Legal

Privacy Policy

Effective: April 7, 2026 · Compliant with the Digital Personal Data Protection Act, 2023 (India)

1. Data We Collect

Account data: name, email, phone number, city, and state — collected at registration.

Vendor data: business name, bio, service offerings, portfolio images, bank account details, and KYC documents (government ID). PAN numbers are encrypted at rest.

Transaction data: booking details, payment amounts, refund records, escrow state. Required for GST/TCS compliance.

Usage data: pages visited, search queries, device type, approximate location (if you grant permission). Used to improve the Platform.

Communications: WhatsApp messages, emails, and in-app notifications sent or received through the Platform.

2. How We Use Your Data

To provide and operate the marketplace: matching users with vendors, processing bookings and payments, sending booking confirmations and reminders.

Legal compliance: GST/TCS filing, TDS deduction, responding to government or court orders.

Safety and fraud prevention: identity verification, login attempt monitoring, dispute resolution.

Platform improvement: analytics on usage patterns to improve search results and user experience. We do not sell personal data to third parties.

3. Data Sharing

Vendors: When you book a vendor, your name and contact information necessary to fulfill the booking are shared with them.

Service providers: Razorpay (payments), Cloudinary (image storage), Firebase (push notifications), and email providers. All are bound by data processing agreements.

Legal authorities: We disclose data when required by law, court order, or to protect the rights and safety of users.

4. Data Retention

Active account data is retained as long as your account exists. Transaction data is retained for 7 years for tax compliance. KYC documents are retained per RBI guidelines. You may request deletion of non-compliance-related data.

5. Your Rights (DPDP Act 2023)

You have the right to: (a) access a summary of your personal data; (b) correct inaccurate data; (c) request erasure of data not required for legal compliance; (d) withdraw consent; (e) nominate a person to exercise rights on your behalf.

To exercise these rights, email privacy@elight.events. We respond within 30 days.

6. Cookies & Tracking

We use essential cookies for authentication. We use analytics cookies (e.g. Google Analytics) to understand usage. You can disable non-essential cookies in your browser settings.

7. Security

We use HTTPS, JWT authentication, encrypted database backups, and access controls. PAN numbers are encrypted at rest. Despite these measures, no system is 100% secure — please use a strong, unique password.

8. Children

Elight Events is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us immediately.

9. Changes

We will notify you of material changes via email and update the effective date above.

Data Protection Officer: privacy@elight.events