Privacy Policy

Effective Date: 1^st January 2026

Entity: Decorstock Technologies Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at Flat 1/2/3, DLF Building, Opp Savitri Cinema Complex, Greater Kailash 2, New Delhi - 110048 (“Company”, “we”, “us”, “our”).

Property: decorstock.in  website and related apps/services (“Website” or “Platform”).

This Privacy Policy explains how we collect, use, disclose, transfer, and secure information from (i) visitors/browsers, (ii) registered users/buyers (“Users”), and (iii) sellers/uploaders (“Sellers”). By using the Website, you agree to this Policy.

We comply with applicable Indian law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and, as and when notified and applicable, the Digital Personal Data Protection Act, 2023 (DPDP Act).

1)       Definitions

• Personal Information: information which relates to an identified or identifiable individual.
• Sensitive Personal Data or Information (SPDI) (per SPDI Rules): passwords, financial information (e.g., bank/ card details), health data, biometric data, etc.
• Works/Content: photos, videos, illustrations, vectors, templates, 3D assets, captions, metadata, model/property releases and any other material uploaded by Sellers.

2)       What We Collect

A. From Visitors/Browsers

·       Device and usage data: IP address, device identifiers, browser type/version, pages viewed, timestamps, referral URLs, language, approximate geolocation.

·       Cookies and similar tech (see §7).

B. From Registered Users/Buyers

·       Account data: name, email, phone, password (hashed), username, country.

·       Transaction data: purchase history, license type, invoices, GST details (if provided).

·       Payment data: processed via payment gateways (we do not store full card details); we may receive masked instrument info, success/failure codes, and fraud-screening signals.

·       Communications: support requests, emails, chat transcripts, feedback, dispute/takedown correspondence.

·       Technical/usage logs as in Visitors.

C. From Sellers

·       Profile/identity: name, email, phone, address, payout details (e.g., bank account/UPI), tax/GST info, KYC documents where required.

·       Works/Content you upload, including embedded metadata (e.g., EXIF, captions, tags, release IDs, creator credits).

·       Model/Property Releases: names, signatures, dates, contact info and any ID details present in the release form (you must obtain valid releases—see §10).

·       Earnings and payout records, account actions, strikes, and policy decisions.

·       Technical/usage logs as in Visitors.

Note on Biometrics/Children: We do not intentionally collect biometric data or children’s data. However, Works may incidentally include images of individuals (including minors) if uploaded by a Contributor. See §§10 & 13.

3)       Why We Use Your Data (Purposes & Legal Bases)

We process data to:

1. Provide and operate the Platform, accounts, purchases, downloads, uploads, search, preview, and licensing (contract performance).
2. Payments & Payouts: process fees/royalties, prevent fraud, reconcile accounts, generate invoices (contract & legal obligation).
3. Safety & Compliance: detect abuse, investigate IP claims, process takedown notices, enforce our Terms, comply with court/government directions, CERT-In reporting (legal obligation & legitimate interests).
4. Content Moderation: review Works, verify releases, handle disputes/takedowns (legitimate interests & legal obligation).
5. Service Improvement & Analytics: measure usage, fix bugs, improve relevance and features (legitimate interests; cookie consent where required).
6. Communications: send transactional messages (receipts, license keys, policy updates). Marketing only with consent/opt-in; you can opt out anytime.
7. Security: prevent, detect, investigate security incidents; maintain logs and backups (legal obligation/legitimate interests).

When the DPDP Act applies, our legal bases will align to consent, performance of contract, compliance with law, and legitimate uses recognized under the Act.

4)       Processing of Works/Uploads (Sellers)

• We host, store, index, transform (e.g., resize/thumbnail), display, distribute and sublicense Works to Users per our Contributor/User Agreements.
• Works may contain personal data of third parties (e.g., models). Sellers are solely responsible for obtaining lawful consent/releases and for ensuring that uploads do not infringe anyone’s rights.
• We may perform limited automated checks (e.g., malware scanning, spam/abuse detection, duplicate detection). We do not make decisions with legal effect solely by automated means.
• Upon valid notice, court order or government direction, we may disable or remove specific Works, and share relevant transaction/Contributor information with authorities or claimants as required by law.

5)       Payment Processing

Payments are processed by third-party payment gateways (e.g., Razorpay/Stripe/etc.). We do not store full card numbers, CVV, or UPI PINs. Gateways may provide us tokenized or masked details and antifraud signals. Gateways are independently responsible for PCI-DSS compliance.

6)       Who We Share Data With

We may share limited data with:

• Service providers/Processors under contract (cloud hosting/CDN, storage, analytics, email/SMS, customer support, KYC/verification, payment gateways, fraud prevention).
• Corporate events (merger, acquisition, financing, sale of assets) subject to confidentiality and continued protection.
• Authorities/courts/law enforcement when required by law, court order, or to comply with CERT-In Directions (2022).
• IP claimants to the extent necessary to evaluate/resolve a takedown or infringement dispute (e.g., relevant license/payout/Contributor identifiers).

We do not sell your personal data.

7)       Cookies, SDKs & Tracking

We use:

• Strictly necessary cookies (login, session, security).
• Functional cookies (preferences).
• Analytics cookies/SDKs (usage, performance).
• Advertising/retargeting (only with consent, if used).

Manage preferences via our Cookie banner/settings and your browser. Disabling some cookies may limit features.

8)       International Transfers

We may store or process data on servers located outside India (e.g., reputable cloud providers). Where required by law, we implement contractual and technical safeguards and transfer data only where permitted under applicable Indian law (including the DPDP Act once notified).

9)       Data Retention

We retain data only as long as necessary for the purposes in §3 or as required by law. Typical periods:

• Account/transaction records: 7 years (tax/audit).
• Logs & security records: up to 24 months (or longer if required by CERT-In/legal).
• Works/metadata: while listed/licensable and for a reasonable archival period thereafter.
• Marketing preferences: until you opt out.
• Backups: time-limited rolling cycles.

Upon deletion requests, residual copies may persist in backups for a limited period and will be deleted in the ordinary course.

10)  Responsibilities for Releases & Third-Party Data (Sellers)

• Sellers must obtain and maintain valid model/property releases and any consents required by law (including for minors via parents/guardians).
• If Works contain biometric identifiers (e.g., faces) or minors’ images, the Contributor warrants lawful basis and consent for upload and downstream licensing.
• The Company is not liable for disputes between Sellers, models, or third parties. We may disable access and cooperate with lawful requests (see our Safe Harbour and Agreements).

11)  Security

We implement reasonable security practices and procedures under Rule 8 of the SPDI Rules, including (as appropriate): encryption in transit and at rest, access controls, role-based permissions, audit logs, network protections, vulnerability management, secure development practices, and staff confidentiality undertakings.

Despite safeguards, no system is 100% secure. If we become aware of a significant incident, we will act promptly and comply with applicable reporting obligations (including CERT-In requirements).

12)  Your Rights

Subject to law, you may:

• Access your personal information;
• Correct/Update inaccurate data;
• Withdraw consent (does not affect prior processing; may affect service availability);
• Request deletion/erasure (subject to legal/contractual retention);
• Opt out of marketing communications.

Submit requests per §14. We may verify your identity before acting. If the DPDP Act applies, you also have rights to grievance redressal and nomination as provided therein.

13)  Children’s Privacy

Our Platform is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided data without appropriate consent, contact us (§14) and we will take appropriate steps.

14)  Grievance Officer & Contact

In accordance with the SPDI Rules, our Grievance Officer is:

Name: Vivekanandh Sankar

Email: support@decorstock.in

Address: Flat 1/2/3, DLF Building, Opp Savitri Cinema Complex, Greater Kailash 2, New Delhi - 110048

Response Time: We aim to respond within 30 days of receipt.

General contact: +919717500293

15)  Changes to this Policy

We may update this Policy from time to time. The Effective Date at the top shows when it was last revised. Material changes will be notified on the Website and, where appropriate, by email or in-product notice.