1. Introduction

This Privacy Policy (“Policy”) describes how Brightverse (“Brightverse,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you visit or shop on brightverse.in and any related services (collectively, the “Platform”).

By accessing or purchasing through the Platform you (“you,” “your,” “user”) accept the practices below. If you disagree, please refrain from using the Platform.

This Policy is an electronic record under the Information Technology Act 2000 and the Information Technology (Reasonable Security Practices & Procedures and Sensitive Personal Data or Information) Rules 2011 (together, the “IT Act”).

2. Information We Collect

2.1 Account Information

When you create an account or place an order, we collect information such as your name, email address, phone number, password, and shipping/billing addresses. We use this data to set up your account, process orders, and keep you informed about your purchase.

2.2 Personalisation Data

To create personalised storybooks we ask for your child’s first name, age, gender, and any photos or illustrations you upload. This data is used solely to generate and print the book you ordered.

2.3 Payment Data

Payment details—such as card numbers or UPI IDs—are processed by our PCI-DSS-compliant payment gateway. Brightverse itself never stores full card data; we receive only a tokenised reference so we can confirm payments and issue refunds.

2.4 Device and Log Data

When you browse the Platform, we automatically collect your IP address, browser type, time zone, pages viewed, referring sites, and search terms. We gather this “Device Information” through cookies, log files, pixels, and similar technologies to secure the Platform, prevent fraud, and analyse traffic.

2.5 Marketing Preferences

If you choose to opt in, we record your consent to receive offers via email, SMS, or WhatsApp. You can withdraw this consent at any time by following the unsubscribe instructions in the messages you receive.

2.6 Children’s Photos

• Photos are collected only when a parent or legal guardian uploads them.
• They are used solely to create the customised book.
• Images are automatically deleted 30 days after the order is dispatched, or sooner on written request.
• We never share or publish a child’s photos without explicit written consent.

3. Cookies and Similar Technologies

We use cookies, pixels, and local-storage objects to maintain your session, keep items in your cart, personalise content, and analyse how visitors use our site. You may disable cookies in your browser, but parts of the Platform may not work as intended.

4. How We Use Your Information

1. Order fulfilment. We generate previews, print books, and arrange shipping.
2. Customer support. We respond to questions and handle returns or refunds.
3. Improvement and analytics. We study usage trends to fix bugs and enhance the user experience.
4. Legal and security. We comply with applicable law, prevent fraud, and enforce our Terms.
5. Marketing (optional). We send promotions only if you have explicitly opted in, and you may opt out at any time.

5. Legal Basis Under GDPR-Global / DPDP-India

Where required, we rely on one or more of the following grounds to process your data:

• Contractual necessity—processing is needed to deliver your book.
• Legitimate interests—such as fraud prevention or service improvement.
• Consent—especially for marketing messages and use of children’s photos.
• Legal obligation—e.g., complying with tax, accounting, or KYC requirements.

6. Information Sharing

We do not sell or rent your personal data.
We disclose information only in the limited circumstances below:

• Print and logistics partners. We share shipping details and the print-ready PDF so they can manufacture and deliver your book. These partners sign non-disclosure agreements and may use the data only for this purpose.
• Payment gateways. Card or UPI information is sent directly to our PCI-DSS-compliant processor to authorise payments and handle refunds.
• Service providers. We use trusted cloud hosts, analytics tools, and customer-support platforms. All vendors operate under strict data-processing agreements and encryption standards.
• Government or regulators. We may disclose information if legally compelled by court order, subpoena, or similar request. We provide only the minimum data required in good faith.

7. Behavioural Advertising

We may use cookies and third-party services (e.g., Facebook Ads, Google Ads) to show you adverts we believe are relevant. You can opt out of targeted advertising at any time using the following links:

• Facebook: https://www.facebook.com/settings/?tab=ads
• Google: https://www.google.com/ settings/ads/anonymous
• Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

You may also visit the Digital Advertising Alliance opt-out portal: http://optout.aboutads.info/.

8. Do Not Track

Some browsers send a “Do Not Track” signal. At present, our Platform does not change its data-collection practices when it receives such a signal.

9. Security Measures

We secure your information with encryption (TLS in transit, AES-256 at rest for images and PDFs), role-based access controls, two-factor authentication, and regular vulnerability scans. While no system is entirely fool-proof, we follow widely-accepted industry standards (ISO 27001-aligned) to safeguard data.

10. Data Retention

• Order and invoice records are kept for eight years, as required under Indian tax law.
• Photos of children are erased within 30 days after the book is dispatched, or sooner if you request deletion.
• Marketing-consent logs are stored until you unsubscribe or for three years of inactivity, whichever comes first.

11. Your Rights

Depending on your jurisdiction, you may:

• Access, correct, or delete your personal data.
• Withdraw consent (this will not affect processing already performed).
• Object to, or restrict, certain types of processing.
• Lodge a complaint with the relevant data-protection authority.

To exercise any of these rights, email ai@countrybean.in with the subject line “Data Request – [Order ID]”.

12. Children’s Privacy

Brightverse accepts photos and personal details only from parents or legal guardians for the sole purpose of producing each personalised book. We comply with COPPA (US), GDPR-K (EU), and India’s DPDP Act. Children under 13 may not create accounts themselves.

13. International Transfers

Your information may be processed on servers located outside your country (for example, in the United States, Canada, or the European Union). We use standard contractual clauses or equivalent safeguards to protect any such cross-border transfers.

14. Third-Party Links

The Platform may include links to external websites. We are not responsible for the privacy practices of those sites. Please review their policies separately.

15. Changes to This Policy

We may update this Policy to reflect legal, technical, or operational changes. If a revision is material, we will notify you by email or a prominent banner on the Platform. Continued use after the effective date constitutes acceptance.

16. Contact Us

Brightverse
An unit of Country Bean Private Limited

[Re: Privacy Compliance Officer]
Country Bean Private Limited
41A Ajc Bose Road,
Diamond Prestige,
Room 608,6th floor,Kolkata 700017

Email: ai@countrybean.in