Legal

Privacy Policy

This Privacy Policy explains how OXLO LEATHER ("OXLO LEATHER", "we", "us", or "our") collects, uses, shares, retains, and protects your personal information when you use our website, our mobile applications distributed via Google Play, or otherwise interact with us.

Last updated: 7 May 2026 · Effective date: 7 May 2026

1. Who We Are

OXLO LEATHER is a Pakistan-based manufacturer of premium handcrafted leather goods, including jackets, bags, wallets, belts, gloves, and travel accessories. Our atelier is located on Pasrur Road, Sialkot, 51310, Pakistan.

Data Controller: OXLO LEATHER

Address: Pasrur Road, Sialkot, 51310, Pakistan

Phone: +92 321 845 7192

Email: privacy@oxlolr.com

2. Scope of This Policy

This Privacy Policy applies to:

  • Our website at oxlolr.com and all related sub-domains;
  • Any mobile applications we publish on Google Play and other app stores;
  • Inquiries you send us by phone, email, or our online form; and
  • Business and wholesale relationships you enter into with us.

By using our website or applications, or by submitting information to us, you confirm that you have read and understood this Privacy Policy.

3. Information We Collect

3.1 Information you provide directly

  • Identity & contact details: name, company, email address, phone number, postal address.
  • Inquiry content: messages, project briefs, attachments, and product preferences submitted through our forms.
  • Order & transaction data: purchase orders, invoices, shipping addresses, and tax identifiers (for business clients).
  • Account information (apps only): if you create an account in one of our applications, we collect your email and a hashed password.

3.2 Information collected automatically

  • Device & technical data: IP address, browser type, operating system, screen size, language preferences.
  • Usage data: pages viewed, time spent, referring URLs, and approximate location derived from IP address.
  • App diagnostics: crash logs, performance metrics, and non-personalised usage analytics.

3.3 Information from third parties

  • Payment processors who confirm transaction status (we do not receive full card details).
  • Logistics partners who provide shipment tracking updates.
  • Marketing referral data from partners or affiliates, where applicable.

We do not collect sensitive categories of personal data such as health, biometric, racial, religious, or sexual orientation information, and we do not sell your personal information to anyone.

4. How We Use Your Information

We use personal information for the following purposes:

  • To respond to inquiries and provide quotes for products and services;
  • To process orders, manage shipments, and handle returns or warranty claims;
  • To create and maintain user accounts in our mobile applications;
  • To operate, maintain, and improve our website and applications;
  • To diagnose technical issues and prevent fraud or abuse;
  • To communicate service updates, order status, and important notices;
  • With your consent, to send marketing communications you may unsubscribe from at any time;
  • To comply with applicable laws, regulations, and lawful requests from authorities.

6. How We Share Information

We share personal data only with the following categories of recipients:

  • Service providers: hosting, analytics, email delivery, customer support, and IT infrastructure vendors operating under data processing agreements.
  • Logistics partners: couriers, freight forwarders, and customs brokers required to ship your order.
  • Payment processors: licensed providers who handle card payments and bank transfers.
  • Professional advisors: auditors, accountants, and lawyers, bound by confidentiality.
  • Authorities: where disclosure is required by law, court order, or to protect rights and safety.
  • Successors: in the event of a merger, acquisition, or sale of assets, with the same protections continuing.

We do not sell, rent, or trade your personal information.

7. Third-Party Services

Our website and applications may use third-party services such as Google Analytics, Google Play Services, Firebase, and customer messaging tools. These providers process limited data on our behalf to help us understand usage, deliver services, and keep our products secure. Their use of data is governed by their own privacy policies, which we recommend reviewing.

8. Google Play Data Safety Disclosure

For applications we distribute on Google Play, we provide the following Data Safety information consistent with Google Play policies:

Data Collected

  • Personal info: name, email address (collected for account creation, encrypted in transit, optional unless creating an account).
  • App activity: in-app actions, screen views (collected for analytics, encrypted in transit).
  • App info and performance: crash logs, diagnostics (collected for app stability, encrypted in transit).
  • Device or other IDs: for fraud prevention and analytics (encrypted in transit).

Data Sharing

We share crash logs and diagnostic data with our analytics provider solely to maintain and improve the application. We do not share any user data with third parties for advertising or sale.

Security & Practices

  • All data is encrypted in transit using TLS.
  • You can request that your data be deleted (see Section 15).
  • We follow Google Play's Families Policy where applicable.
  • Our app has been independently reviewed against industry security best practices.

9. App Permissions

Where our mobile applications request device permissions, each is used only for the specific purpose described below:

  • Internet access: required to load product information and submit inquiries.
  • Storage / photos (optional): only used if you choose to attach an image to an inquiry; access is requested at the moment of use.
  • Notifications (optional): only used to notify you of order status updates, where you have opted in.
  • Camera (optional): only used if you choose to capture an image to attach to a custom-order inquiry.

We do not request access to contacts, microphone, precise location, SMS, call logs, or any other sensitive permission category.

10. Children's Privacy

Our website, applications, and services are intended for users aged 16 years and older, or the age of digital consent in your jurisdiction, whichever is higher. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@oxlolr.com and we will delete it promptly.

11. Data Retention

We retain personal information only as long as necessary for the purposes described:

  • Inquiries & quotations: up to 24 months after last contact;
  • Order records: up to 7 years, to satisfy tax and accounting obligations;
  • App accounts: until you delete your account, plus up to 90 days for backup removal;
  • Analytics and diagnostics: typically 14 months in aggregated form.

When retention is no longer necessary, data is deleted or anonymised.

12. Security

We implement appropriate technical and organisational measures including encryption in transit (TLS), restricted access controls, hashed credential storage, regular security reviews, and staff training on confidentiality. No method of transmission or storage is 100% secure; however, we work continuously to safeguard your information.

13. International Data Transfers

We are based in Pakistan and may use service providers located outside your country, including in the European Union, the United Kingdom, and the United States. Where required, we put appropriate safeguards in place such as Standard Contractual Clauses or equivalent mechanisms recognised by applicable law.

14. Your Rights & Choices

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your personal data ("right to be forgotten");
  • Object to or restrict certain processing;
  • Request a portable copy of data you provided us;
  • Withdraw consent at any time;
  • Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, email privacy@oxlolr.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

15. Account & Data Deletion

If you have created an account in one of our applications and would like to delete your account and associated personal data, you may do so in either of the following ways:

  • In-app: Go to Settings → Account → Delete my account and follow the prompts.
  • By email: Send a deletion request to privacy@oxlolr.com from the email address associated with your account.

Upon verification, we will delete your account and personal data within 30 days. Certain records (such as completed orders and tax invoices) may be retained for the periods described in Section 11 to comply with our legal obligations.

16. Cookies & Similar Technologies

Our website uses a small number of cookies and similar technologies for the following purposes:

  • Strictly necessary: session, security, and load balancing.
  • Performance & analytics: aggregated usage measurement to help us improve the site.
  • Preferences: language, region, and display settings.

You can control cookies through your browser settings. Blocking non-essential cookies will not affect your ability to browse the site or submit inquiries.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will be flagged on our website and, where appropriate, in-app. Continued use of our services after an update constitutes acceptance of the revised policy.

18. Contact Us

For questions about this Privacy Policy, to exercise any rights described above, or to raise a concern, please contact us:

OXLO LEATHER — Privacy Office

Pasrur Road, Sialkot, 51310, Pakistan

Phone: +92 321 845 7192

Email: privacy@oxlolr.com