Privacy Policy

Last updated: May 7, 2026 · DPDP Act 2023 compliant

1. Who we are

EventHub360 ("we", "us", "our") is the Data Fiduciary for personal data collected via eventhub360.duckdns.org and related mobile apps.

2. Data we collect

  • Account data: name, email, phone, password (hashed with bcrypt-12 rounds).
  • Profile data: city, state, profile image.
  • Vendor KYC: Aadhaar (masked), PAN, GST, bank details — encrypted at rest with AES-256-GCM.
  • Event data: wedding date, guest list, budget, seating (visible only to you).
  • Payment data: transaction history, payout details. Razorpay stores card details; we do not.
  • Usage data: IP, browser, session logs — for security and fraud prevention.

3. How we use your data

  • Provide, maintain, and improve the platform.
  • Match you with vendors and manage bookings.
  • Send transactional emails/SMS (booking confirmations, reminders).
  • Send marketing communications only with your explicit consent (you can opt out anytime).
  • Detect and prevent fraud.
  • Comply with legal obligations (GST, tax, court orders).

4. Data sharing

We share data only with:

  • Vendors you explicitly book or contact (name, phone, email, event details).
  • Payment partners (Razorpay) for processing transactions.
  • Communication providers (Twilio, MSG91) for SMS/WhatsApp/email delivery.
  • Law enforcement when legally required.

We do not sell your data to third parties. Ever.

5. Your rights (DPDP Act 2023)

  • Right to access: Download a copy of all your data.
  • Right to correction: Edit any inaccurate information.
  • Right to erasure: Delete your account — permanently removes your PII within 30 days.
  • Right to withdraw consent: Turn off marketing, disable data processing anytime in Settings.
  • Right to grievance redressal: Email dpo@eventhub360.in for unresolved complaints.

6. Data security

  • All passwords bcrypt-hashed (12 rounds). We never store plaintext.
  • Sensitive data (KYC docs) encrypted with AES-256-GCM at rest.
  • All traffic HTTPS with HSTS-preload.
  • PII access logged; anomalies trigger alerts.
  • Rate limiting & account lockout prevent brute-force attacks.

7. Data retention

We retain data as long as your account is active. After account deletion, we keep only legally-required records (tax invoices) for the statutory period (8 years), and immediately anonymize everything else.

8. Cookies

We use essential cookies for login sessions and a minimal set of analytics cookies. We do not use third-party advertising cookies.

9. Children

Our platform is not directed to persons under 18. We do not knowingly collect data from children.

10. Contact & DPO

Data Protection Officer: dpo@eventhub360.in

General privacy queries: privacy@eventhub360.in

Postal: EventHub360, Bengaluru, Karnataka, India