Privacy Policy

Last updated: 21 March 2026

1. Introduction

This Privacy Policy explains how [Company Name] ("we", "us", "our") collects, uses, stores, and shares personal data when you use the Maṅgalya website and services (the "Services"). The Services are a web application only for building and sharing digital invitations and related pages (for example weddings, birthdays, and other celebrations), including optional RSVP features and online payments for publishing.

Please read this Policy together with our Terms & Conditions. We aim to comply with applicable Indian law, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), where it applies to our processing. This Policy is a plain-language summary and is not legal advice.

2. Data we collect

Depending on how you use the Services, we may process:

  • Account and contact data: For example, if you sign in with Google or contact support — name, email address, and identifiers from your authentication provider.
  • Invitation and event content: Names, dates, venue or address text, photos or images you upload, messages, and other fields you enter into your invitation ("Invite").
  • RSVP and guest-related data: Responses or details guests submit through RSVP flows associated with your Invite (for example attendance, meal choices, or messages you configure the form to collect). Hosts are responsible for collecting guest data lawfully and only for legitimate event purposes.
  • Payment-related data: When you pay to publish, our payment partner (currently Razorpay) processes payments. We receive payment status and limited transaction metadata needed for billing and support — not your full card number.
  • Technical and usage data: IP address, browser and device type, general location derived from IP, pages viewed, and similar logs used to operate, secure, and improve the Services.

3. How we use your data

We use personal data to:

  • Provide, host, and improve the editor, live Invites, and RSVP tools
  • Authenticate hosts, prevent abuse, and keep accounts secure
  • Process payments and confirm publishing entitlements
  • Send service messages (e.g. support, receipts, important notices)
  • Meet legal obligations and enforce our Terms
  • Analyse aggregated or de-identified usage to improve the product

We do not sell your personal information to third parties. Marketing communications, if any, will be sent in line with applicable law and your preferences.

4. Who we share with

We use trusted service providers ("processors") who help us run the Services, for example:

  • Google Firebase / Google Cloud — authentication (e.g. Sign in with Google), database and hosting for Invites and related data
  • Razorpay — payment processing
  • Hosting and infrastructure — e.g. deployment and edge delivery of our website

We require processors to protect personal data appropriately. We may also disclose information if required by law, to protect rights and safety, or with your clear consent.

5. Storage and cross-border transfers

Your data may be stored or processed on servers located in India and/or other countries where our providers operate. Where the DPDP Act applies, we will take steps consistent with the law for any transfer of personal data outside India (such as relying on approved mechanisms or directions issued by the authorities).

6. Retention

We keep personal data only as long as needed to provide the Services, comply with law, resolve disputes, and enforce our agreements. If you delete an account or ask us to remove certain data, we will do so where required and practicable, subject to legal retention needs (for example limited billing records).

7. Security

We use appropriate technical and organisational measures (such as access controls, encryption in transit where standard for web services, and secure hosting practices) to protect personal data. No online service is completely risk-free; please use strong passwords and protect your sign-in methods.

8. Your rights and grievances (India / DPDP)

Where the DPDP Act applies, you may have rights such as access to your personal data, correction of inaccurate data, erasure or updating as permitted, and withdrawal of consent where processing was consent-based (without affecting prior lawful processing). You may also have the right to nominate someone to exercise your rights in certain circumstances, as the law provides.

To exercise rights or raise concerns, contact us at support@mangalya.in. We will respond within timelines required by applicable law where they apply. If you are not satisfied with how we handle a complaint, you may escalate to the Data Protection Board of India or other authority as prescribed under the DPDP Act when those mechanisms are available.

9. Cookies and similar technologies

We use cookies and similar technologies where needed for sign-in, preferences, security, and understanding how the site is used. You can control cookies through your browser; disabling some cookies may limit certain features.

10. Children

The Services are intended for adults organising events. We do not knowingly collect personal data from children under 18 for direct-to-child services. If you believe a child has provided us personal data, contact us and we will take appropriate steps.

11. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and change the "Last updated" date shown at the top. For material changes, we will provide notice where the law requires or where we reasonably can (for example by email or an on-site banner).

12. Contact

For privacy questions or requests, write to support@mangalya.in.