Privacy Policy

Data Controller / Data Fiduciary: Adalwin Commerce LLP, India.

For privacy questions, data access requests, or grievances, contact our Grievance Officer above. We respond to verifiable requests within 30 days, as required by law.

We collect the following categories of information:

• Account information. Name, username, email address, phone number, country, profile photo, and authentication tokens issued by sign-in providers (e.g., Apple Sign In).
• Garment & ownership data. Serial numbers, NFC chip IDs, claim history, transfer history, wear logs, and any content you add to your digital wardrobe (photos, captions, tags).
• Order & transaction data. Shipping address, order history, partial payment data shared by our payment processor (we do not store full card numbers — see Section 6).
• Device & usage data. IP address, device model, operating system, app version, language, time zone, referring URL, pages viewed, taps, and crash diagnostics.
• NFC tap data. When you tap a bilnr garment with a phone, we log the tap event (chip ID, timestamp, approximate location if you grant permission, and the resulting page view).
• Communications. Messages you send to support, survey responses, newsletter sign-ups, and waitlist submissions (including phone number).
• Social & community data. Public posts you make, comments, reactions, follows, and any content you publish inside the bilnr community.
• Cookies & similar technologies. See Section 9.

We do not knowingly collect special-category personal data (such as health, religion, or biometric data). Please do not submit such data.

We use information for the following purposes:

• Operate the Services — create and manage your account, authenticate you, deliver garments, link physical chips to your digital wardrobe, and process number transfers.
• Communicate with you — transactional emails, shipping updates, drop announcements, and service notices.
• Improve the Services — analytics, A/B testing, performance and crash diagnostics, and product research.
• Personalize your experience — surface relevant drops, leaderboards, and community content.
• Marketing — send you newsletters, drop invitations, or promotions about bilnr or other Adalwin Commerce LLP brands. You can opt out at any time.
• Trust and safety — detect fraud, prevent abuse, enforce our Terms of Service, and verify NFC chip authenticity.
• Legal & compliance — comply with tax, accounting, and law-enforcement obligations.

Our legal bases for processing under GDPR are: performance of a contract, our legitimate interests in operating and improving the Services, your consent (where required), and compliance with legal obligations.

We share information only as described below:

• Service providers. Cloud hosting (Vercel, Supabase, Amazon Web Services), payments (Razorpay), shipping (Delhivery, Shiprocket, FedEx), email (Brevo), analytics (Vercel Analytics, optionally Meta Pixel), and customer support tools.
• Meta Platforms. If you interact with bilnr ads on Facebook, Instagram, or Threads, or if we use the Meta Pixel / Conversions API on bilnr.com, anonymized event data may be shared with Meta to measure performance and serve relevant ads. You can control this via Section 9 (Cookies) and your platform privacy settings.
• Adalwin Group affiliates. Adalwin Commerce LLP operates several brands. We may share information internally for the purposes set out above, subject to the same protections.
• Legal & safety. We may disclose information to comply with valid legal process, protect our rights, or protect users from harm.
• Corporate transactions. In a merger, acquisition, financing, or sale of assets, your information may be transferred to the relevant successor, subject to this Policy.

We do not sell your personal data. We do not share your personal data with advertisers for cross-context behavioral advertising without your consent.

Profiles, public posts, comments, reactions, follower counts, and your displayed garment numbers are public by default and visible to other users and to anyone who visits your profile URL (e.g., bilnr.com/0247). You can adjust visibility in account settings where available. Information you choose to share publicly is your responsibility.

When bilnr posts on its own social-media accounts (Instagram, Threads, Facebook, X, TikTok), those platforms collect data about viewers under their own privacy policies. We do not control how those platforms process such data.

Payments are processed by PCI-DSS-compliant providers (Razorpay or its successor). Card numbers, CVVs, UPI handles, and bank credentials are entered directly with the provider; we do not see or store them. We retain billing metadata (transaction ID, payment method type, billing address) for accounting and dispute purposes.

Your information may be processed in India, the European Economic Area, the United Kingdom, the United States, and other countries where our service providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses and the provisions of India's DPDP Act for cross-border transfers.

We retain personal data only as long as necessary to provide the Services and to satisfy legal, accounting, or reporting requirements:

• Account data: for the life of your account, plus 90 days.
• Order, invoice, and tax records: 8 years (Indian tax-law requirement) or longer where applicable.
• NFC tap and wear logs: up to 5 years for analytics; aggregated indefinitely.
• Marketing consent records: until you withdraw consent.
• Backups: rolling 90-day retention; deletions propagate from production within 30 days.

We use cookies and similar technologies for authentication, security, analytics, performance, and advertising. Categories:

• Strictly necessary — session, CSRF, login state. Cannot be disabled.
• Analytics — aggregated traffic and product usage (Vercel Analytics).
• Advertising — if enabled, Meta Pixel / Conversions API and similar tools to measure ad performance and show relevant ads.

You can manage cookies in your browser settings, opt out of interest-based advertising via your platform privacy controls (Apple App Tracking Transparency, Meta Ad Preferences), or block tracking using extensions of your choice.

Subject to applicable law, you have the following rights with respect to your personal data:

• Access — obtain a copy of the personal data we hold about you.
• Correction — correct inaccurate or incomplete data.
• Deletion — request deletion of your data, subject to legal retention requirements. See our Data Deletion Instructions.
• Portability — receive a machine-readable copy of data you provided.
• Withdraw consent — withdraw consent for marketing or analytics at any time.
• Object / Restrict — object to or restrict certain processing.
• Lodge a complaint — with the Data Protection Board of India, your local supervisory authority (e.g., the ICO in the UK), or via our Grievance Officer.
• Nominate a person — under India's DPDP Act, you may nominate someone to exercise your rights in case of death or incapacity.

To exercise these rights, email privacy@adalwin.com. We will verify your identity before fulfilling requests.

We use technical and organisational measures including TLS in transit, encryption at rest, role-based access, audit logging, and regular security reviews. NFC chips on /99 (Nova) tier garments use NTAG 424 DNA with rolling Secure Unique NFC (SUN) authentication codes to prevent cloning. No system is perfectly secure; we cannot guarantee absolute security but we work to reduce risk.

The Services are intended for users aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe a child has provided us data, contact us at privacy@adalwin.com and we will delete it.

We may update this Policy. Material changes will be posted here with a new effective date and, where appropriate, notified to you in app or by email. Continued use of the Services after the effective date constitutes your acceptance of the updated Policy.

For any privacy matter, contact: