Policy · 01 of 05Effective 29 April 2026

Privacy Policy.

How Flamingo Lifestyles collects, uses, shares and safeguards your personal information when you browse our site, place an order from the signature collection, engage us for a project, or simply send us a message. Read alongside our Terms of Use and Cookie Notice.

01 Who we are

Flamingo Lifestyles ("we", "us", "our") is a Bengaluru-based studio offering interior design, furnishing, construction, project management, custom furniture, after-care, and a curated signature collection of furniture available for direct purchase. We are registered in India under GSTIN 29CLQPD8025F1ZW, with our studio at Sy No. 87, Virgonagar Post, Bidarahalli Hobli, Cheemasandra, Bengaluru 560049.

This Privacy Policy explains how we handle your personal information when you visit www.flamingolifestyles.com, sign in to the customer portal, place an order, request a quote, share files, or interact with us through email, WhatsApp or phone. By using the site or our services you accept the practices described here. If you do not agree, please do not share information with us.

02 Personal information we collect

a. Information you provide

  • Account — name, email, mobile, password (hashed), avatar (optional).
  • Project enquiries — service category, property type, location, room area, budget band, timeline, references, notes; uploaded plans, drawings, 3D renders or moodboards.
  • Orders from the signature collection — billing address, delivery address, GSTIN (if a business buyer), special instructions, gift notes.
  • Communications — emails, WhatsApp messages, voice notes, support tickets, callback requests.
  • Phone verification — we receive confirmation that the OTP we sent was correctly entered. We do not store the OTP itself.
  • Newsletter and marketing — your email or mobile, your preferences, your consent timestamp.
  • Surveys, testimonials, careers — anything you choose to share when invited.

b. Information collected automatically

  • Device — browser, operating system, device class, screen size.
  • Network — IP address, approximate location (city-level), referrer URL.
  • Behaviour — pages viewed, time on page, scroll depth, click events, internal search queries.
  • Cookies and similar storage — see our Cookie Notice.

c. Information from third parties

  • Payment status — confirmation from Razorpay that a transaction succeeded, including the payment ID, amount and method. We do not store your card or UPI credentials.
  • Authentication identifiers — anonymised IDs from Firebase / Google when you sign in or verify by phone.
  • Logistics events — delivery scans from our logistics partners.
  • Analytics — aggregated and pseudonymised traffic patterns from Google Analytics 4.

03 How we use your information

We use your information for the following purposes:

  • Create and maintain your customer account and the customer portal.
  • Process orders for the signature collection — confirmation, payment, dispatch, installation, after-care.
  • Quote, plan and execute interiors, furnishing, construction or styling projects.
  • Schedule discovery calls, site visits, deliveries and installation appointments.
  • Communicate with you over email (Gmail SMTP), WhatsApp Business Cloud API and voice — for OTPs, order updates, project milestones, after-care reminders and our reply to your messages.
  • Personalise the site, recommend pieces from the signature collection, and tailor follow-up communication.
  • Issue invoices, GST returns and other tax/accounting records.
  • Analyse traffic, troubleshoot bugs and improve the site.
  • Detect and prevent fraud, abuse, misuse and spam.
  • Meet our legal, regulatory and audit obligations.

We rely on the lawful bases of your consent, performance of a contract, compliance with law and our legitimate interests in running and improving the studio.

04 Sharing your information

We do not sell or rent your personal data. We share it only with the following categories of recipients, each of whom is contractually bound to use the data solely for the purpose we share it:

  • Payment processors — Razorpay (and any future processor we add) to authorise and settle payments and to confirm receipts.
  • Cloud and infrastructure providers — Google (Firebase Authentication, Firestore, Cloud Storage, Maps, Analytics, Gmail SMTP), Vercel (web hosting), Cloudflare (DNS, CDN, WAF). Most processing happens in India; some happens in the United States with appropriate safeguards.
  • Communication providers — Meta's WhatsApp Business Cloud API for transactional WhatsApp messages, our SMS aggregator for OTPs.
  • Logistics and installation partners — courier and white-glove delivery partners and on-ground installation teams handling your delivery.
  • Material vendors and manufacturers — only where the order requires us to share shipping or fitting details with the maker.
  • Professional advisors — lawyers, accountants and auditors as required.
  • Authorities — law enforcement or regulators when compelled by lawful process or to protect rights, property, or safety.
  • Successors — in case of a merger, acquisition or restructuring, your data may be transferred to the surviving entity, subject to the protections in this Policy.

05 International transfers

Some of our service providers (notably Google Cloud, Vercel, Meta) host or process data outside India. Where this happens we rely on the safeguards published by those providers — including data-processing agreements, the EU Standard Contractual Clauses where applicable, and equivalent commitments — and we minimise the data we transfer to what is strictly required to deliver the service to you.

06 How long we keep data

  • Account data — for as long as the account is active, plus 24 months for tax and audit reasons.
  • Order records and invoices — 7 years (the retention period under Indian tax law).
  • Project files (drawings, 3D renders, site photos) — 5 years from project closure.
  • Marketing consent records — until you withdraw consent, plus 12 months as proof of consent at the time it was given.
  • Site analytics — pseudonymised, up to 26 months.
  • Support tickets and conversations — 24 months.
  • Backups — encrypted, with rolling deletion of older snapshots.

We delete or anonymise data sooner where the law allows and the data is no longer needed.

07 Your rights

Under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the rules issued under it, you have the following rights:

  • Access — confirmation of whether we hold data about you, and a copy of it.
  • Correction of data that is inaccurate, incomplete or misleading.
  • Erasure of your account and personal data, subject to legal retention.
  • Withdrawal of consent at any time. Withdrawal does not affect processing already carried out.
  • Nomination — appoint another individual to exercise your rights in case of incapacity or death.
  • Grievance redressal — raise a complaint with our Data Protection Officer; if unresolved, escalate to the Data Protection Board of India.

To exercise any right, write to privacy@flamingolifestyles.in from your registered email or attach proof of identity. We respond within 30 days.

08 Marketing communications

We send occasional emails about new collections, studio events, project case studies, and limited-edition pieces — only to people who have explicitly opted in. Every marketing email carries a one-click unsubscribe link. Withdrawing marketing consent does not affect transactional messages such as OTPs, order confirmations, dispatch notifications and project updates, which we send to fulfil the contract.

For WhatsApp, marketing-category messages are sent only with prior opt-in and only via Meta-approved templates. You can stop these any time by replying STOP.

09 Cookies & tracking

We use cookies, local storage and similar technologies to keep you signed in, remember your preferences (such as theme and saved estimate-form drafts), measure the site's performance and protect against fraud. The full list, lifetime and categories are in our Cookie Notice.

10 Security

We protect your data with industry-standard measures, including:

  • Encryption in transit — TLS 1.3 across the public site, the customer portal and our APIs.
  • Encryption at rest — wherever the underlying provider supports it (Firebase, Vercel, Cloudflare R2 if used).
  • Server-side authorisation — Firestore security rules enforce access at the data layer; the client cannot bypass them.
  • Phone-OTP verification on the customer portal.
  • Strong password policies — minimum length, breach checks, hashed and salted at rest.
  • Audit logs for admin actions on customer records, invoices and content.
  • Need-to-know access — only authorised studio staff can access customer data, and access is logged.
  • Backups — encrypted, geo-redundant, with regular restore drills.

No system is perfectly secure. If we ever discover a breach affecting your data we will notify you and the Data Protection Board of India within the timelines required by law.

11 Children

Our services and the signature collection are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have, please contact us and we will delete it.

12 Changes to this Policy

We may update this Privacy Policy from time to time. The "Effective" date at the top of the page tells you when the current version took effect. For material changes we will notify you by email and/or with a banner on the site, and we will refresh consent where required by law.

13 How to contact us

For privacy questions, requests or grievances:

Data Protection Officer
Flamingo Lifestyles
Sy No. 87, Virgonagar Post, Bidarahalli Hobli,
Cheemasandra, Bengaluru 560049, Karnataka, India
Email: privacy@flamingolifestyles.in
Phone: +91 8123426007

If we are unable to resolve your concern, you may approach the Data Protection Board of India at the contact details published on its official website.

Other policies.

Our complete legal stack — read alongside this policy.