1. Introduction
Hababy (www.hababy.co.in), operated by M/s Vardhman One ("Hababy", "we", "us", "our"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, how we share it, and the rights you have over your data under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 and rules thereunder.
By using our website or placing an order, you consent to the practices described in this Policy.
2. Data We Collect
Information you provide directly
- Name, email address, phone number and shipping/billing address (at checkout, signup or contact)
- Order details and product preferences
- Communications you send to customer support (email, WhatsApp, contact form)
- Reviews, ratings and any content you submit on our site
Information collected automatically
- Device, browser, operating system and IP address
- Pages viewed, referring URL, time on page and clickstream data
- Cookies and similar tracking identifiers (see Section 6)
Payment information
Card numbers, UPI IDs and bank details are entered directly on the secure payment pages of our PCI-DSS compliant payment gateways (Razorpay / Cashfree). Hababy does not store your full card or banking credentials on our servers.
3. How & Why We Use Your Data
- To process, fulfil and deliver your orders
- To send order confirmations, shipping updates and delivery notifications via email, SMS and WhatsApp
- To provide customer support and respond to your queries
- To process refunds, returns, replacements and warranty claims
- To detect and prevent fraud, abuse or unauthorised activity
- To send marketing communications about new products and offers (only with your consent — you can opt out anytime)
- To improve our website, products and services through analytics
- To comply with our legal, tax and regulatory obligations in India
4. Legal Basis — Consent
Under the DPDP Act, 2023 we process your personal data on the basis of your free, specific, informed and unambiguous consent, given by an affirmative action (placing an order, creating an account, or submitting a form). For certain limited purposes (such as responding to a medical emergency, complying with a court order, or fulfilling a legal obligation), we may process data without consent as permitted under the Act.
5. Sharing & Third-Party Processors
We do not sell or rent your personal data. We share data only with trusted service providers ("Data Processors") who help us run our business, under contractual obligations to safeguard your data:
- Payment gateways: Razorpay, Cashfree (for processing payments)
- Shipping & logistics partners: Shipmozo and our courier partners (Delhivery, Blue Dart, Xpressbees, etc.) for order fulfilment
- Email & messaging: Brevo (transactional email) and WhatsApp Business API for order updates
- Analytics: Google Analytics, Meta Pixel for aggregated website usage and ad performance
- Hosting & infrastructure: Netlify (static hosting) and Supabase (backend, database)
- Government / law enforcement: when required by valid legal process or under applicable Indian law
6. Cookies & Tracking
We use cookies and similar technologies to keep you signed in, remember your cart, measure traffic and personalise content. Categories used:
- Strictly necessary: session, cart, login (cannot be disabled)
- Analytics: Google Analytics — aggregated, anonymised usage data
- Marketing: Meta Pixel and Google Ads conversion tracking
You can disable cookies in your browser settings, but parts of the site (cart, checkout, login) may not function correctly without them.
7. Data Retention
- Order and invoice records: 8 years (as required under Indian tax / GST law)
- Account data: until you request deletion or your account is inactive for 36 months
- Marketing consent: until you unsubscribe
- Customer support communications: 24 months
- Website analytics (anonymised): 26 months
After the retention period ends, your data is securely deleted or anonymised, except where longer retention is required by law.
8. Data Security
We implement reasonable security practices and procedures aligned with ISO 27001 principles, including:
- HTTPS / TLS encryption across our entire site
- Encryption-at-rest for our databases
- Role-based access controls and audit logs for our admin systems
- PCI-DSS compliant payment processing — we never store your full card details
- Regular backups and incident response procedures
In the event of a personal data breach that is likely to result in risk to your rights, we will notify the Data Protection Board of India and affected users without undue delay, as required under the DPDP Act.
9. Your Rights Under the DPDP Act
As a Data Principal, you have the following rights over your personal data:
- Right to access: request a summary of personal data we hold about you and how it is being processed
- Right to correction & erasure: ask us to correct inaccurate data or delete data we no longer need
- Right to grievance redressal: raise a complaint with our Grievance Officer (see Section 11)
- Right to nominate: nominate another individual to exercise your rights in case of death or incapacity
- Right to withdraw consent: withdraw consent at any time, with effect from the date of withdrawal
To exercise any of these rights, email customercare@hababy.co.in with the subject "DPDP Request — [your request type]". We will respond within 30 days.
10. Children's Data
Our products are designed for use with infants and children, but our website and accounts are intended for use by adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Grievance Officer & Contact
In accordance with the DPDP Act, 2023 and Rule 3(11) of the Information Technology (Intermediaries Guidelines) Rules, 2011, the contact details of our Grievance Officer are:
- Name: Grievance Officer, Hababy
- Email: customercare@hababy.co.in
- Address: M/s Vardhman One, 130 Malviya Nagar, Radha Vallabh Complex, Bhopal, Madhya Pradesh — 462016, India
- Hours: Mon–Sat, 10:00 AM — 6:00 PM IST
We acknowledge complaints within 24 hours and resolve them within 30 days. If you are not satisfied with our response, you may approach the Data Protection Board of India.
This Privacy Policy may be updated from time to time. Material changes will be notified on this page with a revised "Last updated" date.