Who we are
Welcome to MasKing (“we”, “us”, “our”). MasKing is a D2C skincare brand owned and operated by [ Masking ], having its registered office at [Your Registered Address], Maharashtra, India.
We are committed to protecting your privacy and handling your personal data with complete transparency and responsibility. This Privacy Policy explains what information we collect when you visit www.themasking.com (“Website”), how we use it, how we protect it, and what rights you have over your data.
By using our Website, placing an order, creating an account, or subscribing to our communications, you agree to the collection and use of information as described in this Privacy Policy.
If you do not agree with this policy, please do not use our Website.
Applicable Laws & Compliance
This Privacy Policy is governed by and compliant with:
The Information Technology Act, 2000 and the Information Technology (Amendment) Act, 2008
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
The Digital Personal Data Protection Act, 2023 (DPDP Act) and its applicable provisions
The Consumer Protection Act, 2019
The Consumer Protection (E-Commerce) Rules, 2020 As an Indian brand, all data is processed in accordance with Indian law. Where applicable, we also align with international best practices including GDPR principles for our global visitors.
What Information We Collect
We collect information in the following ways:
3.1 Information You Provide Directly
When you create an account, place an order, subscribe to our newsletter, contact us, or interact with our Website, you may provide us with:
Personal identification information: Full name, email address, mobile number, date of birth (optional)
Delivery information: Delivery address, city, state, PIN code
Payment information: We do not store your full card details. Payments are processed through secure third-party payment gateways (Razorpay, PayU, or similar PCI-DSS compliant providers). We may store the last 4 digits of your card and payment method type for order reference only.
Account credentials: Username and encrypted password
Communication data: Messages you send us via contact forms, email, or WhatsApp
Information We Collect Automatically
When you browse our Website, we automatically collect:
Device and browser information: IP address, browser type and version, operating system, device type
Usage data: Pages visited, time spent on pages, links clicked, search queries on our site
Location data: Approximate location based on IP address (city/state level only — not GPS)
Referral data: How you arrived at our Website (e.g., Google, Instagram, direct link)
Cookie and tracking data: See Section 8 on Cookies for full details
3.3 Information From Third Parties
We may receive information about you from:
Social media platforms (Instagram, Facebook, YouTube) if you interact with our social accounts or use social login
Payment gateways (Razorpay, PayU) confirming successful payment transactions
Delivery partners (Shiprocket, Delhivery, BlueDart, etc.) regarding the status of your delivery
Analytics services (Google Analytics, Meta Pixel) providing aggregated insights about Website usage
4. How We Use Your Information We use the information we collect for the following purposes:
To Process and Fulfil Your Orders
Confirming and processing your purchase
Sending order confirmation, shipping notifications, and delivery updates via SMS and email
Coordinating with our logistics partners for delivery
Processing returns, refunds, and exchanges
4.2 To Manage Your Account
Creating and maintaining your customer account
Enabling you to view order history, saved addresses, and wishlist Resetting your password if requested
To Communicate With You
Responding to your queries, complaints, and feedback via email, WhatsApp, or phone
Sending transactional communications (order confirmation, payment receipts, shipping updates)
Sending promotional emails, offers, new launches, and skincare tips — only if you have opted in. You can unsubscribe at any time.
To Improve Our Products and Services
Analysing browsing and purchase patterns to understand what products and content our customers love
Conducting surveys and collecting feedback to improve our formulations and customer experience Identifying and fixing technical issues on our Website
For Marketing and Advertising
Showing you personalised advertisements on Google, Instagram, and Facebook based on your browsing behaviour and purchase history — using tools like Meta Pixel and Google Ads
Retargeting visitors who viewed products but did not complete a purchase All such advertising is conducted in line with the respective platform’s policies and applicable Indian advertising regulations.
For Legal and Security Purposes
Detecting and preventing fraud, unauthorised transactions, and security breaches
Complying with legal obligations under Indian law Resolving disputes and enforcing our Terms and Conditions.
Legal Basis for Processing Your Data
Under the DPDP Act, 2023 and applicable Indian law, we process your personal data on the following legal bases:
Purpose Legal Basis
Processing your order Performance of a contract
Sending transactional communications Legitimate interest / contractual necessity
Marketing and promotional emails Your explicit consent (opt-in)
Analytics and Website improvement Legitimate interest
Fraud prevention and security Legal obligation / legitimate interest
Compliance with law enforcement requests Legal obligation
Sharing Your Information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. However, we share your data with trusted partners strictly for the purposes outlined above:
Logistics and Delivery Partners
Your name, phone number, and delivery address are shared with our courier partners (Shiprocket, Delhivery, BlueDart, Ekart, and others) solely for the purpose of delivering your order.
Payment Gateway Providers
Your payment transaction data is processed by PCI-DSS compliant payment gateways (Razorpay, PayU, or equivalent). We do not receive or store your full card number or CVV.
Technology and Service Providers
We work with trusted technology providers for our Website operations including:
- Website hosting and cloud infrastructure
- Email marketing platforms (Mailchimp, Klaviyo, or similar)
- Customer support tools
- Analytics services (Google Analytics, Hotjar)
All such providers are bound by strict data processing agreements and are permitted to use your data only for the specified purpose.
Advertising Platforms
We use Meta Pixel (Instagram/Facebook) and Google Ads conversion tracking. These tools may use cookies and device identifiers to show you relevant MasKing advertisements. You can opt out through your ad account settings on these platforms.
Legal Authorities
We will disclose your personal information if required to do so by law, court order, government authority, or to protect the rights, property, or safety of MasKing, our customers, or the public.
Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected:
| Data Type | Retention Period |
| Order and transaction data | 7 years (as required by Indian tax and accounting laws) |
| Account information | Until you delete your account or request deletion |
| Payment records | As required by RBI and applicable financial regulations |
| Data Type | Retention Period |
| Marketing preferences and consent records | Until you unsubscribe or withdraw consent |
| Customer service communications | 2 years from last interaction |
| Website analytics data (aggregated) | 26 months (Google Analytics default) |
After the applicable retention period, your data is securely deleted or anonymised.
Cookies & Tracking Technologies
Our Website uses cookies and similar tracking technologies to enhance your experience.
What Are Cookies?
Cookies are small text files stored on your browser or device when you visit a website. They help us recognise you, remember your preferences, and improve your shopping experience.
Types of Cookies We Use
Essential Cookies:
These are necessary for the Website to function. They enable core functionality like your shopping cart, account login, and checkout. These cannot be disabled.
Analytics Cookies:
These help us understand how visitors interact with our Website — which pages are popular, where users drop off, and how they navigate. We use Google Analytics for this purpose. All data is aggregated and anonymised.
Marketing and Advertising Cookies:
These track your browsing to enable relevant advertising on external platforms like Instagram, Facebook, and Google. Tools include Meta Pixel and Google Ads tracking. You can opt out of these at any time.
Preference Cookies:
These remember your preferences such as your saved address, language settings, or recently viewed products.
Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our Website, including your ability to add items to cart or complete checkout.
You can also opt out of interest-based advertising through:
- Google: myaccount.google.com/data-and-privacy
- Meta (Facebook/Instagram): www.facebook.com/settings/ads
IAMAI Digital Advertising Alliance (India): www.youronlinechoices.com
Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, or disclosure, including:
- SSL/TLS encryption on all pages of our Website (HTTPS)
- Encrypted storage of passwords using industry-standard hashing
- PCI-DSS compliant payment processing — we never see or store your full card details
- Access controls — only authorised MasKing team members with a legitimate need can access customer data
- Regular security audits of our Website and systems
However, please note that no method of transmission over the internet or electronic storage is 100% secure. While we do our best to protect your personal information, we cannot guarantee its absolute security. If you suspect any unauthorised access to your account, please contact us immediately at support@themasking.com.
Your Rights Under the DPDP Act, 2023
As a data principal (individual whose data we process) under India’s Digital Personal Data Protection Act, 2023, you have the following rights:
Right to Access:
You have the right to know what personal data we hold about you and how it is being processed. You can request a copy of your personal data by writing to us.
Right to Correction:
You have the right to request correction of any inaccurate, incomplete, or outdated personal data we hold about you.
Right to Erasure (Right to be Forgotten):
You have the right to request deletion of your personal data, subject to legal retention obligations. Note: Deletion of your account will not affect data we are legally required to retain (e.g., transaction records for tax purposes).
Right to Withdraw Consent:
Where we process your data based on consent (e.g., marketing emails), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Grievance Redressal:
You have the right to have your grievances addressed by our appointed Data Protection Officer (DPO) promptly. See Section 15 for contact details.
Right to Nominate:
In the event of death or incapacity, you have the right to nominate another individual who may exercise your rights on your behalf.
To exercise any of the above rights, please email us at support@themasking.com with the subject line: “Data Rights Request — [Your Name]”. We will respond within 30 days of receipt.
Children’s Privacy
Our Website and products are intended for individuals aged 18 years and above. We do not knowingly collect personal data from children under the age of 18 without verifiable parental consent.
Our Baby Wipes product is marketed to parents and caregivers of babies and young children — not to the children themselves.
If you believe a child under 18 has provided us with personal information without parental consent, please contact us at support@themasking.com and we will promptly delete such information from our records.
. Third-Party Links
Our Website may contain links to third-party websites, social media platforms, and partner websites. These websites operate independently and have their own privacy policies. We are not responsible for the privacy practices of any third-party website.
We encourage you to review the privacy policies of any third-party websites you visit through links on our Website.
Common third-party links you may encounter:
- Instagram (Meta) · Facebook (Meta) · YouTube (Google)
- Razorpay / PayU (Payment)
- Google Analytics / Google Ads
Shiprocket / Delhivery (Logistics)
Cross-Border Data Transfers
MasKing is an Indian brand and primarily processes data within India. However, some of our third-party service providers (such as Google Analytics, Meta, Mailchimp) are based outside India and may process your data on servers located in other countries.
Where data is transferred outside India, we ensure that such transfers are done with appropriate safeguards as required by the DPDP Act, 2023 and applicable regulations, and only to countries or organisations that provide an adequate level of data protection.
Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page
- Display a notice on our Website homepage for a period of 30 days
- Send an email notification to registered customers where the change significantly affects how we process their data
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Website after any changes constitutes your acceptance of the updated Privacy Policy.
Grievance Officer & Contact Details
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address any privacy-related concerns.
Grievance Officer:Name: [Designated Officer Name]Designation: Grievance Officer — MasKingCompany: [Your Legal Company Name]Address: [Your Registered Office Address], Maharashtra, IndiaEmail: support@themasking.comResponse Time: Within 30 days of receipt of complaint
For General Support & Privacy Queries:
📧 Email: support@themasking.com 📱 WhatsApp: +91 XXXXX XXXXX 🕙 Support Hours: Monday–Saturday, 10:00 AM – 6:00 PM IST
Governing Law
This Privacy Policy and any disputes arising from it shall be governed by the laws of the Republic of India. Any disputes shall be subject to the exclusive jurisdiction of the courts located in [Your City], Maharashtra, India.