Privacy Policy

Last updated: 9 June 2026

The Tray Microgreens ("we", "us", or "our") respects your privacy. This policy explains what personal data we collect, how we use it, and the choices you have. It applies to the thetraymicrogreens.in website and all related services.

1. Information we collect

• Account details — name, email, phone number you provide at signup or checkout.
• Delivery details — address, pincode, optional delivery instructions.
• Payment details — handled and stored by Razorpay; we receive only the order ID, payment ID, and status.
• Usage data — pages visited, device type, IP address, timestamps. Used for security and product improvement.
• Cookies — essential cookies for authentication. We do not use third-party advertising cookies.

2. How we use your information

• Process your subscription, payments, and deliveries.
• Send transactional messages (order confirmations, delivery reminders, OTP) by email or SMS.
• Provide customer support and resolve disputes.
• Comply with applicable laws (e.g., tax records, fraud prevention).
• Improve our products and customer experience.

3. Sharing of information

We do not sell your data. We share limited information with:

• Razorpay — for payment processing.
• Supabase — for hosting our database and authentication.
• Resend / Twilio / MSG91 — for transactional email and SMS.
• Delivery partners — name, address and phone, only for the upcoming delivery.
• Legal authorities — if compelled by valid legal process.

4. Data retention

We retain order, address, and payment records for a minimum of 7 years to comply with tax and accounting law. You may request deletion of optional data (preferences, marketing consent) by contacting us. Authentication records are deleted within 30 days of account closure.

5. Your rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of data (subject to legal retention requirements).
• Withdraw consent for marketing communications at any time.
• File a complaint with the Data Protection Board of India.

6. Security

All data is transmitted over TLS. Passwords are stored hashed (never plaintext). OTPs are salted-hashed and expire in 10 minutes. Database access is restricted by row-level security policies. We follow industry-standard practices appropriate for the scale of our operations.

7. Children's privacy

Our services are not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

8. Changes to this policy

We may update this policy occasionally. The "Last updated" date above reflects the most recent revision. Material changes will be notified by email to active subscribers.

9. Contact us

For privacy queries: hello@thetraymicrogreens.in
The Tray Microgreens, Tirupati, Andhra Pradesh, India.