated on this website.
To contact you via WhatsApp for order finalization and payment.
To track internal order history associated with your Supabase User ID.
To improve this website's functionality and user experience.
For internal analytics and record-keeping.

1.3 Data Storage & Security

Sanity.io: Our product data and order details (linked to your Supabase User ID) are stored in a Sanity.io dataset.
Public Dataset: Please be aware that due to being a small, independently managed operation and for cost efficiency, our Sanity.io dataset is currently configured as public. This means that the product information and the order data (which contains only your Supabase User ID and order items/details, NOT your email or name) are publicly accessible via the Sanity API. We rely on the anonymity provided by the Supabase User ID for privacy in this setup.
Supabase: Your full user profile (including email, name, etc.) is securely managed by Supabase Authentication. We do not have direct access to, or storage of, these sensitive details on our own servers or in our Sanity dataset. Supabase's security practices govern the protection of your authentication data.
No Payment Data Storage: As stated, this website DOES NOT collect, process, or store any payment card information, bank details, or other financial data on this website or in our Sanity.io database.

1.4 Data Retention

We retain order data and associated Supabase User IDs for business operational purposes, including customer service and record-keeping. You may request deletion of your order data by contacting us using the details below.

2. Support Ticket Data

When you use our in-app support ticket system, the following data is collected and stored:

What is stored: Your Supabase User ID, the order number you are raising the ticket for, a subject line, the full message thread (all messages between you and the support team), ticket status, and timestamps.
Where it is stored: All ticket data (messages, status, metadata) is stored in our Supabase (PostgreSQL) database. A lightweight mirror containing only the ticket ID and status is stored in our Sanity.io CMS for internal tracking. No message content or personal details are stored in Sanity.
Access: Ticket messages are accessible only to you (the ticket owner) and to the admin. Row-level security policies in Supabase enforce this restriction. No third party has access to your ticket messages.
Read receipts: We track whether you have read admin replies (using an is_read flag) in order to surface unread reply notifications on your dashboard. This data is stored in Supabase and is not shared.
Retention: Ticket data is retained for as long as necessary for support and business record-keeping purposes. Resolved or cancelled tickets may be deleted after 90 days as part of routine maintenance. You will not be able to recover deleted tickets.
Deletion requests: If you wish to have your ticket data deleted before the automatic retention period, please contact us at the email address below with your registered email and the ticket ID. We will process your request within a reasonable time frame.

3. Contact Us

Email: contact@malaiesun.com

WhatsApp: +91 90437 22676 (for privacy-related inquiries)