Privacy Policy

1. Data Categories We Collect

• Wedding collection data: bride and groom names, wedding date, venue, collection URL slug, collection status, goal amount, wedding card URL and thumbnail.
• Creator and couple details: creator name/email/phone/relation, couple email/phone, and hall access settings (including optional hall access code).
• Contribution and payment data: contributor name/email/phone, gift amount, platform fee, currency, INR conversion values, exchange rate, personal blessing message, payment status, payment timestamps, Razorpay payment link IDs/URLs, Razorpay payment IDs, and payment reference IDs.
• Group gifting data: group name/type/icon, organizer name/email/phone/relation, group goal, group blessing message, group access token, contribution counts, and group totals.
• Refund and support data: refund request reason, notes, contributor identity fields, request status, admin notes/processing fields, and contact form submissions (name, email, subject, message).
• Voucher tracking data: selected voucher brand/provider, voucher status, voucher code fields, issuance/delivery timestamps, and voucher notes returned by voucher providers.
• Session and auth data: cookie-based session tokens for couple phone login and wedding hall access, plus auth identifiers from providers used by the app.

2. Purposes of Use

• Create and manage wedding collections and public share pages.
• Process contributions, retries, verification, and refunds.
• Send confirmations, receipts, reminders, summaries, and support emails.
• Enable group gifting, group dashboards, and gift certificates.
• Issue and track vouchers for completed collections.
• Authenticate users (including phone OTP flows) and protect hall/dashboard access.
• Prevent abuse/fraud, debug operational issues, and meet legal obligations.

3. Data Returned by ChatGPT Tools

When MCP tools are used inside ChatGPT, tool responses can include user-related data. Depending on the tool invoked, returned fields may include:

• Collection details (couple names, wedding date/venue, collection URL, totals, status).
• Contribution details (contributor name, optional email, message, amounts, currency, timestamps).
• Payment details (payment link URL, payment link ID, transaction/payment IDs, receipt fields).
• Group details (group name/icon/type, organizer name, progress, contributor list and messages).
• Certificate data (group members/contributor names and messages, totals, certificate metadata).
• Refund workflow details (payment lookup status and refund request identifier/status).

4. Recipients and Third Parties

We share data only as needed to run the service:

• Razorpay: payment link creation, payment status checks, and payment webhooks.
• Woohoo / QwikCilver (Pine Labs): voucher issuance and voucher management flows.
• Resend: sending transactional and support emails.
• OpenAI: ChatGPT app interactions and MCP tool execution context.
• Anthropic: website chat endpoint flows when the Claude chat feature is used.
• Clerk and Firebase: user authentication and phone OTP verification flows.
• Hosting/infrastructure providers: storage, database, and logs needed to run the app.
• Legal disclosures: when required by law, regulation, or valid legal process.

5. Data Retention

• Couple phone session cookie and hall access cookie are configured for up to 7 days.
• Payment links are created with expiry up to 7 days (Razorpay).
• Some verification tokens used in dashboard/email flows expire after 24 hours.
• Collection, contribution, group, voucher, refund, and support records are kept as needed for operations, disputes, financial reconciliation, and legal compliance.
• We currently do not apply a single automatic purge period to all core records. Deletion and anonymization requests are handled case-by-case.

6. User Controls

• Request access, correction, or deletion of your data by contacting support.
• Contributors can submit refund requests through /refund/request.
• Group organizers can update group settings through organizer dashboard links with access tokens.
• Couples can manage wedding hall access settings and sign out of phone sessions.
• You can clear browser cookies to remove local session state.

7. Security Notes

• We use signed webhook verification for payment callbacks and signed tokens for session flows.
• Sensitive routes are access-controlled (for example, admin APIs and protected dashboards).
• Payment card entry is handled by the payment provider; this app stores payment references and metadata, not full card data.

8. Contact Information

For privacy requests or questions, contact support@getshagun.com or use the contact form. For refund-specific issues, you can also write to refunds@getshagun.com.