Skip to content
🔥 Discovery Set — 4 × 10ml for ₹599✦ Free 5ML sample on orders above ₹799✦ Free 10ML sample on orders above ₹1299🎁 ₹399 back on your first full bottle✦ 50ml ₹2,699 · 100ml ₹3,199 — honest pricing🚚 Free shipping on orders above ₹2,500🔥 Discovery Set — 4 × 10ml for ₹599✦ Free 5ML sample on orders above ₹799✦ Free 10ML sample on orders above ₹1299🎁 ₹399 back on your first full bottle✦ 50ml ₹2,699 · 100ml ₹3,199 — honest pricing🚚 Free shipping on orders above ₹2,500🔥 Discovery Set — 4 × 10ml for ₹599✦ Free 5ML sample on orders above ₹799✦ Free 10ML sample on orders above ₹1299🎁 ₹399 back on your first full bottle✦ 50ml ₹2,699 · 100ml ₹3,199 — honest pricing🚚 Free shipping on orders above ₹2,500
Privacy — 個人情報

Privacy Policy

Last updated: 23 May 2026 · DPDP Act 2023 compliant

IKIK Pvt Ltd ("IKIK", "we") respects your privacy. This policy explains what we collect, why, and the controls you have.

1. Data we collect

  • Account: name, email, phone, hashed password (bcrypt). We never store your password in plain text.
  • Orders: shipping address, billing details, order history.
  • Payment: handled by Razorpay. We receive only a transaction ID and status — never your card number, CVV or UPI PIN.
  • Device: IP address, browser type, pages viewed (minimal, for fraud-prevention and analytics).
  • Communications: emails & chats you send us.

2. How we use it

  • Fulfil and ship your order (shared with Shiprocket and the assigned courier).
  • Process payments (shared only with Razorpay).
  • Send transactional emails (order confirmation, dispatch, delivery).
  • Customer support and grievance redressal.
  • Detect and prevent fraud and abuse.
  • Marketing — only with your explicit opt-in. Unsubscribe any time.

3. How we protect it

  • Encryption in transit: the entire site is served over HTTPS / TLS 1.3.
  • Encryption at rest: our database (Neon Postgres) encrypts all data on disk.
  • Passwords: stored as bcrypt hashes, never reversible. Even our engineers cannot read them.
  • Sessions: HTTP-only, Secure, SameSite cookies signed with rotating JWT secrets. Session theft via XSS is mitigated.
  • Row-Level Security: our database enforces per-user row access — one customer cannot read another customer's orders even if the application layer were compromised.
  • Admin access: gated by a separate role table and verified server-side on every request. Admin pages, mailboxes and customer data are inaccessible to regular users.
  • Secrets: API keys, payment keys and OAuth secrets are stored in encrypted secret stores, never in code or cookies.
  • Least privilege: staff access is role-based and audit-logged; only the grievance officer and order-fulfilment lead can view customer addresses.
  • Payments: we are out-of-scope for PCI-DSS because we never see card data — Razorpay (PCI-DSS Level 1) handles it end-to-end.

4. Sharing

We share data only with: Razorpay (payments), Shiprocket and your courier (delivery), and email/SMS providers for transactional messages. We never sell or rent your data. We disclose data to law enforcement only when compelled by a valid Indian legal order.

5. Cookies

We use strictly necessary cookies (session, cart, CSRF) and, with your consent, basic analytics. No third-party advertising cookies.

6. Retention

Order and invoice data is retained for 8 years to comply with Indian tax law. Account data is retained until you ask us to delete it.

7. Your rights (DPDP Act, 2023)

  • Access — request a copy of your data.
  • Correct — update inaccurate data from your account page.
  • Erase — delete your account and all associated personal data (except records we are legally required to keep).
  • Withdraw consent — unsubscribe from marketing at any time.
  • Grievance — escalate to our Grievance Officer below.

8. Grievance Officer

Name: Customer Care Lead
Email: contact@ikik.in
Phone: +91 88868 86773
Address: 4th Floor, Plot No 852-853, Road No 45, Madhapur, Hyderabad — 500081

We respond to every grievance within 30 days.

9. Children

The site is not directed at children under 18. We do not knowingly collect data from minors.

10. Changes

Updates appear on this page with a revised "Last updated" date. Material changes are emailed to account holders.