weddingkart
Try Free

Privacy Policy

Last updated: 21 April 2026 (DPDP-aware revision)

1. Who We Are

Weddingkart ("we," "us," or "our") operates the website www.weddingkart.co, the Weddingkart mobile apps (iOS and Android), and the Weddingkart web app at app.weddingkart.co (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Information you provide

  • Account information: name, email address, phone number
  • Wedding details: event dates, venue information, guest lists
  • Guest data: names, phone numbers, RSVP responses, travel details uploaded by event managers
  • Payment information: processed securely through third-party payment providers
  • Communications: messages sent through the platform, support requests

Information collected automatically

  • Device and browser information
  • IP address and approximate location
  • Usage data: pages visited, features used, time spent
  • Cookies and similar tracking technologies

3. How We Use Your Information

  • To provide and maintain the Service
  • To send WhatsApp messages on behalf of event managers to their guests
  • To process RSVPs, travel tickets, and ID card collections
  • To improve our platform and develop new features
  • To communicate with you about your account and the Service
  • To comply with legal obligations

4. WhatsApp Messaging

Weddingkart sends WhatsApp messages to wedding guests on behalf of event managers using the WhatsApp Business API, operated by Meta Platforms, Inc. Messages are only sent to guests whose contact information has been provided by the event manager. We do not sell or share guest phone numbers with third parties for marketing purposes. As Meta operates the WhatsApp Business API outside India, message delivery involves international transfer of guest contact information — see Section 11 (International Data Transfers).

5. Google Drive Integration (Optional)

Effective: 21 April 2026

Weddingkart offers an optional integration with Google Drive that lets hosts save guest candid photos to their personal Google Drive. When you connect Google Drive:

  • What we access: We use Google's drive.file OAuth scope, which restricts our access to only files and folders Weddingkart creates in your Drive. We cannot see, download, or modify any other files in your Drive — including documents, photos, or folders you created yourself or that other apps created.
  • What we upload: Only the guest candid photos and videos sent to your wedding's chat number. We do not upload ID cards, travel tickets, or other operational documents.
  • Where files are owned: Files uploaded by Weddingkart are owned by you, in your Google Drive, and count against your Google storage quota. You can delete, move, rename, or share them at any time without involving Weddingkart.
  • What we store on our side: We store an encrypted Google refresh token so we can upload to your Drive on your behalf. This token is encrypted at rest and never exposed in any API response. You can revoke this access at any time by:
    • Tapping "Disconnect Google Drive" in the Weddingkart app, or
    • Visiting Google Account → Security → Third-party apps and removing Weddingkart
  • Data deletion: When you disconnect, we immediately delete the encrypted refresh token from our servers. Files we previously uploaded to your Drive remain in your Drive (they are yours) — you can delete them yourself if desired.
  • Use of Google user data: Weddingkart's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Sharing

We do not sell your personal data. We may share information with:

  • Service providers who help us operate the platform (hosting, analytics, messaging)
  • WhatsApp/Meta for message delivery
  • Google, when you connect Google Drive — limited to uploading guest candid photos to your own Drive under the drive.file scope (see Section 5)
  • Payment processors for transaction handling
  • Law enforcement when required by law

7. Data Security

We use industry-standard security measures to protect your data, including encryption in transit (HTTPS/TLS) and at rest. However, no method of electronic storage is 100% secure.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Wedding-specific data (guest lists, RSVPs) is retained for up to 12 months after the wedding date unless you request earlier deletion. Google OAuth refresh tokens are deleted immediately when you disconnect Google Drive.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing

10. Cookies

We use essential cookies to maintain your session and preferences. We use Vercel Web Analytics for anonymous usage statistics. No third-party advertising cookies are used.

11. International Data Transfers

Weddingkart is based in India and primarily stores data on servers in the Asia-Pacific region. Some of our service providers process data outside India:

  • Meta Platforms (WhatsApp Business API): guest phone numbers and message content are processed on Meta's infrastructure, primarily in the United States, for the purpose of WhatsApp message delivery.
  • Google (when you connect Google Drive): photos uploaded to your Drive are stored by Google on infrastructure that may be located outside India, in accordance with your Google Account's region settings.
  • Vercel and other hosting / analytics providers: may process anonymous usage data on infrastructure outside India.

These transfers are made for the limited purpose of providing the Service. We rely on contractual safeguards (including the providers' standard data processing terms) to protect personal data during transfer.

12. Compliance with Indian Data Protection Law

Weddingkart operates in accordance with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act). For the purposes of the DPDP Act, Weddingkart acts as a Data Fiduciary in respect of personal data we collect directly from users (Data Principals), and as a Data Processor when handling guest data uploaded by event managers on behalf of those event managers.

As a Data Principal, you have the right to access, correct, erase, and grieve in respect of your personal data, as set out in Section 9 above. To exercise any of these rights, email contact@weddingkart.co with the subject line beginning "Privacy:" so we can route it correctly. We will respond within 30 days.

13. Grievance Officer

In accordance with the DPDP Act and the Information Technology Rules, 2011, the contact details of the Grievance Officer are:

  • Email: contact@weddingkart.co (subject line: "Grievance:")
  • Response time: within 30 days of receipt of complaint

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date.

15. Contact Us

For any questions about this Privacy Policy or about Weddingkart, contact us at contact@weddingkart.co or visit our contact page.