ASHWEB Logo

Privacy Policy

PRIVACY POLICY Last updated: 25 June 2026 Effective for: ashweb.site ("ASHWEB", "we", "us", "our") 1. Who We Are ASHWEB ("we", "us", "our") operates the website ashweb.site (the "Site"), through which we offer wedding invitation templates, custom-designed wedding invitations, and website/RSVP page building services (collectively, the "Services"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it. This Policy applies to: (a) Customers — individuals who purchase templates, commission custom designs, or use our RSVP/website builder; and (b) Guests — individuals who submit information (such as RSVP responses) through invitation pages built using our Services on behalf of a Customer. We are based in India, and we operate under India's Digital Personal Data Protection Act, 2023 ("DPDP Act") as our baseline standard. Because we also serve customers outside India, we have written the data-rights sections of this Policy to be reasonable and workable for international visitors as well, though we do not represent full compliance with any specific foreign data protection law (such as the GDPR or CCPA) unless we separately state so in writing. 2. Two Roles We Play With Your Data Because of how our Services work, we act in two different capacities depending on whose data is involved. This distinction matters for understanding your rights: - As a Data Controller (Fiduciary): for data belonging to our own Customers — e.g. your name, contact details, payment reference information, and the design files/preferences you share with us directly. We decide why and how this data is used. - As a Data Processor: for Guest RSVP data submitted through an RSVP section that a Customer has added to their invitation page. In this case, the Customer (the bride/groom/event host) controls that data; we simply store and display it at their instruction. If you are a Guest and want your RSVP data corrected or deleted, please contact the Customer (the couple/host) whose invitation you responded to, who can in turn instruct us. We will still assist directly if contacted, per Section 8. 3. Information We Collect 3.1 Information Customers Provide Directly - Name, email address, phone number, and WhatsApp/contact details (since orders and payment coordination currently happen via direct contact). - Wedding/event details needed to create your invitation or website (names, dates, venues, event schedule, photos, wording, theme preferences). - Payment-related information: at present we accept payment via UPI, coordinated manually; UPI transaction reference IDs may be shared with us for confirmation. We do not collect or store your UPI PIN, bank login credentials, or full card numbers. When we add Razorpay or similar payment gateways in future, those payments will be processed directly by the licensed payment gateway, and this Policy will be updated accordingly. - Account information, if and when we introduce login/account features (username, password — stored in encrypted/hashed form). - Communications you send us (messages, emails, support requests, feedback). 3.2 Information Collected via the RSVP / Website Builder Feature If a Customer chooses to add an RSVP section to their invitation page, we store the information that Guests submit through it on the Customer's behalf, which may include: - Guest name(s) and number of attendees - Contact details (email/phone), if the Customer's form requests them - Meal preferences, attendance confirmation, and similar event-planning responses - Any free-text message a Guest chooses to leave We only collect what the Customer configures the form to ask for. This data is used solely to display it back to the Customer for their event planning, and is not used by us for marketing or any unrelated purpose. 3.3 Information Collected Automatically - Standard technical/log data (IP address, browser type, device type, pages visited, timestamps) for security, troubleshooting, and improving the Site. - Cookies or similar technologies, if used, for basic site functionality and analytics. You can control cookies through your browser settings. 4. How We Use Your Information - To create, deliver, and customize wedding invitation templates, custom designs, and RSVP/website pages you order. - To communicate with you about your order, including confirmations, drafts, revisions, and delivery. - To process and confirm payments, including verifying UPI transaction references. - To operate the RSVP feature so Customers can view their guests' responses. - To maintain, secure, and improve the Site and our Services. - To respond to support requests, complaints, or legal obligations. - To send service-related updates (e.g. order status). We will not send marketing messages without a lawful basis or your consent, and you may opt out of non-essential communications at any time. We do not sell personal data to third parties, and we do not use Guest RSVP data for advertising. 5. Legal Basis for Processing Depending on the data and context, we process personal data on one or more of the following grounds recognised under the DPDP Act and generally accepted data protection principles: - Consent: you provide information voluntarily to use our Services (e.g. placing an order, submitting an RSVP). - Performance of a contract: processing necessary to deliver the templates, designs, or website/RSVP services you've purchased. - Legitimate interests: for basic security, fraud prevention, and improving our Services, balanced against your rights. - Legal obligation: where we must retain or disclose information to comply with applicable law. 6. Sharing of Information We do not sell or rent your personal data. We may share information only in the following circumstances: - Service providers: hosting providers, database providers, and (once integrated) payment gateways such as Razorpay, strictly to operate the Site and process payments. - Between Customer and their Guests: RSVP data submitted by Guests is shared with the Customer who owns that invitation page, since that is the entire purpose of the feature. - Legal requirements: if required to comply with a court order, law, or governmental request, or to protect our rights, users, or the public from harm or fraud. - Business transfers: if ASHWEB is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to equivalent confidentiality protections. 7. Data Storage, Security, and Retention RSVP and order data is stored in a database that we maintain and take reasonable technical and organisational measures to protect, including restricted access and secure hosting. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security. - We retain Customer order data for as long as needed to provide the Services and for a reasonable period afterward for accounting, dispute resolution, and legal compliance purposes. - We retain Guest RSVP data for the duration the Customer's invitation page remains active, plus a reasonable period after the event, unless the Customer requests earlier deletion. - You may request earlier deletion of your data at any time, subject to Section 9 (legal/operational exceptions). 8. Your Rights Subject to applicable law, you may have the right to: - Access the personal data we hold about you. - Correct inaccurate or incomplete data. - Request deletion of your data ("right to erasure"), subject to Section 9. - Withdraw consent for processing that is based on consent, without affecting processing already carried out. - Nominate another individual to exercise your rights in the event of death or incapacity (as recognised under the DPDP Act). - Lodge a grievance with us, and if unresolved, escalate to the applicable data protection authority in your jurisdiction (in India, the Data Protection Board, once operational). To exercise any of these rights, contact us using the details in Section 13. We will respond within a reasonable time and, in any event, within the time limits required by applicable law. 9. Exceptions to Deletion / Retention Requests We may retain certain data even after a deletion request where necessary to: - Comply with a legal obligation (e.g. tax, accounting, or consumer protection records). - Resolve disputes, complaints, or enforce our Terms and Conditions. - Prevent fraud or abuse of our Services. 10. Children's Data Our Services are intended for use by adults (18 years and older) for planning weddings/events. We do not knowingly collect personal data directly from minors. Where a Guest list or RSVP form includes details of minors (e.g. children attending a wedding) entered by a Customer or another adult on their behalf, that data is treated the same as other Guest data under Section 2, and is the responsibility of the Customer who configured the form. 11. International Data Transfers Since we serve customers both within India and internationally, your data may be stored or processed on servers located in a different country than where you reside. Where we transfer personal data outside India, we take reasonable steps to ensure it continues to receive an appropriate level of protection, consistent with the DPDP Act and our security practices described in Section 7. 12. Changes to This Policy We may update this Privacy Policy from time to time to reflect changes in our Services (for example, when we integrate Razorpay or add new features), legal requirements, or business practices. We will post the revised Policy on this page with an updated "Last updated" date. Continued use of our Services after changes take effect constitutes acceptance of the revised Policy. For material changes, we will make reasonable efforts to provide more prominent notice. 13. Contact Us If you have questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact us at: - Business name: ASHWEB - Website: ashweb.site - Email: ashweb.site07@gmail.com - Phone/WhatsApp: +91 7397889814