Sahar Modesty
Enquire

Legal

Privacy Policy

How we handle your personal information — collected only to design, fit and deliver your gown, and protected under the Australian Privacy Act 1988.

Model in a lilac beaded modest gown with a sheer overlay.Sahar ModestyModest occasionwear · made in Australia

Last reviewed June 2026. This summary is written in plain language; the Sahar Modesty atelier confirms the specifics of your order in writing.

What we collect

Contact details (name, email, phone), order and fitting information (measurements, event date, delivery address), messages you send us, and — for fraud prevention and security on public forms — your IP address and browser type. Payment card details are entered directly with our payment processor and are never stored on our servers.

How we use it

To respond to enquiries, prepare quotes, take and fulfil orders, arrange fittings and hire returns, and — only with your explicit consent — to send occasional news. We never sell your information.

Marketing consent

Marketing emails are strictly opt-in (double opt-in) in line with the Spam Act 2003. Every message carries a working unsubscribe link, and we record when and how you consented. You can withdraw consent at any time.

How long we keep it (retention)

We keep only what we need, for only as long as we need it:

• Enquiry IP address and browser details are redacted after 90 days.
• Anonymous analytics events are purged after 14 months.
• Order and financial records are retained for the period Australian tax and consumer law requires, then minimised.
• Marketing consent records are kept while you remain subscribed and for a reasonable period after, as evidence of consent.

Your rights — access, correction & deletion

Under Australian Privacy Principles 11–13 you may ask us to (1) give you a copy of the personal information we hold about you, (2) correct anything inaccurate, and (3) delete your information where we are not legally required to keep it. Email us or use the contact form and we will action your request promptly; an in-account privacy dashboard for self-service export and deletion is being rolled out.

Cookies

We use necessary cookies to run the site, and — only with your consent — analytics cookies to understand how the site is used. You choose your preferences in our cookie banner and can change them at any time. We do not use advertising trackers by default.

Who we share it with

We use trusted processors purely to operate the business — payments (Stripe), hosting and database (Supabase, Vercel), and email delivery (Resend). They process your data on our instructions and under their own security and privacy obligations. We may disclose information where required by law.

Security

Access to personal information is restricted, transmitted over encrypted connections, and guarded by row-level security and strict server-side controls. No system is perfectly secure, but we take protecting your information seriously.

Contact

Questions about your privacy, or to make a request, reach us via the contact page. We aim to respond within a reasonable timeframe.