SUKOON FIT

Sukoon Fit — Privacy Policy

Last updated: 20 May 2026

Who Operates Sukoon Fit

Sukoon Fit (sukoonfit.com) is a clothing and apparel brand operated by Market Catalyst Enterprises, an FBR-registered sole proprietorship based in Lahore, Pakistan. In this policy, "we", "us" and "Sukoon Fit" all refer to that entity. Our registered business address is set out in our Terms and Conditions. The proprietor's full legal name and NTN/CNIC are on file with the Federal Board of Revenue, our payment service provider, and our courier partner, and are disclosed on lawful request.

This policy explains, in plain English, what personal data we collect when you visit sukoonfit.com or place an order, why we collect it, how we use it, who we share it with, and the rights you have over it. By using the site or placing an order, you confirm you have read and understood this policy.

What We Collect

We only collect the personal data we need to take your order, deliver it, communicate with you, and run the site safely. Specifically:

  • Identity and contact details — your name, email address, phone number and shipping address. You provide these directly at checkout.
  • Order details — the products you bought, sizes and colours, prices, dates, and order status. We keep an order history so we can support returns, exchanges and queries.
  • Payment method type — today, all orders are placed on a Cash on Delivery basis, so we do not collect any card or banking data at checkout. We are currently in the process of onboarding PayFast, a State Bank of Pakistan–licensed payment service provider, as our online payment gateway. Once PayFast goes live, card, bank account, Raast, and mobile wallet details will be entered on PayFast's own secure page and handled entirely by PayFast; we will never collect, see or store your full card number. We will retain only the payment method type, a transaction reference from PayFast, and any partial card details PayFast shares with us for reconciliation and refund purposes.
  • Communication logs — if you contact us by email, WhatsApp, SMS or our on-site contact form, we keep a record of what was said so we can pick up where we left off and resolve issues fairly.
  • Device and usage data — your IP address, device type, browser, screen size and the pages you viewed on our site. This is collected automatically through cookies and similar technologies for analytics, security and fraud prevention.

Why We Collect It (Legal Basis)

Different pieces of data sit on different legal grounds. To be specific:

  • Performance of a contract — your name, address, phone number, email and order details are needed to fulfil the sale agreement when you place an order. Without them we cannot deliver your purchase.
  • Consent — we use marketing communications (promotional email, newsletter, marketing SMS or WhatsApp) only with your express opt-in consent. You can withdraw that consent at any time by unsubscribing or contacting us, without affecting the lawfulness of any processing that took place before withdrawal.
  • Legitimate interest — we use device, IP, usage data and non-essential analytics cookies (Google Analytics 4, Meta Pixel, FullStory) to keep the site secure, prevent fraudulent orders, measure how customers use the site, and improve it. We have weighed this interest against your privacy and only retain what is needed. You can block these in your browser or with a tracker-blocker; see our Cookies Policy.
  • Legal obligation — we keep records of sales for the period required by Pakistani tax law (Federal Board of Revenue requirements) and consumer protection law.

We Do Not Sell Your Data

We do not sell, rent or trade your personal data to anyone. We only share it with the service providers we need to in order to run the business — listed below — and we only share the minimum required for them to do their job.

Third Parties We Share Data With

The third-party services we currently use are:

  • PayFast (being onboarded — not yet live) — our upcoming online payment gateway, licensed by the State Bank of Pakistan as a PSO/PSP. Once PayFast is enabled, customers who choose to pay online will provide their name, email, phone, billing address, and payment details (card, bank account, Raast, or mobile wallet) directly on PayFast's secure page. PayFast's own privacy practices will govern that data and are available at gopayfast.com. We will update this policy once PayFast is live at our checkout.
  • TCS — courier and logistics partner. We share your name, shipping address and phone number so they can deliver your order and contact you about delivery. Their privacy practices are governed by their own policy.
  • Supabase — our cloud database and hosting backend, used to store order records securely. Supabase processes data on our behalf under a data-processing relationship.
  • Google Analytics 4 — by Google. Used for website analytics (page views, traffic sources, device type, conversion events). When you complete a purchase, we also pass your email address to Google as a User-ID, and your city, so that past and future sessions across devices can be joined to your customer record. Subject to Google's privacy policy at policies.google.com/privacy.
  • Meta Pixel — by Meta Platforms. Used to measure the performance of our advertising on Facebook and Instagram. The pixel records browsing events such as page view, add-to-cart, checkout start, and purchase. Where you provide an email or phone number, those values may be transmitted to Meta in hashed form (Advanced Matching) to attribute conversions to ads. Subject to Meta's privacy policy at facebook.com/privacy/policy.
  • FullStory — session replay and behavioural analytics. Records on-site behaviour (clicks, scrolls, navigation patterns) with sensitive form fields masked. When you complete a purchase, we identify your FullStory session by your email and pass your name, phone, city and province so that past and future sessions are linked to your customer record. Subject to FullStory's privacy policy at fullstory.com/legal/privacy-policy.
  • Vercel — our hosting and infrastructure provider.

We may also disclose data where required by law — for example, to comply with a lawful order from a Pakistani court or regulator, or in response to a verifiable legal request under the Prevention of Electronic Crimes Act 2016 (PECA).

Where Your Data Is Stored and Processed

Several of the service providers above process and store data outside Pakistan — including Supabase (database hosting), Vercel (web hosting and infrastructure), Google (analytics), Meta (advertising) and FullStory (session analytics). Where that happens, we rely on the providers' contractual safeguards and standard industry security practices (encryption in transit and at rest, access controls, audit logging) to protect your data. By placing an order or using the site you understand that your personal data may be transferred to, and processed in, countries outside Pakistan whose data-protection regimes may differ from Pakistan's.

SMS and WhatsApp Communication

Where you have given us your phone number at checkout, we may send you order confirmations, shipping updates and delivery coordination messages via SMS or WhatsApp. These are transactional messages tied to your order — they are not marketing. We will not send you promotional SMS or WhatsApp messages without your express opt-in.

Marketing Communications and Unsubscribe

We only send marketing communications (promotional email, newsletter, marketing SMS or marketing WhatsApp) where you have given us your express opt-in consent. You can withdraw that consent at any time, free of charge:

  • Email — use the one-click unsubscribe link in the footer of any marketing email we send you.
  • SMS — reply STOP to any marketing SMS.
  • WhatsApp — reply STOP to any marketing WhatsApp message, or block our number in WhatsApp.
  • All channels at once — email support@sukoonfit.com with "UNSUBSCRIBE" in the subject line and we will remove you from all marketing within 7 days.

Withdrawing marketing consent does not stop transactional messages (order confirmations, shipping updates, delivery coordination, refund notifications) which we send to fulfil your order.

Customer Photos and Reviews

We do not use customer photos, names or identifying details in marketing material — on social media, our website, or anywhere else — unless we have your written consent first. If you send us photos of you wearing our products, those photos remain yours and we will ask before featuring them anywhere public.

Cookies

A cookie is a small text file your browser stores when you visit a website. We use two kinds:

  • Essential cookies — needed for the site to function. They keep your cart contents, remember selected sizes, and let checkout work. These cannot be disabled because the site would not work without them.
  • Non-essential cookies — analytics and advertising cookies set by Google Analytics, Meta Pixel and FullStory. You can decline these in your browser settings or block them via ad-blockers and tracker-blockers. Declining them does not affect your ability to shop.

How Long We Keep Your Data

We keep different categories of data for different periods, balancing your privacy against our legal and operational needs:

  • Order records — kept for a minimum of six years to comply with Pakistani tax and consumer protection record-keeping rules.
  • Customer support communications — kept for up to two years after the last interaction so we can reference past issues if you contact us again.
  • Analytics and usage data — anonymised and retained for up to 26 months in Google Analytics; FullStory session data is retained for the period set by our FullStory plan.
  • Marketing subscriptions — kept until you unsubscribe or ask us to remove your details.

When the retention period ends, we either delete the data or anonymise it so it can no longer be linked back to you.

Your Rights

You have the following rights over your personal data, exercisable at any time by writing to us at support@sukoonfit.com:

  • Access — ask us for a copy of the personal data we hold about you.
  • Correction — ask us to correct anything that is wrong or out of date.
  • Deletion — ask us to delete your data, subject to retention rules we must comply with by law (for example, completed sales we must keep for tax records).
  • Withdraw consent — withdraw any consent you previously gave, for example for marketing emails or SMS, without affecting the lawfulness of earlier processing.
  • Object — object to processing that we base on legitimate interest, where you feel your rights outweigh that interest.
  • Complain — if you believe a criminal offence has occurred (for example, unauthorised access to your data), you may report it to the FIA Cybercrime Wing under the Prevention of Electronic Crimes Act 2016 (PECA). For unfair-trade-practice complaints about how your data has been used, you may file with the relevant District Consumer Court under the applicable provincial consumer protection law (Punjab Consumer Protection Act 2005, Sindh Consumer Protection Act 2014, Khyber Pakhtunkhwa Consumer Protection Act 1997, Balochistan Consumer Protection Act 2003, or Islamabad Consumer Protection Act 1995, depending on your jurisdiction).

We will respond to a verified rights request within 30 days. We may ask you to confirm your identity first so we don't disclose your data to someone else.

Children

Sukoon Fit is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@sukoonfit.com and we will delete it.

Security

We use industry-standard technical and organisational measures to keep your data safe, including HTTPS encryption across the whole site, access controls on our admin systems, and encrypted data storage with our hosting and database providers. No system is perfectly secure, but we work to keep yours protected. If a serious breach affects your data, we will notify you and the relevant authorities within 72 hours of becoming aware, where reasonably practicable, with a description of the breach, the categories and approximate number of records affected, and the steps we are taking to contain it and reduce the chance of recurrence.

Changes to This Policy

We may update this policy from time to time — for example, when we add a new service provider, launch online payments, or to reflect a change in law. When we do, we will update the "Last updated" date at the top of this page. For material changes (significant changes to how we process your data) we will notify you by email or a prominent notice on the site.

Governing Law

This policy is governed by the laws of the Islamic Republic of Pakistan. Without prejudice to your right as a consumer under the applicable provincial consumer protection law to file at any District Consumer Court of competent jurisdiction in Pakistan, the parties agree to the non-exclusive jurisdiction of the courts of Lahore, Pakistan.

Contact Us

For any privacy question, request, or complaint, please reach out:

← Back to home