Privacy Policy

Privacy Policy

Company Name: Downtime Products LLP

Effective Date: 1 April 2026

Last Updated: 1 April 2026


By visiting our website or making a purchase, you consent to the collection and use of your personal data as described in this Policy. Please read it carefully.


1. Who We Are

Downtime Products LLP ("we," "us," or "our") is a company incorporated in India, operating an online retail store for products including games and home goods at www.moodlabs.in (the "Platform").


Under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), we are the Data Fiduciary responsible for determining the purposes and means of processing your personal data.


Our registered address is: Sapphire Plaza Dadabhai Road Kamala Nagar Vile Parle West, 402, Mumbai, MH, 400056, India.


2. Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this Policy. "Personal data" means any information that identifies or can reasonably identify you as an individual. Depending on how you interact with us, we may collect the following:

  • Identity and contact details, including your full name, email address, phone number, and shipping and billing address.

  • Payment information, including payment card details, UPI ID, net-banking tokens, and transaction reference numbers.

  • Account credentials, including your username and hashed password, if you create an account.

  • Transaction history, including items you have viewed, added to your cart or wishlist, purchased, or returned.

  • Device and usage data, including your IP address, browser type, device identifiers, pages visited, and session duration, collected automatically through cookies.


  • Communications, including messages you send us through customer support, reviews, or surveys.

We do not collect biometric data, religious beliefs, political opinions, or health information as part of our standard retail services.


3. How We Collect Your Data

We collect personal data directly from you when you register an account, place an order, contact customer support, or otherwise interact with the Platform. We also collect data automatically through cookies and similar technologies when you browse the Platform. In addition, third-party payment gateways, logistics partners, and analytics providers may share data with us in connection with your transactions. Our cookie banner gives you control over non-essential cookies.


4. How We Use Your Data

Under the DPDP Act, we process your personal data only for lawful purposes, with your consent where required, or where processing is necessary for our legitimate business functions. We use your data for the following purposes:

  • Order fulfilment and account management, including processing payments, coordinating shipping and delivery, managing returns and exchanges, sending order confirmations, and maintaining your account.

  • Customer support, including responding to queries, complaints, and return or warranty requests.

  • Marketing and personalisation, including sending promotional emails, SMS, or notifications about products and offers, only with your prior consent, which you may withdraw at any time.

  • Security and fraud prevention, including authenticating users, detecting fraudulent transactions, and ensuring the security of the Platform.

  • Legal compliance, including meeting obligations under applicable Indian law, responding to lawful requests from courts, law enforcement, or government authorities, and enforcing our Terms of Service.

  • Platform improvement, including analysing usage patterns to improve the Platform and develop new features, using aggregated or de-identified data where possible.


5. Sharing Your Personal Data

We do not sell your personal data. We may share it only in the following circumstances:

  • With service providers and data processors who perform services on our behalf, such as payment gateways, logistics companies, cloud hosting providers, and analytics platforms. These parties are bound by confidentiality obligations and may not use your data for any other purpose.

  • In connection with a business transfer such as a merger, acquisition, or sale of assets, in which case your data may be transferred to the successor entity subject to this Policy.

  • When required by law, court order, or a request from a competent government authority under applicable Indian legislation.

  • In any other circumstance, only with your explicit consent.


6. Sensitive Personal Data (SPDI)

Under the SPDI Rules, 2011, certain categories of data are classified as Sensitive Personal Data or Information ("SPDI"), including passwords and financial information. Where we collect SPDI, we store and transmit such data using industry-standard encryption, and do not share it with third parties except as necessary to process your payment or as required by law. You may review or withdraw consent at any time, subject to legal and contractual constraints.


Payment card data is processed directly by our payment gateway partners. We do not store full card numbers on our servers.


7. Cross-Border Data Transfers

Some of our service providers operate outside India. We take appropriate contractual, technical, and organisational measures to protect your data when processed abroad.


8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law, including financial records under the Companies Act, 2013, and tax records under the Income Tax Act, 1961. In general, account data is retained while your account is active and for a reasonable period thereafter; order and transaction data is retained for at least seven years; marketing data is retained until you withdraw consent or unsubscribe; and device and usage logs are typically retained for no more than six months. When data is no longer required, we delete or irreversibly anonymise it.


9. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights with respect to your personal data. You may exercise these by contacting our Grievance Officer as set out in Section 14.

  • Right to Access: You may request a summary of the personal data we hold about you and the purposes for which it is being processed.

  • Right to Correction: You may request correction of any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to applicable law.

  • Right to Withdraw Consent: You may withdraw consent to processing at any time, without affecting the lawfulness of prior processing.

  • Right to Grievance Redressal: You may lodge a grievance with our Grievance Officer. If unresolved, you may escalate to the Data Protection Board of India once it is constituted.

  • Right of Nomination: You may nominate another individual to exercise your data rights in the event of your death or incapacity.

We will acknowledge your request within 72 hours and respond substantively within 30 days. We will not discriminate against you for exercising any of these rights. We may ask you to verify your identity before processing your request.


10. Children's Privacy

The Platform is not directed at children below the age of 18 years. We do not knowingly collect personal data from minors. Under the DPDP Act, processing of children's data requires verifiable parental consent. If you believe your child has provided personal data to us without your consent, please contact our Grievance Officer immediately and we will delete such data promptly.


11. Security of Your Data

In the event of a personal data breach that is likely to cause harm to you, we will notify you and the relevant authorities as required under applicable law. While we take commercially reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and not share your account credentials.


12. Third-Party Links

Our Platform may contain links to third-party websites or services. This Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of such sites.


13. Updates to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by posting a notice on the Platform or by email, and update the "Last Updated" date at the top of this document. Your continued use of the Platform following the posting of a revised Policy constitutes your acceptance of the changes, to the extent permitted by applicable law.


14. Grievance Officer

In accordance with the Information Technology Act, 2000, the SPDI Rules, 2011, and the DPDP Act, 2023, we have designated a Grievance Officer to address any concerns or complaints regarding the processing of your personal data.

Name: Arushi Tainwala

Email: arushi@moodlabs.in

Address: Sapphire Plaza Dadabhai Road Kamala Nagar Vile Parle West, 402, Mumbai, MH, 400056, India.

Office Hours: Monday to Friday, 10:00 AM to 6:00 PM IST

Complaints will be acknowledged within 72 hours and resolved, or escalation options provided, within 30 days of receipt.

If your grievance is not resolved to your satisfaction, you may escalate to the Data Protection Board of India once it is operationally constituted, or seek any other remedies available under applicable Indian law.

This Policy is governed by and construed in accordance with the laws of India. Any disputes shall be subject to the jurisdiction of courts in ,India.