StorllyTerms of service →

Legal

Privacy Policy

Last updated: May 2025

1. Who We Are

Storlly operates an e-commerce platform for merchants in Nepal. This policy explains what data we collect from merchants and their customers, how we use it, and your rights regarding that data. Contact us at privacy@storlly.com with any privacy questions.

2. Data We Collect

From merchants:

  • Account information: full name, email address, phone number, business name and type.
  • Store configuration: store name, logo, product listings, pricing, and theme preferences.
  • Payment method settings: which gateways you enable (we do not store card numbers — payment data goes directly to eSewa, Khalti, or FonePay).
  • Usage data: pages visited in the ERP, features used, error logs for debugging.

From customers placing orders on merchant storefronts:

  • Delivery information: name, phone number, address, city, district.
  • Order details: items ordered, quantities, amounts, payment method chosen.
  • Session data: device type, browser, approximate location (district level) for analytics.

3. How We Use Your Data

  • To create and operate your merchant account and store.
  • To process and fulfill orders placed on merchant storefronts.
  • To provide merchants with analytics (revenue, order trends, province-level data).
  • To send transactional emails: order confirmations, password resets, platform updates.
  • To improve the platform: we analyze aggregated, anonymized usage patterns.
  • To comply with legal obligations under Nepali law.

4. Data Sharing

We do not sell personal data. We share data only in these circumstances:

  • Payment gateways (eSewa, Khalti, FonePay): order amounts and reference IDs are shared to process payments, per those providers' terms.
  • Merchants receive customer data: when a customer places an order, their name, phone, and delivery address are visible to the merchant who runs that store. Customers consent to this by placing an order.
  • Legal requirements: we may disclose data if required by a valid court order or Nepali regulatory authority.

5. Data Storage & Security

Merchant and customer data is stored on servers in or accessible from Nepal, using reputable cloud infrastructure. We use encrypted connections (HTTPS/TLS) for all data in transit. Passwords are hashed and never stored in plain text.

No system is perfectly secure. We notify affected merchants within 72 hours of discovering a data breach that may affect their store or customers.

6. Cookies

We use session cookies to keep merchants logged into the ERP. We use analytics cookies to understand aggregate platform usage (e.g. which ERP features are most used). We do not use advertising or cross-site tracking cookies. Storefronts may set cookies for cart persistence and session state.

7. Data Retention

Merchant account data is retained while your account is active and for 30 days after closure, during which you may request an export. Order data on active stores is retained as long as the store exists. Anonymized, aggregated analytics data may be retained indefinitely.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you — request a copy at privacy@storlly.com.
  • Correct inaccurate data — update your profile in the ERP Account settings.
  • Delete your account and associated data — close your account from Account settings or email us.
  • Export your store data (products, orders, customers) in CSV format before closing.

9. Changes to This Policy

We will notify merchants by email at least 14 days before making material changes to this policy. The latest version is always at storlly.com/legal/privacy.

10. Contact

For privacy requests, data exports, or deletion requests, contact privacy@storlly.com. We respond within 7 business days.