Privacy Policy

Effective: 4 June 2026  ·  Last updated: 4 June 2026

This is how we handle your data at Ethos & Array. We follow the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

What this means:

• We do not sell your personal data.
• We collect what is needed to run your account, your chat, and your wishlist, and to improve the Service.
• You may access, correct, or delete your data at any time by writing to hello@ethosarray.com.

1. Who we are

Ethos & Array is an online discovery experience for fashion, home, and lifestyle goods. Under the DPDP Act we are the Data Fiduciary for your personal data. Clicking a product link takes you to the brand’s own website, which has its own terms and privacy practices.

2. What we collect

When you give it to us:

• Account information — name, email, and password (stored as a salted hash; we never see your raw password).
• From a third-party sign-in, if you choose — the name, email, and profile photo passed to us.
• Optional — phone number, country, currency preference.
• Content — what you type into the concierge, items you save, and anything you email us.

Automatically, as you browse:

• Essential cookies to keep you signed in and remember your preferences.
• Analytics cookies (only if you accept them) to help us understand how the Service is used.
• Standard device information — IP address, browser type, language, referring URL, and timestamps.

We don’t collect government IDs, payment details, biometric data, or precise location. Please don’t put sensitive personal information (health, religion, etc.) into your prompts.

3. How we use it

• Run your account and process your prompts.
• Generate the recommendations you came for.
• Respond to your messages and send essential service notices.
• Email you, from time to time, about our products, services, and updates. You can unsubscribe anytime from the link in any such email, or by writing to us.
• Improve the Service.
• Keep things safe — prevent fraud, abuse, and misuse.
• Meet our legal obligations.

We don’t profile you for advertising. We don’t sell your data.

4. Legal basis (DPDP Act)

We rely on:

• Your consent — for analytics cookies and marketing messages. Withdraw anytime via Cookie preferences in the footer or by writing to us.
• Performance of the Service you asked for — to run your account and process your prompts.
• Other legitimate uses recognised by law — security, fraud prevention, and complying with legal obligations.

5. Who we share with

• Service providers who help us run and improve the Service, under contract.
• Brand websites you click through to — your browser navigates there directly, with its own privacy practices. We don’t share your account information with them.
• Authorities, only where legally required.
• A successor entity, if the business is sold, reorganised, or transferred, with notice to you.

6. Cookies

We use a small number of cookies, grouped as:

• Essential — required for the Service to work and to remember your preferences.
• Analytics — set only with your consent, and used to understand how the Service is used.

You can accept all, reject all, or open Customize to control analytics. You can change your choice anytime via Cookie preferences in the footer.

7. How long we keep it

We keep personal data only as long as it’s useful for the purposes above, or as required by law. Your account, chat history, and wishlist live as long as your account does. When you delete your account, we erase your personal data within 30 days, unless law requires us to keep it longer.

8. Your rights

You can ask us to:

• Show what we have, correct it, or delete it.
• Withdraw consent where we rely on it.
• Send you a copy in a portable format.
• Nominate someone to exercise these rights on your behalf.

Email hello@ethosarray.com from your registered address. We respond within the timeframes the DPDP Act requires. If a concern isn’t resolved, follow our grievance process (Section 10), or contact the Data Protection Board of India once it is operational.

9. International transfers, security, and children

Some of the infrastructure we use is located outside India. We rely on contractual safeguards and the cross-border rules of the DPDP Act, and we don’t transfer personal data to countries the Government of India has restricted.

Traffic to the Service is encrypted; passwords are hashed; access is restricted. If a personal data breach happens that’s likely to affect your rights, we’ll notify you and the relevant authorities as required.

The Service is not intended for anyone under 18. If you believe a minor has provided personal data, tell us and we’ll delete it.

10. Grievances

For any grievance about how we handle your personal data, write to us at hello@ethosarray.com with “Grievance” in the subject line. We acknowledge within 24 hours and aim to resolve within 15 days.

11. Changes and contact

We may update this policy from time to time. We’ll revise the “Last updated” date and, for material changes, notify you in advance through the Service or by email.

Questions: hello@ethosarray.com.