Who we are
Our website address is: https://www.lionessbaby.in
PRIVACY POLICY — LIONESS BABY
Effective Date: 09.07.2026
Lioness Baby (“Company,” “we,” “us,” or “our“) operates the website [www.lionessbaby.in] (the “Site“) and related social media pages, including our Instagram profile (collectively, the “Services“). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our Site, purchase our products, or interact with us through Instagram, other social platforms, or offline touchpoints.
By accessing or using the Services, placing an order, subscribing to our newsletter, or clicking through from Instagram (or any other social platform) to our Site, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our [Terms & Conditions]. If you do not agree with any part of this Policy, you must immediately discontinue use of the Services.
1. SCOPE AND APPLICABILITY
This Policy applies to all visitors, users, customers, and prospective customers of Lioness Baby, whether accessing the Site directly, via Instagram, via paid advertisements, via search engines, or through any other referral source, regardless of the user’s location. Where a user is located in the European Economic Area, United Kingdom, California, or India, the additional jurisdiction-specific provisions in Section 14 apply in addition to, and not in substitution of, the general terms of this Policy. In the event of any conflict, the interpretation most protective of the Company’s legitimate business interests and most consistent with applicable mandatory law shall prevail.
This Policy does not apply to third-party websites, applications, or platforms (including Instagram, Meta, Google, or payment gateways) that we link to or integrate with. Your use of those platforms is governed solely by their respective privacy policies, and the Company disclaims all responsibility and liability for their data practices.
2. INFORMATION WE COLLECT
We collect information in the following categories:
2.1 Information You Provide Directly
- Full name, email address, phone number, shipping and billing address
- Account credentials (if you create an account)
- Order history, product preferences, and wishlist data
- Child’s name, age range, or size preferences (where voluntarily provided by a parent/guardian for personalization purposes — never collected directly from children)
- Payment information (processed exclusively by third-party payment processors; see Section 6)
- Correspondence, customer support requests, reviews, testimonials, and survey responses
- Any information submitted via contact forms, Instagram direct messages, comments, or WhatsApp Business chat
2.2 Information Collected Automatically
- IP address, device identifiers, browser type, operating system
- Pages visited, time spent, click patterns, referral URLs (including Instagram-to-Site referral tracking)
- Geolocation data (approximate, derived from IP)
- Cookies, pixels, and similar tracking technologies (see Section 7)
2.3 Information from Third Parties and Social Platforms
- When you click through from our Instagram profile, bio link, or Instagram/Facebook ads to our Site, Meta Platforms, Inc. may share aggregated or pseudonymized engagement and conversion data with us via the Meta Pixel/Conversions API.
- Information from payment processors, shipping/logistics partners, and marketing platforms.
- Publicly available information you post referencing our brand (e.g., tagged posts, hashtags, reviews).
2.4 No Intentional Collection from Minors
Our Services are intended for use by adults (18 years or older) purchasing on behalf of children. We do not knowingly collect personal information directly from children. If we become aware that a child has independently submitted personal information to us, we will delete it promptly. Parents/guardians who believe their child has provided us information may contact us using the details in Section 15.
3. HOW WE USE YOUR INFORMATION
We use collected information for the following purposes, each grounded in one or more lawful bases (contractual necessity, legitimate business interest, consent, or legal obligation, as applicable):
- Processing, fulfilling, and delivering orders, including payment verification and fraud prevention
- Creating and managing customer accounts
- Providing customer support and responding to inquiries
- Sending transactional communications (order confirmations, shipping updates, policy changes)
- Sending marketing communications, promotions, and product recommendations, including retargeting ads on Instagram/Meta and other platforms, where you have consented or where permitted by applicable law
- Improving the Site, product offerings, and user experience through analytics
- Detecting, investigating, and preventing fraud, abuse, security incidents, and violations of our Terms
- Complying with legal, tax, accounting, and regulatory obligations
- Enforcing our rights, including in connection with disputes, claims, or legal proceedings
- Any other purpose disclosed to you at the point of collection, or to which you separately consent
The Company reserves the sole right to determine what constitutes a legitimate business purpose under this Section, subject to applicable law.
4. MARKETING AND SOCIAL MEDIA TRAFFIC (INSTAGRAM DIVERSION)
Where our marketing strategy directs users from Instagram (organic posts, Reels, Stories, bio links, or paid ads) to our Site:
- We may use UTM parameters, referral tracking, and the Meta Pixel/Conversions API to measure the effectiveness of this traffic and attribute purchases to specific campaigns.
- Engaging with our Instagram content (likes, comments, DMs, story replies) may result in Meta sharing limited interaction data with us for advertising optimization, subject to Meta’s own privacy policy and your Instagram/Meta privacy settings.
- We are not responsible for Meta’s or Instagram’s independent data collection practices once you are on their platform. You should review Meta’s Privacy Policy separately.
- By clicking any link from our Instagram profile to our Site, you consent to the tracking practices described in this Section and Section 7, to the fullest extent permitted by applicable law.
5. COOKIES AND TRACKING TECHNOLOGIES
We use cookies, pixels, local storage, and similar technologies for:
- Essential functions: cart persistence, checkout, security, load balancing
- Analytics: Google Analytics or equivalent, to understand traffic and behavior
- Advertising: Meta Pixel, Google Ads remarketing tags, and similar tools to serve targeted ads to past visitors, including on Instagram and Facebook
- Personalization: remembering preferences and improving browsing experience
You can control cookies through your browser settings; disabling cookies may impair Site functionality, including checkout. Where required by applicable law (e.g., GDPR/UK GDPR), we will present a cookie consent banner and honor your choices. Where not legally required, use of the Site constitutes consent to our cookie practices as described herein.
6. THIRD-PARTY SERVICE PROVIDERS AND DISCLOSURE
We share information with third parties strictly as necessary to operate our business, including:
- Payment processors (e.g., Razorpay, Stripe, PayPal, or equivalent) — we do not store full payment card details on our servers
- Shipping and logistics partners (courier companies, fulfillment centers)
- Marketing and analytics platforms (Meta/Instagram, Google, email service providers such as Mailchimp/Klaviyo)
- IT, hosting, and cloud infrastructure providers
- Professional advisors (legal, accounting, auditors)
- Government authorities, regulators, or law enforcement, where required by law, legal process, or to protect our rights, property, or safety, or that of our customers or the public
- Successors in interest, in connection with a merger, acquisition, restructuring, or sale of all or substantially all Company assets
We do not sell personal information for monetary consideration in the traditional sense. Where applicable law (e.g., CCPA) defines “sale” or “sharing” more broadly to include advertising/analytics integrations, you may exercise applicable opt-out rights as described in Section 14.
All third-party service providers are contractually obligated to use your information solely to perform services on our behalf and to maintain reasonable confidentiality and security standards. The Company’s liability for any third-party provider’s independent breach of its own obligations is limited as set forth in Section 12.
7. DATA RETENTION
We retain personal information for as long as reasonably necessary to fulfill the purposes outlined in this Policy, including:
- Order and transaction records: as required by applicable tax, accounting, and consumer protection laws (typically a minimum of [6–8] years in India under the Companies Act/GST regulations)
- Account information: until account deletion is requested, plus a reasonable period thereafter for backup and legal purposes
- Marketing data: until you opt out or withdraw consent, subject to suppression list retention to honor your opt-out
- Any information required to be retained to establish, exercise, or defend legal claims
Upon expiry of the applicable retention period, we will delete or anonymize the data in accordance with our internal data retention procedures, at our discretion and subject to technical feasibility.
8. DATA SECURITY
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction, consistent with applicable law (including, where applicable, the reasonable security practices standard under India’s IT Act, 2000 and SPDI Rules, 2011).
No method of transmission or storage is 100% secure. Notwithstanding our security measures, you acknowledge and agree that the Company cannot guarantee absolute security and shall not be liable for unauthorized access, data breaches, or loss of data resulting from circumstances beyond our reasonable control, including but not limited to cyberattacks, third-party service provider failures, or your own failure to safeguard account credentials.
9. INTERNATIONAL DATA TRANSFERS
As we serve customers both within India and internationally, your information may be transferred to, stored, and processed in India or other countries where we or our service providers operate, which may have data protection laws different from those of your home jurisdiction. By using the Services, you consent to such cross-border transfer, storage, and processing, to the fullest extent permitted by applicable law. Where required (e.g., for EEA/UK residents), we will implement appropriate safeguards such as Standard Contractual Clauses or rely on other lawful transfer mechanisms.
10. YOUR RIGHTS
Subject to applicable law and verification of your identity, you may have the right to:
- Access, correct, or update your personal information
- Request deletion of your personal information (subject to our legal retention obligations under Section 7)
- Withdraw consent for marketing communications at any time (via unsubscribe link or by contacting us)
- Object to or restrict certain processing
- Request a copy of your data in a portable format (where applicable)
- Lodge a complaint with the relevant data protection authority in your jurisdiction
Requests may be submitted via the contact details in Section 15. We reserve the right to verify your identity before actioning any request and to charge a reasonable fee or decline manifestly unfounded or excessive requests, to the extent permitted by law. We aim to respond within the timeframe required by applicable law (e.g., generally within 30 days), but reserve the right to extend this period where legally permitted.
11. DISCLAIMER OF WARRANTIES
THE SERVICES AND ALL INFORMATION PROCESSING ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE SECURITY, ACCURACY, OR RELIABILITY OF DATA PROCESSING UNDER THIS POLICY.
12. LIMITATION OF LIABILITY
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY, ITS DIRECTORS, OFFICERS, EMPLOYEES, AND AGENTS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO THIS PRIVACY POLICY OR THE PROCESSING OF YOUR PERSONAL INFORMATION, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF DATA, LOSS OF PROFITS, OR UNAUTHORIZED ACCESS, EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ALL EVENTS, THE COMPANY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS POLICY SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO THE COMPANY IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR INR 5,000, WHICHEVER IS LOWER, EXCEPT WHERE SUCH LIMITATION IS PROHIBITED BY APPLICABLE MANDATORY LAW.
13. GOVERNING LAW, JURISDICTION, AND DISPUTE RESOLUTION
This Privacy Policy shall be governed by and construed in accordance with the laws of India, without regard to conflict-of-law principles, regardless of your location or the location from which you access the Services, except where mandatory local law requires otherwise for residents of the EEA/UK/California as set out in Section 14.
Any dispute, controversy, or claim arising out of or relating to this Privacy Policy — including its interpretation, breach, termination, or validity — shall first be attempted to be resolved through good-faith negotiation. If unresolved within thirty (30) days, the dispute shall be referred to and finally resolved by binding arbitration conducted by a sole arbitrator appointed by the Company, in accordance with the Arbitration and Conciliation Act, 1996 (India). The seat, venue, and place of arbitration shall be Tirupur, Tamil Nadu, India, exclusively, and the proceedings shall be conducted in English. The arbitrator’s award shall be final and binding on both parties.
You agree that any claim must be brought in your individual capacity only, and not as a plaintiff or class member in any purported class, collective, or representative proceeding. All disputes, claims, complaints, or legal proceedings of any nature whatsoever arising out of or in connection with this Privacy Policy, the Services, or any transaction with the Company — including any matter not subject to arbitration, any application for interim relief, and any complaint filed with a consumer forum, regulatory authority, or grievance body — shall be subject to the exclusive jurisdiction of the competent courts and fora at Tirupur, Tamil Nadu, India only. No proceeding relating to this Policy or the Services may be instituted in any court, tribunal, consumer forum, or other authority located outside Tirupur. You expressly consent and submit to this exclusive jurisdiction and waive any objection to venue or jurisdiction on grounds of inconvenience, cause of action arising elsewhere, your place of residence, or otherwise.
Nothing in this Section limits any non-waivable statutory right you may have under mandatory consumer protection or data protection law in your jurisdiction of residence.
14. JURISDICTION-SPECIFIC PROVISIONS
14.1 India — Digital Personal Data Protection Act, 2023 (DPDP Act)
Where you are a Data Principal under the DPDP Act, you have the right to access information about processing, request correction/erasure of personal data, nominate a representative in case of death or incapacity, and file grievances with us (see Section 15) before escalating to the Data Protection Board of India. We process personal data based on your consent or other legitimate uses recognized under the DPDP Act.
14.2 European Economic Area / United Kingdom (GDPR/UK GDPR)
If you are located in the EEA or UK, we process your data based on one or more legal bases: consent, contractual necessity, legitimate interests, or legal obligation. You have rights to access, rectify, erase, restrict, port your data, and object to processing (including direct marketing), and to lodge a complaint with your local supervisory authority. Where we rely on your consent for marketing or non-essential cookies, you may withdraw it at any time without affecting the lawfulness of prior processing.
14.3 California (CCPA/CPRA)
California residents have the right to know what personal information is collected, request deletion, correct inaccurate information, opt out of “sale” or “sharing” of personal information (including for cross-context behavioral advertising), and not be discriminated against for exercising these rights. To submit a request, use the contact details in Section 15 or, where applicable, any “Do Not Sell or Share My Personal Information” mechanism provided on the Site.
Where this Section 14 conflicts with Sections 1–13, this Section 14 governs solely to the extent required by the specific mandatory law referenced, and only for individuals to whom that law applies. For all other users, Sections 1–13 govern in full.
15. CONTACT US / GRIEVANCE OFFICER
For any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact:
Grievance Officer / Data Protection Contact Lioness Baby
Email: cc@lionessbaby.in
Phone: +91-7397755561
We aim to acknowledge grievances promptly and resolve them within the timeframe prescribed by applicable law. As set out in Section 13, any grievance, complaint, or legal proceeding that cannot be resolved directly with the Grievance Officer shall be filed and pursued exclusively before the competent authorities and courts at Tirupur, Tamil Nadu, India.
16. CHANGES TO THIS PRIVACY POLICY
We reserve the sole and exclusive right to modify, amend, or update this Privacy Policy at any time, at our sole discretion, without prior notice, to reflect changes in our practices, technology, legal requirements, or business operations. The “Last Updated” date at the top of this Policy will reflect the most recent revision. Your continued use of the Services after any changes are posted constitutes your acceptance of the revised Policy. Where required by applicable law (e.g., material changes affecting EEA/UK/California residents, or DPDP Act consent-based processing), we will provide additional notice or seek renewed consent as legally required.
17. SEVERABILITY
If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court or arbitrator of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall continue in full force and effect, interpreted so as to best give effect to the Company’s original intent.
18. ENTIRE AGREEMENT
This Privacy Policy, together with our Terms & Conditions, Shipping Policy, and Return/Refund Policy, constitutes the entire agreement between you and the Company regarding the subject matter herein and supersedes all prior communications, whether oral or written, relating to data privacy.
This document is a template and does not constitute legal advice. Before publishing this Privacy Policy on your live website, please have it reviewed by a licensed attorney in your operating jurisdiction(s) to ensure compliance with the Digital Personal Data Protection Act 2023 (India), GDPR/UK GDPR (if serving EU/UK customers), CCPA/CPRA (if serving California customers), and any payment gateway or ad-platform compliance requirements (Razorpay/Stripe, Meta Business, Google Ads, Shopify, etc.).