Privacy Policy

Last updated: March 23, 2026

1. Introduction

Veshra (“we”, “our”, or “us”) is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and make purchases from us. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the European Union's General Data Protection Regulation (GDPR).

By using our website, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: Name, email address, and password (stored as a secure hash) when you register for an account.
  • Order information: Shipping address, billing details, items purchased, and payment amounts.
  • Payment information: Payment card details are processed directly by Stripe and are never stored on our servers. We only receive a payment confirmation and transaction ID from Stripe.
  • Wallet information: If you use our internal wallet feature, we store your wallet balance and transaction history.
  • Communications: Any messages you send us through our contact form.
  • Usage data: IP address, browser type, pages visited, and referring URL, collected automatically for security and analytics purposes.

3. How We Use Your Information

We use the information we collect to:

  • Process and fulfil your orders
  • Send order confirmations, shipping updates, and receipts via email
  • Manage your account and wallet balance
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or unauthorised activity
  • Send promotional emails (only with your consent; you can unsubscribe at any time)
  • Improve our website and services
  • Comply with legal obligations

4. Third-Party Service Providers

We share your information with trusted third-party providers only as necessary to operate our business:

  • Stripe: Payment processing. Stripe processes your card details under their own privacy policy. Veshra does not store card numbers. View Stripe's Privacy Policy →
  • Resend: Transactional email delivery (order confirmations, shipping updates). Email content includes your name and order details.
  • Neon (PostgreSQL): Database hosting for your account, orders, and wallet data. Data is stored on servers in the United States with encryption at rest.
  • Vercel: Website hosting and deployment. Vercel may process server access logs including your IP address.

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

5. Cookies

We use an HTTP-only session cookie to keep you logged in. This cookie contains a signed JWT token and does not track your activity across other websites. We do not use advertising or third-party tracking cookies.

6. Data Retention

We retain your personal information for as long as your account is active, and for up to 7 years after account closure for legal and tax compliance purposes. Order records are retained for accounting purposes as required by Canadian tax law. You may request deletion of your account and associated data at any time (see Section 8).

7. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption, bcrypt password hashing, HTTP-only session cookies, and server-side input validation. While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. In the event of a data breach that poses a risk of significant harm, we will notify affected users and relevant authorities as required by law.

8. Your Rights

Under PIPEDA and applicable provincial privacy laws, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and personal data (subject to legal retention requirements)
  • Withdraw consent for optional processing activities (e.g., marketing emails)
  • Port your data in a structured, machine-readable format (GDPR users)

To exercise any of these rights, please contact us. We will respond within 30 days.

9. Children's Privacy

Our website is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised “Last updated” date. For material changes, we will notify registered users by email. Your continued use of our website after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us. You may also file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.