Privacy Policy

1. Interpretation and Definitions

Interpretation

The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• •Account means a unique account created for You to access our Service or parts of our Service.
• •Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
• •Application refers to Vyavastha, the software program provided by the Company.
• •Company (referred to as either "the Company", "We", "Us" or "Our") refers to Vyavastha, Purani Basti, Raipur, Chhattisgarh, India.
• •Cookies are small files placed on Your device by a website, containing details of Your browsing history among its many uses.
• •Data Principal (under the Indian DPDP Act) refers to the individual to whom the personal data relates (equivalent to "You" or "User").
• •Data Fiduciary refers to Vyavastha, which determines the purpose and means of processing personal data.
• •Device means any device that can access the Service such as a computer, a cell phone, or a digital tablet.
• •End-User (Client) refers to individuals who access or use the platform to discover, view, plan, or book event-related services.
• •Marketplace Vendor (Vendor) refers to independent third-party service providers (including but not limited to caterers, decorators, planners, and venues) who list their services on the platform to accept bookings.
• •Personal Data (or "Personal Information") is any information that relates to an identified or identifiable individual.
• •Service refers to the Application or the Website or both.
• •Service Provider means any natural or legal person who processes data on behalf of the Company, such as hosting partners, payment processors, and analytics providers.
• •Website refers to Vyavastha, accessible from https://www.vyavastha.in/
• •You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. Collecting and Using Your Personal Data

Types of Data Collected

A. End-User (Client) Personal Data

While using Our Service as a Client looking to book or plan an event, We may ask You to provide Us with certain personally identifiable information. This may include, but is not limited to:

• •Email address
• •First name and last name
• •Phone number
• •Address, State, City, ZIP/Postal code

B. Marketplace Vendor Data

If You register as a Vendor or Service Provider on our platform, we collect additional business-critical, verified operational information required for regulatory compliance, identity validation, platform onboarding, and secure financial commercial settlement:

• •Business Verification Details: Legal business name, registered trade name, business operating structure (e.g., sole proprietorship, partnership, LLC), and physical operational or office address.
• •Tax & Identity Proofs: Goods and Services Tax Identification Number (GSTIN), Permanent Account Number (PAN), corporate registration certificates, and identity verification documents of authorized business personnel.
• •Confidential Financial Details: Bank account numbers, IFSC codes, bank branch names, and account holder details necessary to disburse marketplace payouts and handle cancellation settlements.

C. Precise Location Data (Applicable to Both Clients & Vendors)

To facilitate local vendor discovery, interactive map integrations, and distance-based logistical calculations for events, we collect precise geo-location data from your Device. This information may be processed while the application is running in the foreground, or in the background depending on your device permissions. You can opt-out of location sharing at any time via your system settings.

D. Usage Data

Usage Data is collected automatically when using the Service. This includes Your Device's IP address, browser type, browser version, pages visited, time and date of visit, time spent on those pages, unique device identifiers, mobile OS, and other diagnostic metrics.

E. Information Collected While Using the Application

While using Our Application, to provide specific features, We may collect with Your prior permission:

• •Pictures and Camera Data: Images from your Device's camera and photo library. For Vendors, this includes portfolio images, past event reels, and setup designs. For Clients, this includes venue layouts or design references. This information may be securely uploaded to the Company's servers or third-party cloud infrastructure (e.g., AWS). You can toggle these permissions at any time via device settings.

3. Tracking Technologies and Cookies

We use Cookies and web beacons to track application activity, authenticate users, protect against fraudulent access, and maintain session preferences.

We use both Session Cookies (deleted when you close your browser) and Persistent Cookies (retained to remember login details or language preferences). Where required by applicable law, non-essential tracking mechanisms are deployed only after obtaining your explicit consent.

4. How We Use Your Personal Data

The Company processes your data for the following operational purposes:

• •To maintain the platform: Monitoring application health, optimizing system architecture, and ensuring server security.
• •Account Administration: Managing your registration as an End-User or Vendor, granting access to personalized profiles, vendor management dashboards, and booking consoles.
• •Contractual Execution: Processing booking reservations, managing escrow financial transactions, enforcing tiered cancellation structures, and administering marketplace refunds.
• •Communications: Contacting you via email, SMS, phone calls, or push notifications regarding system adjustments, customer support updates, transaction status, or critical security patches.
• •Marketplace Matching: Recommending nearby vendors, event services, or marketing promotional campaigns tailored to your past usage behavior.

5. Data Sharing and Marketplace Disclosures

We share information in the following specific scenarios to fulfill marketplace functions:

A. Sharing Between End-Users (Clients) and Marketplace Vendors

When an End-User requests, initiates, or locks a booking reservation for an event service, Vyavastha shares essential personal parameters (such as the customer's name, primary contact number, event date, structural requirements, and physical venue address) with the chosen third-party Vendor to ensure service fulfillment.

Important Limitation of Liability: Marketplace Vendors operate as independent Data Controllers once transaction details are passed to them. While Vyavastha contractually requires vendors to respect consumer privacy, Vyavastha is not legally liable for independent data breaches, unauthorized data retention, or out-of-platform misuse committed by independent Marketplace Vendors.

B. Sharing with Functional Service Providers

We share necessary personal variables with infrastructure providers to ensure system operations:

• •Payment gateway providers (to securely process customer payments and handle vendor payout routing).
• •Cloud hosting, server infrastructure, and mapping API engines (such as AWS and Google Maps).
• •Customer service desks, CRM platforms, and notification routers.

C. Business Transfers & Corporate Legalities

• •Corporate Transactions: If the Company participates in a merger, structural acquisition, asset sale, or joint venture, user datasets may be reallocated as part of business assets, subject to advance notice.
• •Law Enforcement Compliance: We will disclose your data if legally requested under Indian statutory mandates, judicial orders, or requests by government security agencies.

6. Security & Encryption of Confidential Data

The security of your confidential information is a core priority for Us:

• •Advanced Financial Encryption: All financial records, bank account details, routing parameters, and transaction records are securely encrypted and transmitted via HTTPS frameworks.
• •Confidential Storage Ecosystems: All highly sensitive user datasets (including Vendor PAN, GSTIN, and Bank accounts) are stored within secure cloud networks using enterprise-grade encryption standards (such as AES-256) at rest and in transit.
• •Access Restraints: Access to confidential database branches is locked behind strict role-based access controls and monitored to bar internal or external unauthorized viewing.

7. Retention and Erasure of Your Personal Data

We keep your data only as long as necessary for the explicit reasons highlighted in this document. Maximum retention boundaries are structured as follows:

• •Account Information: Maintained for the active duration of the user relationship plus up to 24 months post-closure to mitigate dispute resolutions or structural audits.
• •Customer Support Logs & Chat History: Retained for up to 24 months following ticket closure to guarantee service quality assurance and defend against potential legal claims.
• •Analytics & Server Infrastructure Logs: Retained for up to 24 months to run platform optimization analyses and verify platform security integrity.

When retention windows elapse, data is targeted for absolute deletion, system-wide cryptographic anonymization, or persistent isolation within encrypted backup archives until the backup cycles purge completely.

8. Your Statutory Rights as a Data Principal (DPDP Act)

If you are accessing our marketplace from India, you hold specific statutory entitlements governed under the Digital Personal Data Protection Act (DPDP Act):

• •Right to Information: The right to look up a summary of personal data being processed and the identities of third parties with whom data has been shared.
• •Right to Correction and Erasure: The right to update inaccurate fields, correct obsolete credentials, or invoke data erasure procedures across active user records.
• •Right to Grievance Redressal: The right to lodge immediate operational complaints regarding data processing practices with our Grievance Desk before escalating to the Data Protection Board of India.

9. Children's Privacy Framework

Our platform marketplace is strictly directed toward users aged 16 and older. We do not consciously collect personal details from minors without verified parental guidance. If we identify a violation of this rule, we will initiate immediate extraction procedures to purge that information from our storage arrays.

10. Contact Us & Grievance Redressal

If you have any questions about this Privacy Policy, your rights under the DPDP Act, or wish to register an operational complaint, you can reach out via our official communication nodes: