Skip to main content
Kaam Shop

Privacy policy

This policy describes the personal data Kaam Shop collects when you use the site, how we use it, how long we keep it, and the controls you have over it.

What we collect

When you create an account we store your email, optional mobile number, full name, and a hash of your password. When you place an order we additionally store the shipping address you enter (full name, mobile, province, city, address line, postal code, optional national-ID), the items you ordered, and the payment status returned by ZarinPal. We never see your card number — that flows directly between you and ZarinPal.

How we use it

We use your data to operate the shop: deliver orders, send transactional emails and SMS (order placed, payment received, shipped), recover your account if you lose access, and answer support questions you raise. We do not sell or rent your data.

Who we share it with

We share your data only with service providers strictly necessary to operate the shop: ZarinPal (payment), our SMS provider (Kavenegar), our SMTP relay, and the courier you select at checkout. Each provider receives only the fields they need (e.g. the courier sees the address; the SMS provider sees the mobile number and the message body).

How long we keep it

Active accounts: as long as you keep the account. Order records: 10 years, as required by Iranian tax law. Audit log of sensitive admin actions: 5 years. Soft-deleted accounts (you click "Delete my account"): held for 30 days as a grace window, then anonymized — your name, email, mobile, address book, cart, wishlist, and reviews are erased; the order rows themselves stay (with personal fields scrubbed) so we can fulfil tax obligations.

Your rights

You can update your profile and addresses at any time from your account. You can request a copy of the data we hold about you by emailing privacy@kaamshop.ir. You can delete your account from /account/privacy. Deletion is immediate (you are signed out and can no longer log in); after 30 days your personal data is erased.

Cookies

Strictly-necessary cookies (always on): the session cookie that keeps you signed in, the CSRF token cookie that protects forms from cross-site abuse, and a tiny cookie that remembers your language preference. Analytics cookies (off by default, opt-in via the banner): if you accept the banner we may load anonymous analytics to understand how the shop is used. We do not load any analytics cookie until you press Accept.

Security

We hash passwords with bcrypt, serve every page over TLS in production, send security-related headers (HSTS, CSP, X-Frame-Options), and back the database up daily off-site.

Contact

Questions about this policy or about your data: privacy@kaamshop.ir.

Last updated: 10 May 2026.

We use a small number of strictly-necessary cookies to keep you signed in and your cart safe. With your permission we may also use anonymous analytics cookies to improve the shop.   Read our privacy policy