Privacy policy

Effective Date: 01/02/2026
Last Updated: 01/02/2026

This Privacy Policy describes how Too Much (“we”, “us”, “our” or “the Company”) collects, uses, discloses, and protects your personal information when you visit or make a purchase on our website, mobile application, or related services (collectively, the “Services”). This Privacy Policy also explains your rights with respect to your personal data and how you can exercise them.

 

Acceptance of This Privacy Policy

By accessing, browsing, or using this website, mobile application, or any related services in any manner whatsoever, you acknowledge that you have read, understood, and agree to be legally bound by the terms of this Privacy Policy.

Your continued use of our Services constitutes your unconditional acceptance of the collection, use, processing, disclosure, and storage of your personal data in accordance with this Privacy Policy and applicable laws.

If you do not agree with any part of this Privacy Policy, you must immediately discontinue use of the website and Services and refrain from accessing them further. Continued access or use shall be deemed as your consent and acceptance of this Privacy Policy in its entirety.

 

Who We Are & Scope

Too Much is a cosmetics brand based in India offering beauty products online both online and offline.

This policy applies to:

  • Users in India (under Indian privacy laws).
  • Users in other countries (e.g., EU residents — GDPR) where the relevant legal protections apply. 

 

Information We Collect

We collect personal data that you voluntarily provide when you:

  • Create an account or profile.
  • Place an order.
  • Subscribe to newsletters.
  • Contact customer support.

Types of personal data collected includes, but is not limited to:

Contact Information: name, email address, postal address, phone number.
Account Credentials: username, password.
Transactional Data: order history, payment method data (card details processed by third-party gateway), billing and shipping data.
Technical Data: IP addresses, device information, cookies, and online identifiers.
Marketing Data: preferences on promotional communications.

Sensitive personal data (e.g., biometric, health, or precise location) is only collected if explicitly provided for specific purposes and with your consent. 

 

Legal Basis & Consent

Indian Law (Digital Personal Data Protection Act & IT Act)

Under Indian law, we only collect, share, or process personal data with your explicit consent and for lawful purposes (providing products/services, customer support, marketing with consent, legal compliance etc.). You can withdraw consent at any time. 

GDPR (EU)

If you are an EU resident, we process your data on lawful grounds such as consent, necessary contractual performance, legal compliance, or our legitimate interests (e.g., fraud prevention). You have rights such as access, correction, deletion, and portability. 

 

How We Use Your Information

We use your data to:

  • Fulfill orders and deliver products.
  • Manage accounts and customer service.
  • Send transactional messages and promotions (with consent).
  • Improve services and customize your experience.
  • Protect against fraud and comply with legal requirements.

We retain personal data only as long as necessary for the purpose it was collected or as required under applicable law. 

 

Disclosure of Information

We may share personal data in the following circumstances:

  • Service providers (e.g., payment processors, logistics partners).
  • Legal obligations (law enforcement, government requests).
  • Business transfers (mergers, acquisitions).
  • For compliance with data protection laws and enforcement of terms.

Cross-border transfer of personal data may occur if necessary for processing or fulfilling your orders, subject to appropriate safeguards required under law. 

 

Cookies and Tracking Technologies

We and our partners use cookies, web beacons, and similar technologies to:

  • Enhance user experience.
  • Understand how our Services are accessed and used.
  • Provide personalized ads (where consented).

You may control cookie preferences through your browser settings or the cookie banner on our site. 

 

Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, loss, or misuse consistent with recognised standards. 

 

Children’s Privacy

The Services are not intended for use by individuals under the age of 18 years. We do not knowingly collect, solicit, or process personal data from children.

If we become aware that personal data has been collected from a child without verifiable parental or guardian consent, we will take reasonable steps to promptly delete such information from our records.

Parents or legal guardians who believe that a child has provided personal data to us without consent may contact us using the details provided in this Privacy Policy so that appropriate action may be taken.

 

Third-party links and services

Our Services may contain links to, or integrations with, third-party websites, applications, services, or platforms that are not owned, operated, or controlled by Too Much. This Privacy Policy applies solely to personal data collected by us through our Services.

We do not control, endorse, or assume any responsibility for the content, privacy policies, security practices, or data-handling procedures of any third-party websites or services. Any personal information you provide to such third parties is governed by their respective privacy policies and terms, and not by this Privacy Policy.

You acknowledge and agree that Too Much shall not be liable for any loss, damage, or misuse of personal data arising from your access to or use of any third-party websites or services, including those accessed via links on our Services. We encourage you to review the privacy policies of every third-party website or service before providing any personal information.

 

Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access or request a copy of your personal data.
  • Correct or update your personal data.
  • Request deletion.
  • Withdraw consent.
  • Opt out of targeted advertising.
  • Lodge a complaint with a relevant supervisory authority. 

To exercise your rights, please contact us at the contact information below.

 

Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our practices. The “Effective Date” will be updated accordingly. 

 

Contact Information

If you have any questions about this Privacy Policy or would like to exercise your rights, please contact:

Too Much
📍 Delhi, India
✉️ toomuchcosmeticscontact@gmail.com

Sources & Legal Frameworks Used

  • Indian Digital Personal Data Protection Act (DPDP) / Rules 2025 — privacy collection, consent, breach reporting, cross-border transfer requirements. 
  • Information Technology Act, 2000 & SPDI Rules — outlines security practices and privacy obligations for personal and sensitive data in India. 
  • General Data Protection Regulation (GDPR) — international standard for privacy notices for EU residents. 
  • Legal guidance on privacy policy components per Indian and international law frameworks.