Privacy Policy

Welcome to eInvite, a digital wedding and celebration invitation platform operated by Tony Augustine Labs (TAL), based in Kerala, India ("we," "our," or "us"). We are committed to protecting the privacy and security of all personal information you share with us.

This Privacy Policy explains how we collect, use, share, store, and protect your personal data when you visit einvit.in, create digital invitations, manage RSVP responses, or use any feature of the eInvite platform. It also describes the rights you have over your data and how you may exercise them.

Please read this Policy carefully. If you do not agree with any part of this Policy, please discontinue use of the platform immediately.

Information We Collect

We collect information from and about you in several ways, depending on how you use our platform:

1.1 Information You Provide Directly

• Account Registration: Full name, email address, phone number, and a password when you create an account.
• Wedding / Event Details: Bride and groom names, event date, venue name and address, event type (wedding, nikah, communion, etc.), photos, and any other information you voluntarily enter into your invitation.
• Guest Information: Names, email addresses, or phone numbers of guests you import or enter for RSVP purposes.
• Payment Information: When you purchase a paid plan, payment is processed by Razorpay. We do not store card numbers, CVV, or banking credentials. We receive limited transaction metadata (order ID, amount, plan purchased) to activate your subscription.
• Communications: Any messages, queries, or feedback you send to us via email or WhatsApp.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time and duration of visits, and click-through patterns within the platform.
• Device and Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language settings.
• Invitation View Analytics: When guests view your digital invitation, we record aggregate view counts, device types, and approximate geographic region (state/district level, not precise location) to provide you with analytics.
• Log Data: Server-side logs including timestamps, API request paths, and error events, retained for security and debugging purposes.

1.3 Information from Third Parties

• Payment confirmation data from Razorpay upon successful transactions.
• Delivery status data from Resend (our email service provider) when we send system emails on your behalf.

How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Creating and hosting your digital invitation page, enabling RSVP collection, WhatsApp sharing, countdown timers, photo galleries, and all platform features.
• Account Management: Creating your account, verifying your identity, enabling password reset, and managing your subscription plan.
• Payment Processing: Processing your subscription payments securely through Razorpay and sending payment confirmation emails.
• Communications: Sending you transactional emails (account verification, password reset, payment receipts, invitation analytics summaries). We do not send unsolicited marketing emails without your consent.
• Analytics and Improvements: Analysing usage patterns to improve platform performance, design, and feature set. All analytics are reviewed in aggregate; individual user data is not profiled for advertising.
• Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, spam, and fraudulent activities on the platform.
• Legal Compliance: Meeting obligations under applicable Indian laws, responding to lawful requests from government authorities, and resolving disputes.

Information Sharing and Disclosure

We share your information only in the following limited circumstances:

• Service Providers: We engage trusted third-party service providers to operate our platform, including Cloudflare (infrastructure and DNS), Razorpay (payment processing), and Resend (transactional email delivery). These providers are contractually bound to handle data only as necessary to provide services to eInvite and in compliance with applicable laws.
• Public Invitation Pages: The invitation content you create (names, event date, venue, photos) is published on a unique URL (e.g., einvit.in/w/your-slug) that is accessible to anyone who has the link. This is the core function of the platform. Please do not include sensitive personal information on your invitation page that you would not want the general public to see.
• Legal Requirements: We may disclose your information if required to do so by Indian law, regulation, court order, or a competent governmental authority, including under the Information Technology Act, 2000.
• Business Transfers: In the event of a merger, acquisition, or sale of assets involving Tony Augustine Labs, your data may be transferred to the successor entity, subject to equivalent data protection obligations.
• Protection of Rights: We may disclose information where necessary to enforce our Terms of Service, protect the safety or rights of our users, or investigate potential fraud or illegal activity.

Data Storage and Security

Your data is stored and processed using Cloudflare's global infrastructure, including Cloudflare D1 (database), Cloudflare KV (key-value store), and Cloudflare R2 (media storage). Cloudflare operates data centres across multiple regions including within Asia-Pacific.

We implement industry-standard technical and organisational security measures, including:

• HTTPS/TLS encryption for all data in transit between your browser and our servers.
• Password hashing using PBKDF2 with a per-user salt; plain-text passwords are never stored.
• JWT-based authentication with short expiry periods and secure token handling.
• Rate limiting on all authentication and sensitive API endpoints to prevent brute-force attacks.
• Strict CORS policies, Content Security Policy headers, and other HTTP security headers.
• Access controls limiting employee access to user data to only those with a legitimate operational need.

Cookies and Tracking Technologies

eInvite uses a minimal set of cookies and similar technologies to operate and improve the platform:

• Essential Cookies: Required for core platform functionality, such as maintaining your login session and preventing cross-site request forgery (CSRF). These cannot be disabled without impairing service function.
• Analytics Cookies: We may use lightweight, privacy-respecting analytics to understand how users interact with the platform. Where used, these are configured to anonymise IP addresses and not cross-reference data with advertising networks.
• Cloudflare Cookies: Cloudflare may set technical cookies (such as __cf_bm) for bot protection and performance. These are set by Cloudflare and governed by their privacy policy.

You can control cookies through your browser settings. However, disabling essential cookies will affect your ability to log in and use the platform.

Third-Party Services and Integrations

eInvite integrates with the following third-party services. Each is governed by its own privacy policy:

• Razorpay (Payment Gateway): Collects and processes payment card and banking data. Razorpay Privacy Policy.
• Cloudflare (Infrastructure): Powers our hosting, CDN, and DDoS protection. Cloudflare Privacy Policy.
• Resend (Transactional Email): Delivers account and system emails on our behalf. Resend Privacy Policy.
• Google Fonts: We load fonts from Google Fonts CDN. Google may collect limited request metadata. Google Privacy Policy.

We encourage you to review the privacy policies of these third-party services. eInvite is not responsible for the privacy practices of external parties.

Your Rights and Choices

As a user of eInvite, you have the following rights with respect to your personal data:

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may update or correct inaccurate information through your account settings or by contacting us.
• Deletion: You may request deletion of your account and associated personal data. Note that publicly shared invitation pages will be taken offline and invitation data deleted within 30 days of a verified deletion request. However, we may retain certain information where required by law or for legitimate business purposes (e.g., payment records).
• Withdrawal of Consent: Where processing is based on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing carried out prior to withdrawal.
• Opt-Out of Marketing: You may opt out of non-transactional emails by clicking the unsubscribe link in any such communication or by contacting us.
• Grievance Redressal: You have the right to raise a complaint with our designated Grievance Officer (see Section 12).

To exercise any of these rights, please contact us at tonyveedon@yahoo.com. We will respond to verifiable requests within 30 days, as required under the SPDI Rules, 2011.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by applicable law:

• Account Data: Retained for the duration of your account and for up to 2 years after account deletion, unless a longer period is required by law.
• Invitation Pages: Invitation data remains live on the platform until your plan's validity period expires or until you delete it. After expiry, invitation pages are taken offline and data is marked for deletion.
• Payment Records: Retained for a minimum of 5 years to comply with Indian financial regulations (GST, Income Tax Act).
• Server and Security Logs: Retained for up to 90 days and then permanently deleted.
• Guest RSVP Data: Linked to your invitation and deleted when you delete your account or the associated invitation.

Children's Privacy

eInvite is not directed at children under the age of 18 years. We do not knowingly collect personal data from minors. If you believe that a child under 18 has provided us with personal information without parental consent, please contact us immediately at tonyveedon@yahoo.com and we will promptly delete such information.

International Data Transfers

eInvite is built on Cloudflare's globally distributed infrastructure. Your data may be processed on Cloudflare servers located in various countries, including Singapore, the United States, and Europe, as part of Cloudflare's edge network operations. By using eInvite, you consent to the transfer of your data to these jurisdictions.

We ensure that all third-party processors we engage provide adequate safeguards for the protection of personal data in accordance with applicable laws, including through standard contractual clauses where required.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Effective Date" at the top of this page.
• Display a prominent notice on our platform or send an email notification to registered users.

Your continued use of eInvite after any such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

Grievance Officer and Contact

In accordance with the Information Technology Act, 2000 and the SPDI Rules, 2011, we have designated a Grievance Officer to address concerns regarding data privacy and misuse:

For general queries about this Policy or the eInvite platform, you may also reach us at the contact details above.