Legal

Privacy Policy

This policy explains what information Brajmarg collects, why we collect it, who we share it with, and the choices you have. We aim to collect only what we need to provide our services.

Last updated: 26 May 2026

1. Introduction

Brajmarg (“Brajmarg”, “we”, “us” or “our”) operates the Brajmarg website and related services (the “Platform”), through which users (“you” or “devotee”) can view temple darshan timings, order prasad, sponsor seva, purchase devotional frames and poshak, and book yatra packages.

This Privacy Policy applies to personal information processed by us in connection with the Platform. It is published in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.

By using the Platform you consent to the practices described in this policy. If you do not agree, please do not use the Platform.

2. Information we collect

We collect only the information we need to operate our services. Specifically:

Information you give us directly

  • Account & login: your Indian mobile number (in +91 format) or email address, which we use to send a one-time password (OTP) and create your account.
  • Profile: full name, email, phone, date of birth (optional), and your saved address (line 1, line 2, city, state and pincode) used to pre-fill checkout.
  • Order & booking details: the items in your cart, your shipping address, contact details for the order, payment method (Cash on Delivery or online via Razorpay), and any notes you provide. For seva registrations we may also collect your gotra if you choose to share it.
  • Contact form: name, email, optional phone, the subject and the message you submit when you write to us.

Information collected automatically

  • Technical information: when you submit our contact form we record the user agent (browser/device string) and IP address of the submission. We use this to detect spam and abuse.
  • Cart data:while you are signed out, your cart is stored locally in your browser so you can return to it later. See “Cookies & local storage” below.
  • Payment metadata: when you pay online, our payment partner returns a payment ID and the corresponding Razorpay order ID, which we store against your order for reconciliation. We never receive, store or have access to your full card number, UPI PIN, CVV or net-banking credentials.

We do not currently run any third-party analytics, advertising or tracking pixels on the Platform.

3. How we use your information

  • To authenticate your account and send you OTPs for login.
  • To process and fulfil your orders, seva sponsorships and yatra bookings — including payment, packaging, shipment and delivery.
  • To communicate with you about your orders, bookings, refunds, support requests and important account or service notices.
  • To pre-fill your details on checkout and show you your order history in your account dashboard.
  • To respond to messages you send through our contact form.
  • To detect, prevent and address fraud, abuse and security issues.
  • To comply with applicable laws, court orders and lawful requests by government authorities.

We do not sell your personal information, and we do not use your personal information for advertising profiling or to train AI models.

4. Who we share information with

We share personal information only with the service providers we need to deliver our services to you, and only the minimum information required for each purpose. Each provider is independently responsible for its own handling of your data under its own privacy policy.

Service providers we use

  • Supabase— our database and authentication platform. Your profile, orders, bookings and contact messages are stored on Supabase’s managed infrastructure.
  • 2Factor.in — sends the OTP SMS for phone logins. We share only your mobile number for the purpose of sending the OTP.
  • Razorpay— processes online payments. When you pay online we pass your name, email, phone, the order amount and order reference to Razorpay so they can process the transaction. Card / UPI / net-banking details are entered directly into Razorpay’s payment interface and are not visible to us.
  • Shiprocket — handles fulfilment and delivery. We share the shipping name, address, pincode, phone, email, order number and item list so the courier partner can deliver your order.

We may also disclose information when we are required to do so by law, by a court of competent jurisdiction or by a government authority acting under valid legal authority; or when we believe in good faith that disclosure is necessary to protect the rights, property or safety of Brajmarg, our users or others.

If we ever transfer the business (for example through a merger, acquisition or sale of assets), your information may form part of that transfer. We will notify you of any such change in this policy.

5. Cookies & local storage

We use the minimum browser storage necessary to run the Platform. We do not set any advertising, analytics or third-party tracking cookies.

  • Authentication cookie: set by Supabase when you sign in, so the server can recognise you on subsequent requests. Without it you would have to log in on every page.
  • Pending-cart cookie (brajmarg_pending_cart): set only on the login page, so that items you added before signing in can be merged into your account after you log in. It is short-lived (10 minutes) and is deleted by the server immediately after the merge.
  • Browser local storage:we save your guest-mode cart and small interface preferences (such as whether you have seen the onboarding tour) in your browser’s local storage. This data stays on your device and is not transmitted to us unless you log in, at which point your cart is merged into your account.

You can clear cookies and local storage at any time through your browser settings. Doing so will sign you out and reset your guest-mode cart.

6. How we protect your information

We follow reasonable security practices and procedures as contemplated by the IT Rules, 2011, including:

  • HTTPS encryption in transit for all Platform traffic.
  • Database-level row-level security and least-privilege access controls on Supabase, so users can only read and modify their own data.
  • Server-side validation of sensitive operations such as payment verification, using cryptographic signatures issued by Razorpay.
  • Storing only the minimum information required to operate the service, and never storing full card, UPI PIN or net-banking credentials.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

7. How long we keep your information

We retain your personal information for as long as your account is active and for as long as is reasonably necessary to provide our services, comply with our legal and tax obligations (including financial record-keeping under Indian law), resolve disputes and enforce our agreements.

Order and payment records are typically retained for the period required by applicable accounting, tax and consumer protection laws. Contact-form messages are retained until they are archived by our support team. When information is no longer required, we delete or anonymise it.

8. Your rights & choices

Subject to applicable law (including the DPDPA, 2023), you may exercise the following rights in respect of your personal information:

  • Access: ask us for a summary of the personal information we hold about you.
  • Correction: ask us to correct information that is inaccurate, incomplete or out of date. You can also update most of your profile information yourself from your account dashboard.
  • Erasure: ask us to delete your account and the personal information associated with it. We may need to retain certain information where required by law (for example, financial and tax records) or where it is necessary to complete an ongoing order.
  • Withdraw consent: where processing is based on your consent, you can withdraw it. Withdrawing consent may affect our ability to provide some services to you.
  • Grievance redressal: raise a complaint with our Grievance Officer (see below).

To exercise any of these rights, please email us at support@brajmarg.com from the email address associated with your account, or contact us through our contact form. We will respond within a reasonable time and within the timelines required by applicable law.

9. Children

The Platform is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, applicable law or our internal practices. When we do, we will update the “Last updated” date at the top of this page. Significant changes will be highlighted on the Platform. Your continued use of the Platform after an update means that you accept the revised policy.

12. Grievance officer & contact

In accordance with the Information Technology Act, 2000 and the rules made thereunder, the Grievance Officer for Brajmarg can be contacted as follows:

  • Email: support@brajmarg.com
  • Address: Brajmarg, Nathdwara, Rajasthan 313301, India
  • Working hours: Monday to Saturday, 9:00 AM to 7:00 PM IST (excluding public holidays)

We aim to acknowledge grievances within a reasonable time and resolve them within the timelines required by applicable law.

For any other privacy-related question you can also reach us through our contact form.