Privacy Policy

Effective Date: December 11, 2025

Mellow Muffin (“we”, “us”, or “our”) is a baby clothing brand based in Surat, Gujarat, India. We operate exclusively in India through our Shopify-powered website (the “Site”). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use and share it, and the measures we take to keep it secure. By using our Site, you agree to the terms of this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

1. Personal Information We Collect

We only collect personal information that is necessary to provide our services to you. This includes:

  • Identity and Contact Details: Your name, email address, phone number, and shipping/billing address (for order processing and delivery).

  • Payment Information: Payment details such as credit/debit card information or UPI details when you make a purchase. Note: Payments are handled via Shopify’s secure checkout and our payment gateway (Cashfree), so we do not store your full card details on our servers. Card data is transmitted securely to Cashfree in compliance with Payment Card Industry Data Security Standards (PCI-DSS).

  • Order Details: Information about the products you purchase, order dates, and transaction amounts (to fulfill your order and for our records).

  • Automatically Collected Data: When you visit our Site, Shopify may automatically collect certain technical information – for example, your IP address, browser type, device information, and browsing actions on the site. This data helps us understand user experience and improve our services. This information is generally not directly tied to your identity.

We do not knowingly collect any information from children under the age of 18. If you are under 18, please do not submit any personal data on our Site. (See Children’s Privacy below for more details.)

2. How We Use Your Information

We use your personal information for the following purposes:

  • To Process and Fulfill Orders: We use your name and address to ship your orders, and your email/phone to send order confirmations, invoices, shipping updates, and to contact you about any issues with your order.

  • Payment Processing: We use your payment information to process transactions for your purchases via our secure payment provider (Cashfree). Your card or payment details are used only for transaction authorization and are handled securely (see Payment Processing & Security below).

  • Customer Service: We may use your contact details to communicate with you in response to your inquiries, to provide support, or to notify you about any important changes (e.g. updates about your order or this Privacy Policy).

  • Marketing (Opt-in Only): If you explicitly subscribe to our newsletter or marketing communications, we will use your email to send you product news, offers, or promotions. You can opt out at any time by clicking the “unsubscribe” link in our emails or contacting us directly. We will not send you marketing communications without your consent.

  • Site Improvement and Analytics: We analyze information about how visitors use our Site (pages viewed, time spent, etc.) to improve our website design, products, and services. This may involve using Shopify’s built-in analytics tools to gather insights (e.g. total site visits, sales reports) while not using any external analytics platforms at present.

  • Legal Compliance and Protection: We may use or retain your data as needed to comply with Indian laws (for tax, accounting, and other legal requirements) and to enforce our terms and conditions. For example, we might use information to prevent fraud, resolve disputes, or address legal claims.

We ensure that we collect and use only the minimum amount of personal data necessary for these purposes, in line with the principle of data minimization. We will not use your personal information for any purpose that is incompatible with the purposes outlined above without obtaining your consent.

3. Payment Processing & Security

All payments on our Site are processed through Cashfree, a reputable Indian payment gateway. When you enter your card or banking information at checkout, that data is transmitted directly to Cashfree’s secure payment processing system. Mellow Muffin does not store or have direct access to your complete payment card details – this information is handled by Cashfree on our behalf. Cashfree is PCI-DSS compliant and follows strict security protocols, meaning your card data is encrypted and protected during transactions.

For Cash on Delivery (if offered) or other payment methods, we still collect the necessary data to process the order (e.g. confirm payment receipt or refund if needed), but no card data is involved in those cases.

Please Note: By making a purchase, you are also subject to Cashfree’s terms and privacy practices. We recommend reviewing Cashfree’s Privacy Policy for details on how they handle your payment data. However, we have ensured that Cashfree, as our payment partner, meets high security standards (including PCI DSS Level 1 compliance) to keep your information safe.

4. Cookies and Analytics

Like most e-commerce websites, our Site uses cookies and similar technologies to provide and improve our services:

  • Functional Cookies: Shopify (our website platform) uses cookies that are essential for the Site’s operation – for example, to keep you logged in during your session, remember items in your shopping cart, and manage the checkout process. These cookies are typically session-based and expire after a limited time (Shopify’s login session cookies, for instance, expire after about 24 hours for security). Without these cookies, core features of the site may not work properly.

  • Analytics Cookies: We currently rely on Shopify’s built-in analytics to understand how users navigate our Site (e.g. which pages are most visited, overall traffic patterns). This helps us improve user experience and product offerings. No third-party analytics tools (such as Google Analytics or Facebook Pixel) are presently integrated on our Site. This means we are not sharing browsing data with external analytics services at this time.

  • Preference Cookies: In some cases, cookies may store your preferences (like language or location selection if applicable) to personalize your experience.

  • Future Use of Cookies/Analytics: If we decide to implement additional analytics services or non-essential cookies in the future, we will update this Privacy Policy and, if required by law, seek your consent. For example, should we start using a third-party analytics or advertising cookie, we will provide appropriate notice (such as a cookie banner) and opt-in mechanisms in line with legal requirements.

Your Choices: By using our Site, you consent to the placement of cookies as described. You can control or delete cookies through your browser settings. Most browsers allow you to block cookies or alert you before accepting them. However, please be aware that if you disable cookies, some features of our Site (like maintaining your login or cart items) may not function correctly. We do not currently respond to “Do Not Track” signals, but we limit our use of cookies to the purposes stated above.

5. Data Sharing and Disclosure

We treat your personal information with care and confidentiality. We do not sell or rent your personal data to third parties for their marketing purposes. We share your information only in the following circumstances:

  • Shopify (Website Host): Our online store is built on the Shopify platform. Shopify hosts our website and stores data on our behalf. Therefore, information like your personal details and order information are saved on Shopify’s secure servers. Shopify is a trusted e-commerce provider and is Level 1 PCI DSS compliant, which extends to all stores on its platform. Shopify will only access your data as needed to host our Site and enable functionalities (e.g. processing orders, displaying products). You can read more about Shopify’s data practices in the Shopify Privacy Policy.

  • Payment Gateway (Cashfree): As described, we share relevant information with Cashfree to process your payments (e.g. order amount, your name, and card/bank details which you enter on the payment form). Cashfree secures this information and uses it solely for payment processing and compliance (such as fraud checks). Cashfree may also store transaction records as required for accounting and legal purposes. They are a regulated Payment Aggregator and follow stringent data security standards.

  • Courier and Shipping Partners: We will share your necessary contact information (name, delivery address, and phone number) with our trusted courier or delivery partners to ship your orders to you. These partners are only given the information required to deliver the product and are not permitted to use it for other purposes.

  • Service Providers: In addition to Shopify and Cashfree, we may engage other third-party service providers to help us run our business. For example, this could include: an email service to send newsletters or order notifications, a customer support platform, or an IT backup service. In all cases, these providers would only access your data under our instructions and for the specific purposes we’ve hired them for. We require that they protect your data to standards comparable to ours and keep it confidential.

  • Legal Requirements: We may disclose personal information if required to do so by law or in response to valid requests by public authorities. For instance, if we receive a lawful request (such as a court order or a government demand under applicable law) or need to comply with the Information Technology Act or other regulations, we will share data as necessary. We may also disclose information when we believe it’s necessary to prevent fraud or other illegal activity, to enforce our Terms of Service, or to protect the rights, property, or safety of Mellow Muffin, our customers, or others. This includes exchanging information with law enforcement or other companies for fraud prevention and credit risk reduction, as permitted by law.

  • Business Transfers: If Mellow Muffin undergoes a business transaction such as a merger, acquisition, or sale of assets, your personal information may be transferred to the successor or new owner as part of that transaction. If such a transfer occurs, we will ensure that your information remains protected by this Privacy Policy (unless you are notified otherwise and consent to a new policy).

  • With Your Consent: Apart from the cases listed above, we will seek your consent if we ever need to share your information for any other purpose. You will have the choice to allow or refuse such sharing.

In all cases of data sharing, we strive to minimize the data shared and ensure that the third party has a legitimate need for it. We also enter into appropriate data protection agreements with third-party processors wherever feasible, to safeguard your information. Rest assured, except as described above, we will not disclose your personal data to any third party without your explicit consent.

6. Children’s Privacy

Mellow Muffin is concerned about protecting the privacy of children. Our products are intended for purchase by adults (typically parents or guardians), and our Site is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children under 18. In fact, under India’s data protection laws, processing of data of minors (under 18) requires consent of their parent or guardian. As a matter of policy:

  • If you are under 18, please do not submit any personal information on our Site. You may browse our catalog, but you should ask a parent or guardian to assist with any purchases.

  • If we discover that we have inadvertently collected personal data from a child under 18, we will promptly delete such information from our records. For example, if a child places an order or signs up with a falsified age, once we verify the person is a minor, we will cancel the order (with refund if applicable) and remove their data.

  • If you are a parent or guardian and believe that your child under 18 has provided personal information to us without your consent, please contact us immediately (see Contact Us at the end of this policy). We will take swift action to remove the data and resolve the issue.

By using our Site, you represent that you are at least 18 years old or are using the Site under the supervision of a parent/guardian. We reserve the right to take steps to verify the age of our users if needed and to block users who are known to be underage.