Privacy Policy

Eventnet Technologies Private Limited is the Data Fiduciary as defined under the DPDP Act 2023. We determine the purpose and means of processing personal data collected through the Eventnet platform.

From Customers:

• Name, mobile number, and email address
• OTP verification metadata (timestamps, success/failure, device type)
• Event details: type, date, location, estimated guest count
• Payment method details (processed and stored by Razorpay, not by Eventnet directly)
• Browsing behaviour, search queries, and wishlist activity on the platform

From Vendors:

• Business name, category, city, and service area
• Verification documents: Gumasta, GST, MSME, PAN, FSSAI, identity proof (Aadhaar, Voter ID, Passport)
• Bank account details for payout processing
• Portfolio photographs, videos, package descriptions, and pricing
• Booking history, review history, and support records

Technical Data (all users):

• IP address, device type, browser, and operating system
• Login timestamps, session duration, and feature usage
• Cookie identifiers and similar tracking technologies

• Operating and personalising the Eventnet platform
• Verifying identity and business credentials
• Processing bookings, payments, and vendor payouts
• Sending OTPs, booking notifications, and important account communications
• Displaying vendor profiles to potential customers
• Complying with legal and regulatory obligations (TDS, GST, law enforcement requests)
• Detecting and preventing fraud, abuse, and policy violations
• Improving platform features and conducting analytics
• Marketing and promotional communications (with consent; you may opt out at any time)

We rely on your free, specific, informed, and unambiguous consent as the lawful basis for processing, as required under the DPDP Act 2023. By using the platform you provide this consent. You may withdraw consent at any time by contacting privacy@eventnet.in, noting that withdrawal may affect your ability to use the platform.

We share your data only as necessary:

• With vendors you enquire about or book — your contact details and event requirements
• With customers — vendor public profile, portfolio, and contact details
• With Razorpay for payment processing and fraud prevention
• With communication providers (SMS, email, WhatsApp) for notifications and OTPs
• With Supabase (our cloud infrastructure provider, hosted on AWS) for secure data storage
• With professional advisors (lawyers, auditors) under confidentiality obligations
• With government authorities where legally required by a court order or statutory obligation

We never sell, rent, or trade your personal data to any third party for commercial purposes.

Your data may be processed by service providers outside India. We ensure all such transfers are protected by appropriate contractual safeguards consistent with the DPDP Act 2023.

• Account and profile data: duration of active account plus 3 years after closure
• Vendor verification documents: 7 years from date of collection (statutory requirement)
• Bank account and payout records: 8 years from date of last transaction
• Booking and transaction records: 7 years (GST and income tax compliance)
• Support and dispute records: 3 years from resolution
• Technical logs: 12 months from collection

After the retention period, data is securely deleted or anonymised. You may request deletion of your account through your Settings page, subject to mandatory legal retention obligations above.

Under the DPDP Act 2023, you have the right to:

• Access: obtain a summary of personal data we hold and how it is processed
• Correction: require us to correct inaccurate or incomplete data
• Erasure: request deletion of your data, subject to legal retention obligations
• Grievance redressal: lodge a complaint with our Data Protection Officer
• Nomination: nominate a person to exercise your rights in the event of death or incapacity
• Withdraw consent: withdraw consent for any non-essential processing

To exercise any right, email privacy@eventnet.in. We respond within 15 days.

We implement industry-standard security including TLS/HTTPS encryption in transit, AES-256 encryption at rest, row-level database access controls, OTP-based authentication, private access-controlled storage for sensitive documents, and role-based staff access policies.

In the event of a personal data breach likely to affect your rights, we will notify you and the Data Protection Board of India within 72 hours of becoming aware of the breach.

We use essential cookies (authentication, sessions — cannot be disabled), functional cookies (preferences), and analytics cookies (platform performance). We do not use third-party advertising cookies. You may manage non-essential cookies through your browser settings.

Eventnet is not directed at persons under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact privacy@eventnet.in immediately.

Data Protection Officer
Eventnet Technologies Private Limited
Email: privacy@eventnet.in
Address: [Registered Office Address], India
Response: Acknowledgement within 24 hours, resolution within 15 days

If unsatisfied with our resolution, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act 2023.