Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account or book a service, we collect:

• Personal Details: Full name, email address, phone number
• Authentication Data: If you sign up via Google OAuth, we receive your name, email, and profile picture from Google
• Account Credentials: Encrypted password (if you create an account with email/password)
• Profile Information: Any additional details you provide in your profile

1.2 Booking Information

When you book a service, we collect:

• Service Details: Type of ceremony, date, time, duration
• Location Details: Full address where service will be performed, including city, PIN code, and any specific instructions
• Special Requirements: Language preference, specific rituals, dietary restrictions, number of attendees
• Contact Information: Alternative phone numbers, emergency contacts if provided
• Booking Status: Timestamps for booking creation, pandit assignment, payment completion, service delivery

1.3 Payment Information (Two-Stage Process)

Our platform uses a two-stage payment system:

Important: We NEVER store your credit/debit card numbers, CVV, or card PINs. All payment processing is handled securely by Razorpay (PCI-DSS Level 1 certified). We only receive confirmation that payment was successful or failed.

1.4 Communication Data

We collect:

• Messages: Communications between you and our support team
• Feedback: Reviews, ratings, and comments you submit
• Support Tickets: Customer service inquiries and our responses
• Notifications: Records of emails, SMS, and WhatsApp messages sent to you

1.5 Technical Information

Automatically collected when you use our platform:

• Device Information: Device type, operating system, browser type and version
• IP Address: Your internet protocol address for security and fraud prevention
• Location Data: Approximate location based on IP address (not precise GPS)
• Usage Data: Pages visited, time spent, clicks, search queries
• Cookies: Session tokens, preferences, analytics data
• Log Data: Server logs including access times, errors, and system events

1.6 Guest Booking Information

If you book as a guest without creating an account:

• We collect the same booking and payment information as registered users
• We create a temporary booking record linked to your phone number and email
• You can access your booking via SMS/email links without logging in
• Guest bookings are retained for the same duration as registered user bookings

2. How We Use Your Information

2.1 Core Service Delivery

We use your information to:

• Process Bookings: Create, manage, and fulfill your service requests
• Pandit Assignment: Match you with suitable, verified pandits based on your requirements (language, ceremony type, location)
• Coordinate Services: Share necessary details with assigned pandits (name, phone, address, ceremony requirements)
• Payment Processing: Handle advance payment, balance payment, and refunds
• Service Reminders: Send upcoming ceremony reminders and preparation checklists

2.2 Communication

We use your contact information to:

• Booking Confirmations: Send confirmation after advance payment and full payment
• Payment Reminders: Notify you when balance payment (50%) is due within 48 hours
• Pandit Details: Share assigned pandit's contact information and profile
• Status Updates: Inform you of booking changes, cancellations, or rescheduling
• Customer Support: Respond to your inquiries, complaints, and feedback
• Transactional Messages: Send receipts, invoices, and refund confirmations

2.3 Platform Improvement

• Analytics: Understand how users interact with our platform to improve user experience
• Feature Development: Identify which services are most popular and needed
• Quality Assurance: Monitor pandit performance and service quality
• Bug Fixes: Identify and resolve technical issues
• A/B Testing: Test new features with user consent

2.4 Security and Fraud Prevention

• Account Security: Verify your identity to prevent unauthorized access
• Fraud Detection: Monitor for suspicious activity, fake bookings, or payment fraud
• Spam Prevention: Identify and block spam accounts and abusive behavior
• Dispute Resolution: Investigate conflicts between customers and pandits

2.5 Legal Compliance

• Tax Compliance: Generate GST-compliant invoices and maintain records
• Legal Obligations: Comply with Indian laws including IT Act, 2000 and Consumer Protection Act, 2019
• Law Enforcement: Respond to valid legal requests from authorities
• Regulatory Requirements: Meet payment gateway and financial regulations

2.6 Marketing (With Your Consent)

Only if you opt-in, we may:

• Promotional Emails: Send offers, discounts, and new service announcements
• SMS Marketing: Share festival-specific puja offers and reminders
• Personalized Recommendations: Suggest ceremonies based on your booking history

You can opt-out anytime: Click "unsubscribe" in any marketing email or update preferences in your account settings. Transactional messages (booking confirmations, payment reminders) cannot be opted out.

3. Data Security and Protection

3.1 Security Measures

We implement industry-standard security practices:

3.2 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Inform relevant authorities as required by law
• Describe what information was compromised
• Explain steps we're taking to address the breach
• Provide recommendations on how you can protect yourself

3.3 Your Security Responsibilities

You are responsible for:

• Keeping your password confidential and secure
• Using a strong, unique password
• Not sharing your account with others
• Logging out of shared devices
• Notifying us immediately of any unauthorized access

4. Information Sharing and Disclosure

4.1 With Pandits (Service Providers)

Pandits are contractually obligated to use your information only for providing the booked service and to maintain confidentiality. They must not use your data for marketing or share it with others.

4.2 With Third-Party Service Providers

We share limited data with trusted partners who help us operate the platform:

All third-party providers are contractually bound to protect your data and use it only for the specified purposes. They cannot sell or share your information with others.

4.3 Legal and Safety Disclosures

We may disclose your information when required by law or to protect rights and safety:

• Legal Compliance: Respond to court orders, subpoenas, or legal processes
• Law Enforcement: Cooperate with police or government authorities investigating crimes
• Safety Protection: Prevent fraud, protect against abuse, or ensure user safety
• Rights Defense: Enforce our Terms of Service or defend legal claims
• Emergency Situations: Protect immediate physical safety of users or public

4.4 Business Transfers

If RitualBookings is acquired, merged, or sold, your information may be transferred to the new owner. You will be notified via email and/or prominent notice on our platform before your data is transferred and becomes subject to a different privacy policy.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally:

• Usage statistics (e.g., "50% of bookings are for Griha Pravesh ceremonies")
• Trend analysis (e.g., "Wedding bookings peak in November-February")
• Platform performance metrics

This data is used for business analysis, marketing, and research purposes.

5. Two-Stage Payment System (Privacy Aspects)

5.1 Payment Structure

Our two-stage payment system affects data processing as follows:

5.2 Auto-Cancellation Privacy

5.3 Payment Data We Store

What we store vs. what Razorpay stores:

6. Cancellation, Refunds, and Data Retention

Detailed cancellation and refund policies are in our Cancellation Policy. Privacy-related aspects:

6.1 Data During Active Bookings

• All booking data retained while booking is active or pending
• Shared with assigned pandit until service completion or cancellation
• Accessible to you via booking page or email/SMS links

6.2 Data After Cancellation

• Before Balance Payment: Booking data retained for 90 days (refund disputes), then anonymized
• After Full Payment: Booking data retained for 1 year (tax compliance), then anonymized
• Refund Records: Kept for 7 years (financial regulations)
• Pandit Access: Removed immediately upon cancellation

6.3 Data After Service Completion

• Booking details retained for 3 years (tax and legal compliance)
• Payment records retained for 7 years (financial regulations)
• Reviews and ratings retained indefinitely (unless you request deletion)
• Personal info can be deleted upon request (see Section 9)

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our platform. They help us provide a better experience.

7.2 Types of Cookies We Use

7.3 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to block cookies or delete existing ones
• Cookie Preferences: Manage preferences in your account settings
• Do Not Track: We honor "Do Not Track" browser signals

Note: Disabling essential cookies may prevent you from using certain platform features like booking or logging in.

8. Third-Party Links and Services

Our platform may contain links to third-party websites (payment gateways, social media, partner sites). This Privacy Policy applies only to RitualBookings.

• We are not responsible for privacy practices of external websites
• Review their privacy policies before providing personal information
• Links do not imply endorsement of their privacy practices

Third-party services we integrate: Razorpay (payments), Google (OAuth), Supabase (infrastructure). Each has their own privacy policy linked in Section 4.2.

9. Your Privacy Rights and Choices

9.1 Access Your Data

You have the right to:

• View all personal information we have about you
• Download a copy of your data in a readable format
• Request: email privacy@RitualBookings.com with subject "Data Access Request"
• Response time: Within 30 days

9.2 Correct Your Data

You can:

• Update your profile information in account settings
• Correct booking details before service delivery
• Contact support to update information you cannot change yourself

9.3 Delete Your Data

You can request deletion of:

• Your account and associated personal information
• Specific bookings (after completion, subject to legal retention requirements)
• Reviews and feedback you've submitted

Limitations: We must retain certain data for legal/tax compliance (payment records for 7 years, booking data for 3 years). This data will be anonymized where possible but not fully deleted.

9.4 Opt-Out of Marketing

• Click "unsubscribe" in any marketing email
• Reply "STOP" to marketing SMS
• Update preferences in account settings
• Email: marketing-optout@RitualBookings.com

Note: You'll still receive transactional messages (booking confirmations, payment reminders) as these are essential for service delivery.

9.5 Object to Processing

You can object to:

• Use of your data for marketing purposes
• Sharing data with third parties (except essential service providers)
• Automated decision-making (if applicable)

9.6 Withdraw Consent

Where we process data based on your consent (marketing, optional cookies), you can withdraw consent at any time. This won't affect processing that occurred before withdrawal.

9.7 Data Portability

You can request a copy of your data in a machine-readable format (CSV or JSON) to transfer to another service.

9.8 How to Exercise Your Rights

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

• You must be 18+ to create an account or book services
• If you are under 18, a parent/guardian must book on your behalf
• If we discover we've collected data from a child, we'll delete it immediately
• Parents: Contact us at privacy@RitualBookings.com if you believe we have your child's data

11. Data Retention

11.1 How Long We Keep Your Data

11.2 Anonymization vs. Deletion

Anonymization: Personal identifiers removed so data cannot be linked back to you. Used for statistical analysis.

Deletion: Data completely erased from our systems (except legally required backups).

12. International Data Transfers

Your data is primarily stored on servers located in India (via Supabase). However, some third-party services (Razorpay, Google) may process data on servers outside India.

• We ensure adequate data protection through contractual agreements
• All transfers comply with Indian data protection laws
• Service providers maintain equivalent security standards

13. Changes to This Privacy Policy

13.1 How We Notify You

We may update this Privacy Policy from time to time. Material changes will be communicated via:

• Email: Sent to your registered email address
• Platform Notice: Prominent banner on homepage
• In-App Notification: Alert when you next log in
• Updated Date: "Last updated" date at top of this page

13.2 Your Acceptance

Continued use of our platform after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you must stop using the platform and may request account deletion.

13.3 Review Responsibility

We recommend reviewing this Privacy Policy periodically. Significant changes will be highlighted for your review before you continue using the platform.

14. Contact Us

For any privacy-related questions, concerns, or to exercise your rights: