Your privacy matters. This policy explains what personal data Awshta collects, why we collect it, how it's used, and the rights you have over it. We aim to be transparent and use plain language throughout.
Information We Collect
Account & Identity Data
When you create an account we collect your name, email address, password hash, and optional profile details such as a display picture. This data is required to identify you across sessions and personalize your experience.
Transaction Data
All purchases generate a transaction record that includes the items ordered, amounts charged, shipping address, and payment method type (we never store full card numbers — only the last four digits and card brand returned by our payment processor).
Usage & Device Data
We collect standard server logs including IP address, browser type, referring URL, pages visited, and timestamps. This data helps us diagnose issues, analyse traffic patterns, and improve performance.
How We Use Your Data
Order Fulfilment
Your name, address, and contact details are shared with our logistics partners solely for the purpose of delivering your orders. These partners are contractually bound to handle your data in compliance with applicable privacy laws.
Communications
We use your email address to send order confirmations, shipping updates, and — with your explicit consent — promotional offers. You can unsubscribe from marketing emails at any time via the link in any email or through your account settings.
Service Improvement
Aggregated and anonymised usage data is analysed to improve search relevance, recommendation algorithms, and the overall shopping experience. This data cannot be traced back to any individual user.
Your Rights
Access & Portability
You may request a complete export of all personal data we hold about you at any time. Exports are delivered in JSON format within 5 business days.
Correction & Deletion
You have the right to correct inaccurate data or request deletion of your account and all associated personal data. Deletion requests are processed within 30 days. Note that anonymised transaction records required for financial compliance may be retained.
Objection & Restriction
You may object to or request restriction of certain processing activities. Where processing is based on consent you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Security
Technical Measures
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Passwords are hashed using bcrypt with per-user salts. Access to production systems is restricted by role, MFA-protected, and fully audited.
Incident Response
In the event of a data breach affecting your personal information we will notify you and relevant supervisory authorities within 72 hours of discovery, in accordance with GDPR Article 33 and applicable local laws.
Contact & Updates
Data Controller
Awshta Inc. is the data controller for all personal information collected through this platform. Our Data Protection Officer can be reached at privacy@awshta.com.
Policy Changes
We may update this policy periodically. When we do, we will update the 'Last Revised' date below and notify you via email if changes are material. Continued use of the platform after notification constitutes acceptance of the revised policy.
For any privacy-related requests or concerns, contact our Data Protection Officer at privacy@awshta.com. We aim to respond to all requests within 5 business days.