Privacy policy

Privacy Policy

Last updated: February 4, 2026

Boss and Baby operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the “Services”). Boss and Baby is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Personal Information We Collect or Process

When we use the term “personal information,” we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of personal information (including inferences drawn from this personal information), depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.
  • Financial information including payment card information and transaction details (note: payment processing is handled by payment processors; we do not store full payment card numbers).
  • Account information including your username, password, security questions, preferences and settings.
  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
  • Automatically through the Services from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
  • From our service providers when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
  • From our partners or other third parties.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

  • Provide, tailor, and improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, process payments, fulfill orders, remember preferences, send account-related notifications, process purchases, returns, exchanges or other transactions, create and manage your account, arrange for shipping, facilitate returns and exchanges, enable you to post reviews, and create a customized shopping experience (including recommending products related to your purchases).
  • Marketing and advertising. We may use your personal information for marketing and promotional purposes, such as sending promotional communications (primarily by email) and showing you online advertisements for products or services on the Services or other websites, including based on your activity on the Services (e.g., items you have purchased or added to your cart).
  • Security and fraud prevention. We use your personal information to authenticate your account, provide a secure payment and shopping experience, and detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity. If you register an account, you are responsible for keeping your account credentials safe.
  • Communicating with you. We use your personal information to provide customer support, respond to you, provide effective Services, and maintain our business relationship with you.
  • Legal reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in litigation or other legal proceedings, and to enforce or investigate potential violations of our terms or policies.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors, and service providers who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide marketing services and advertise to you (including interest-based advertising). Depending on where you reside, you may have a right to direct us not to “share” information for targeted advertising (as defined by applicable law). Where available, you can exercise your opt-out rights using the link provided on the Services.
  • When you direct, request, or consent to our disclosure of certain information to third parties, such as to ship products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with legal obligations (including subpoenas, search warrants and similar requests), to enforce any applicable terms or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify, as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you.

To help protect, grow, and improve our business, we may use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify.

In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can review Shopify’s consumer privacy information and privacy portal available through Shopify.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on such sites.

Children’s Data

The Services are intended for adults. We do not knowingly collect personal information from children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with personal information, you may contact us using the contact details below to request deletion.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on factors such as whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce applicable contracts and policies.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute and may apply only in certain circumstances. In some cases, we may decline your request as permitted by law.

  • Right to access / know: request access to personal information that we hold about you.
  • Right to delete: request that we delete personal information we maintain about you.
  • Right to correct: request that we correct inaccurate personal information we maintain about you.
  • Right of portability: receive a copy of the personal information we hold about you and request that we transfer it to a third party, in certain circumstances.
  • Right to opt out of “sale” or “sharing” for targeted advertising: depending on where you reside, you may have a right to opt out of the “sale” or “sharing” of your personal information or opt out of processing for “targeted advertising,” as defined by applicable privacy laws. Where available, you can exercise these rights using the opt-out link provided on the Services.

Global Privacy Control (GPC): If you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will treat this as a request to opt out of targeted advertising for the device and browser you use. If we can associate the device sending the signal with a Shopify account, we will apply the request to the account as well. Other than GPC, we do not recognize other “Do Not Track” signals.

Managing communication preferences: We may send promotional emails. You can opt out at any time by using the unsubscribe link in our emails. If you opt out, we may still send non-promotional messages, such as order confirmations and account-related emails.

If you reside in the UK or European Economic Area, you may also have the following rights (subject to exceptions and limitations provided by local law):

  • Objection to processing and restriction of processing
  • Withdrawal of consent (where we rely on consent)

You may exercise your rights by contacting us using the contact details below. We may need to verify your identity before processing your request. You may designate an authorized agent to act on your behalf where permitted by law; we may request proof of authorization and may require you to verify your identity directly with us.

We will not discriminate against you for exercising any of these rights.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details below. Depending on where you live, you may have the right to appeal our decision or lodge a complaint with your local data protection authority.

International Transfers

Please note that we may transfer, store and process your personal information outside the country you live in. If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or the UK’s equivalent transfer mechanisms, unless the transfer is to a country deemed to provide an adequate level of protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website and update the “Last updated” date.

Contact

If you have any questions about this Privacy Policy or our privacy practices, or if you would like to exercise any rights available to you, please contact us:

Boss and Baby
Email: info@bossandbaby.com
Address: 86 Morgan Avenue, Markham, ON, L3T 1R4, Canada

For the purposes of applicable data protection laws, Boss and Baby is the data controller of your personal information.