Kiyani Galleria ("we", "us", "our") operates Kiyani Galleria at https://www.kiyanigalleria.com. We care about your privacy. This policy describes the personal information we process when you browse, place an order, request a custom piece, or contact us — and the rights you have under Pakistan's Personal Data Protection Act and comparable international standards (GDPR, CCPA) where they apply.
1. Information we collect
Information you give us directly
- Account details: full name, email address, password hash, phone number.
- Order details: shipping address, billing address, recipient details for gifts, order notes, engraving or personalization text.
- Payment confirmation details: screenshots of EasyPaisa / JazzCash / bank transfer receipts you upload or share over WhatsApp.
- Custom-order briefs: event type, budget, deadlines, reference images you share.
- Reviews and communications: product reviews, WhatsApp / email conversations, and any content you voluntarily submit.
Information we collect automatically
- Device and log data: IP address, browser type, device identifiers, referring URL, pages viewed, and timestamps.
- Cart, favorites, and recently-viewed state stored in your browser's local storage and necessary cookies.
- Authentication tokens (JWT) issued by our identity provider so you stay signed in across visits.
Information from third parties
- Payment confirmation from mobile-wallet providers (EasyPaisa, JazzCash) and banks.
- Shipment tracking updates from couriers (Leopards, M&P, TCS, etc.) once a parcel is dispatched.
2. How we use your information
We use personal information only for the purposes described below, each tied to a lawful basis.
- To fulfil your order (performance of contract) — processing payments, producing the handmade piece, packaging, dispatching, and following up on delivery.
- To operate your account (performance of contract) — authentication, password reset, order history, favorites, and custom-request tracking.
- To communicate with you (legitimate interest / consent) — order updates, review requests, custom-order follow-ups, and responses to your questions.
- To improve our service (legitimate interest) — analysing aggregated browsing patterns and review content to refine the storefront and our catalog.
- To comply with law (legal obligation) — tax reporting, fraud prevention, and responding to lawful requests from regulators or courts.
We do not use your personal information for automated decision-making or profiling that produces legal effects.
3. Who we share information with
We do not sell, rent, or trade personal information. We share data only with the following categories of recipients, and only the minimum needed to perform their function.
- Hosting and infrastructure — Nhost (database, authentication, file storage) and Vercel (web hosting).
- Payments — EasyPaisa, JazzCash, and partner banks for settlement and confirmation.
- Couriers — delivery partners used within Pakistan (names visible on your invoice).
- Messaging — WhatsApp Business for order coordination when you initiate contact through that channel.
- Analytics and anti-abuse — we use only server-side, aggregate metrics. We do not currently share data with advertising networks.
- Professional advisors — accountants and legal counsel when strictly required.
- Authorities — where a binding order under Pakistani law requires disclosure.
If we ever engage a new category of sub-processor, we will update this page and, where required, obtain your consent before the transfer.
4. International transfers
Our databases are hosted on Nhost in the AP-South-1region (Mumbai, India). If you place an order from outside Pakistan, your information will necessarily cross borders to reach us. Transfers are protected by the provider's standard data-processing terms and encrypted in transit (TLS) and at rest.
5. How long we keep your data
- Account records — until you close the account, then up to 90 days for legal and operational reconciliation.
- Order records — at least 7 years, as required for tax and accounting.
- Custom-order briefs and reference images — up to 3 years, then securely deleted unless you ask us to retain earlier work.
- Website logs — up to 90 days in aggregate form; no personal identifiers are retained long-term.
6. Your rights
You have the right to:
- Access a copy of the personal information we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion of data we no longer need to keep (subject to the retention periods above).
- Object to or restrict processing based on our legitimate interests.
- Receive your data in a structured, machine-readable format (portability).
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with a data-protection authority where applicable.
To exercise any of these rights, email us at [email protected]. We respond within 30 days.
7. How we secure your data
We apply layered security: TLS 1.2+ for all traffic, bcrypt-hashed passwords handled by our identity provider, row-level permissions enforced at the database, and least-privilege access for our team. We run regular dependency updates and monitor for unauthorised access. No method of transmission over the Internet is 100% secure; we encourage you to use a strong, unique password for your account.
8. Children's privacy
Our store is intended for users aged 18 and above. We do not knowingly collect personal information from children under 13. If you believe a minor has provided us information, contact us and we will delete it.
9. Cookies
We use a small number of strictly-necessary cookies to run the storefront. For a detailed breakdown, see our Cookies Policy.
10. Changes to this policy
When we make material changes, we will update the effective date at the top and, where appropriate, notify you by email or a banner on the site. Continuing to use Kiyani Galleria after a change constitutes acceptance of the updated policy.
11. Contact
Questions or privacy requests: [email protected] · postal address: Main Bazaar, Arifwala, Punjab, 57450, PK.