Privacy Policy

1. Information we collect

We collect only the information needed to provide our digital wedding-invitation products and services:

Information you give us

• Contact & order details — name, email address, phone/WhatsApp number, and billing details when you place an order or enquire.
• Invitation content — the event details, names, dates, venues, photos, music choices and text you provide so we can build your invite.
• Communications — messages you send us by email, WhatsApp, forms or social media.

Information collected automatically

• Usage & device data — IP address, browser type, device, pages viewed, referring URL and approximate location, collected via cookies and analytics.
• Transaction metadata — order IDs and payment status returned by our payment and store providers (we do not store full card numbers).

2. How we use your information

• To create, customise, deliver and host your digital invitation.
• To process orders, payments, and send order confirmations and updates.
• To respond to your enquiries and provide customer support.
• To operate, maintain, secure and improve the Platform.
• To send service messages and, only with your consent, occasional offers (you can opt out anytime).
• To comply with legal obligations and to prevent fraud or misuse.

3. Legal basis & consent

We process your personal data on the basis of your consent (which you give when you submit your details or place an order), to perform our contract with you (delivering your invite), and to meet our legal obligations. You may withdraw consent at any time by contacting us; this will not affect processing already carried out, and some processing may be necessary to keep providing a paid service.

4. How we share information & our processors

We do not sell your personal data. We share it only with trusted service providers (“data processors”) who help us run the Platform, under appropriate confidentiality and data-protection terms:

• Shopify — our store and checkout platform for invifest.store (order processing, hosting).
• Razorpay and other payment gateways — to securely process payments.
• Vercel — hosting and content delivery for invifest.in.
• Cloudflare — content delivery, caching and security/DDoS protection.
• Analytics providers (e.g. Vercel Analytics, and Google services where enabled) — to understand usage.
• Communication tools — email and WhatsApp, to contact you about your order.

We may also disclose information where required by law, to enforce our Terms, or to protect the rights, safety and property of Invifest, our customers or others.

5. Cookies & analytics

We use cookies and similar technologies to keep the Platform working, remember your preferences and measure traffic. You can control or delete cookies in your browser settings; disabling some cookies may affect how the Platform works. Our store on Shopify uses its own cookies as described in Shopify's policies.

6. Payments

Payments are processed by PCI-DSS-compliant third-party gateways and by Shopify Checkout. We never see or store your full card or UPI credentials — only a confirmation of payment status and an order reference. Please also review the privacy policies of the relevant payment provider at checkout.

7. Data retention

We keep your personal data only for as long as needed to provide the service, maintain your invite (you receive lifetime access to your purchased invite), comply with tax, accounting and legal requirements, and resolve disputes. When data is no longer required, we delete or anonymise it. You may ask us to delete your invite and associated personal data at any time, subject to legal record-keeping duties.

8. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you and request a copy.
• Correct or update inaccurate or incomplete data.
• Request erasure of your data where it is no longer needed.
• Withdraw consent and opt out of marketing communications.
• Nominate another person to exercise your rights in case of death or incapacity (as provided under the DPDP Act).
• Lodge a grievance with us, and escalate to the Data Protection Board of India if unresolved.

To exercise any right, contact us using the details below. We will respond within the timelines required by law.

9. How we protect your data

We use reasonable technical and organisational safeguards — including HTTPS encryption in transit, access controls, reputable hosting and payment partners, and security/DDoS protection via Cloudflare — to protect your data against unauthorised access, alteration, disclosure or destruction. No method of transmission or storage is 100% secure, but we work continually to protect your information and will notify you and the authorities of any breach as required by law.

10. Children

The Platform is intended for users aged 18 and above. We do not knowingly collect personal data from children. Where processing of a child's data is involved (for example a child featuring in event photos you provide), we rely on you, as the verifiable guardian, to have the authority to share it. If you believe a child's data has been provided without proper authority, contact us and we will delete it.

11. Storage & transfers

Some of our processors (such as Shopify, Vercel and Cloudflare) may store or process data on servers located outside India. Where data is transferred internationally, we take steps to ensure it remains protected in accordance with applicable Indian law and the contractual safeguards of those providers.

12. Grievance officer & contact

If you have any questions, requests or complaints about this Policy or your data, please contact our Grievance Officer:

We may update this Privacy Policy from time to time. The “Last updated” date above shows the latest revision, and material changes will be highlighted on this page.