Back to Home

Privacy Policy

Last updated: February 24, 2026

This policy applies to Shagun - Digital Wedding Gifts on web and ChatGPT surfaces, including the MCP tools used by the app at /mcp. We do not sell personal data.

1. Data Categories We Collect

  • Wedding collection data: bride and groom names, wedding date, venue, collection URL slug, collection status, goal amount, wedding card URL and thumbnail.
  • Creator and couple details: creator name/email/phone/relation, couple email/phone, and hall access settings (including optional hall access code).
  • Contribution and payment data: contributor name/email/phone, gift amount, platform fee, currency, INR conversion values, exchange rate, personal blessing message, payment status, payment timestamps, Razorpay payment link IDs/URLs, Razorpay payment IDs, and payment reference IDs.
  • Group gifting data: group name/type/icon, organizer name/email/phone/relation, group goal, group blessing message, group access token, contribution counts, and group totals.
  • Refund and support data: refund request reason, notes, contributor identity fields, request status, admin notes/processing fields, and contact form submissions (name, email, subject, message).
  • Voucher tracking data: selected voucher brand/provider, voucher status, voucher code fields, issuance/delivery timestamps, and voucher notes returned by voucher providers.
  • Session and auth data: cookie-based session tokens for couple phone login and wedding hall access, plus auth identifiers from providers used by the app.

2. Purposes of Use

  • Create and manage wedding collections and public share pages.
  • Process contributions, retries, verification, and refunds.
  • Send confirmations, receipts, reminders, summaries, and support emails.
  • Enable group gifting, group dashboards, and gift certificates.
  • Issue and track vouchers for completed collections.
  • Authenticate users (including phone OTP flows) and protect hall/dashboard access.
  • Prevent abuse/fraud, debug operational issues, and meet legal obligations.

3. Data Returned by ChatGPT Tools

When MCP tools are used inside ChatGPT, tool responses can include user-related data. Depending on the tool invoked, returned fields may include:

  • Collection details (couple names, wedding date/venue, collection URL, totals, status).
  • Contribution details (contributor name, optional email, message, amounts, currency, timestamps).
  • Payment details (payment link URL, payment link ID, transaction/payment IDs, receipt fields).
  • Group details (group name/icon/type, organizer name, progress, contributor list and messages).
  • Certificate data (group members/contributor names and messages, totals, certificate metadata).
  • Refund workflow details (payment lookup status and refund request identifier/status).

4. Recipients and Third Parties

We share data only as needed to run the service:

  • Razorpay: payment link creation, payment status checks, and payment webhooks.
  • Woohoo / QwikCilver (Pine Labs): voucher issuance and voucher management flows.
  • Resend: sending transactional and support emails.
  • OpenAI: ChatGPT app interactions and MCP tool execution context.
  • Anthropic: website chat endpoint flows when the Claude chat feature is used.
  • Clerk and Firebase: user authentication and phone OTP verification flows.
  • Hosting/infrastructure providers: storage, database, and logs needed to run the app.
  • Legal disclosures: when required by law, regulation, or valid legal process.

5. Data Retention

  • Couple phone session cookie and hall access cookie are configured for up to 7 days.
  • Payment links are created with expiry up to 7 days (Razorpay).
  • Some verification tokens used in dashboard/email flows expire after 24 hours.
  • Collection, contribution, group, voucher, refund, and support records are kept as needed for operations, disputes, financial reconciliation, and legal compliance.
  • We currently do not apply a single automatic purge period to all core records. Deletion and anonymization requests are handled case-by-case.

6. User Controls

  • Request access, correction, or deletion of your data by contacting support.
  • Contributors can submit refund requests through /refund/request.
  • Group organizers can update group settings through organizer dashboard links with access tokens.
  • Couples can manage wedding hall access settings and sign out of phone sessions.
  • You can clear browser cookies to remove local session state.

7. Security Notes

  • We use signed webhook verification for payment callbacks and signed tokens for session flows.
  • Sensitive routes are access-controlled (for example, admin APIs and protected dashboards).
  • Payment card entry is handled by the payment provider; this app stores payment references and metadata, not full card data.

8. Contact Information

For privacy requests or questions, contact support@getshagun.com or use the contact form. For refund-specific issues, you can also write to refunds@getshagun.com.