Privacy Policy

Effective Date: June 18, 2025

Last Updated: June 18, 2025

1. Introduction

BuyForBaby ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

  • Use our website at buyforbaby.in (the "Website")
  • Install and use our Chrome browser extension (the "Extension")
  • Create and manage baby registries through our services
  • Interact with our customer support or marketing communications

This policy complies with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDPA) 2023, California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Information We Collect

2.1 Website Data Collection

Account Information:

  • Name, email address, phone number
  • Profile picture (optional)
  • Account preferences and settings
  • Authentication credentials (securely hashed)

Registry Information:

  • Baby due date, name (if provided)
  • Registry items, preferences, and categories
  • Shipping and delivery addresses
  • Gift purchases and tracking information

2.2 Chrome Extension Data Collection

Product Detection Data:

  • Product names, prices, images, and descriptions from websites you visit
  • Website URLs where products are detected (only e-commerce sites)
  • Product categories and specifications
  • Note: We only collect this data when you actively use the extension to add products

Extension Usage Data:

  • Extension activation and usage frequency
  • Error logs and performance metrics
  • Authentication tokens (encrypted and time-limited)
  • Important: We do NOT track your general browsing history

2.3 Automatically Collected Data

  • Device Information: Browser type, operating system, device identifiers
  • Usage Analytics: Page views, click patterns, feature usage (anonymized)
  • Technical Data: IP address, cookies, session tokens
  • Performance Data: Load times, error rates, system performance

3. How We Use Your Information

Core Services

  • Creating and managing baby registries
  • Processing gift purchases and deliveries
  • Providing customer support
  • Authenticating your account access

Product Enhancement

  • Improving product recommendations
  • Enhancing extension functionality
  • Analyzing usage patterns
  • Fixing bugs and technical issues

Communications

  • Sending registry updates and notifications
  • Product updates and feature announcements
  • Security alerts and account notices
  • Marketing communications (with consent)

Legal Compliance

  • Complying with legal obligations
  • Fraud prevention and security
  • Protecting user rights and safety
  • Responding to legal requests

4. Legal Basis for Data Processing

Under GDPR and DPDPA, we process your personal data based on:

Consent: When you explicitly agree to data processing (e.g., marketing communications, optional features)
Contract Performance: To provide our registry services and fulfill your requests
Legitimate Interest: For analytics, security, and service improvement (balanced against your privacy rights)
Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do NOT sell your personal data to third parties.

We may share your information only in these limited circumstances:

Service Providers

Trusted partners who help us operate our services (hosting, payment processing, analytics)

Current providers: Supabase (database), Vercel (hosting), Stripe (payments), Google Analytics

Registry Sharing

With people you explicitly invite to view or contribute to your registry

Legal Requirements

When required by law, court order, or to protect rights and safety

Business Transfers

In case of merger, acquisition, or sale (with prior notice)

6. Data Security

We implement industry-standard security measures:

Technical Safeguards

  • SSL/TLS encryption for data transmission
  • Encrypted data storage
  • Regular security audits and updates
  • Access controls and authentication

Organizational Measures

  • Limited employee access to personal data
  • Regular security training
  • Incident response procedures
  • Data minimization practices

7. Your Privacy Rights

Under GDPR, DPDPA, and CCPA, you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Revoke consent at any time
  • Complaint: File a complaint with supervisory authorities

How to Exercise Your Rights:

Contact us at privacy@buyforbaby.in with your request. We will respond within:

  • 30 days (GDPR compliance)
  • 30 days (DPDPA compliance)
  • 45 days (CCPA compliance, extendable by 45 days if complex)

8. Data Retention

Account Data

Retained until you delete your account or request deletion, plus 30 days for backup recovery

Registry Data

Retained for the lifetime of your account, unless you specifically request deletion

Analytics Data

Anonymized usage data retained for up to 3 years for service improvement

Legal Requirements

Some data may be retained longer to comply with legal obligations (e.g., tax records, fraud prevention)

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including:

  • United States: For hosting and analytics services
  • European Union: For additional data processing and storage

We ensure adequate protection through Standard Contractual Clauses (SCCs) and adequacy decisions as recognized by relevant data protection authorities.

10. Cookies and Tracking Technologies

Essential Cookies

Required for basic website functionality, authentication, and security

Analytics Cookies

Help us understand how you use our services (Google Analytics, Amplitude)

Functional Cookies

Remember your preferences and settings

Marketing Cookies

Used for targeted advertising (only with your explicit consent)

You can manage cookie preferences through your browser settings or our cookie consent banner.

11. Chrome Extension Privacy

Important Extension Privacy Guarantees:

No General Browsing Tracking:

We do not monitor or record your general web browsing activity

Minimal Permissions:

Extension only activates on e-commerce sites when you choose to add products

Local Processing:

Product detection happens locally in your browser when possible

Secure Communication:

All data transmission is encrypted using industry-standard protocols

12. Children's Privacy

While BuyForBaby helps parents prepare for babies and children, our services are intended for use by adults (18+). We do not knowingly collect personal information from children under 16 (GDPR) or 13 (COPPA).

If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@buyforbaby.in and we will delete it promptly.

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notification for extension users

Continued use of our services after notification constitutes acceptance of the updated policy.

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries

Email: privacy@buyforbaby.in

Response Time: Within 72 hours

Data Protection Officer

Email: dpo@buyforbaby.in

For GDPR and DPDPA matters

Postal Address

BuyForBaby Privacy Team
[Your Business Address]
[City, State, ZIP]
India