Privacy Policy

Platform Name: HALYO

Website: https://halyo.in

Nature of Business: Online technology intermediary marketplace for wedding venue discovery, vendor discovery, and booking inquiry facilitation.

Principal Address: Visakhapatnam (Vizag), Andhra Pradesh, India

Email: halyobookings@gmail.com

Phone: +91 9701296658

2.1 User Registration and Account Data

• Full name
• Mobile phone number (including for OTP-based verification)
• Email address
• City and state of residence
• Profile photograph (optional)
• Account role (User / Vendor / Owner)
• Date of account creation

2.2 Wedding Planning and Event Data

• Wedding or event date preferences
• Guest count and event type
• Budget range and pricing preferences
• Wedding checklist items and completion status
• Guest list names, contact numbers, and RSVP status
• E-Invite content (names, dates, venue details, messages)

2.3 Inquiry and Booking Data

• Contact name, phone, and email submitted in inquiry forms
• Event type, event date, guest count, and budget range in inquiries
• Messages sent to Vendors through the Platform
• Booking status and associated venue/vendor details

2.4 Vendor and Business Data

• Business name, description, and service categories
• Business address, city, state, and pincode
• Contact phone number and email for business listings
• Pricing details, minimum and maximum packages
• Business portfolio images and cover photographs
• Venue capacity, type, amenities, and availability details
• GST number or business registration details (where voluntarily provided)
• Verification documents (where submitted for verified badge)
• Owner name linked to the listing

2.5 Authentication and Security Data

• OTP (One-Time Password) for phone-based authentication
• OTP generation timestamp and expiry metadata
• Magic token for secure authentication flows
• Login session identifiers and JWT tokens
• IP address at time of authentication
• Account password (stored in encrypted, hashed form via Supabase Auth)

2.6 Automatically Collected Technical Data

• IP address and approximate geographic location
• Device type, operating system, and browser version
• Pages visited, click paths, and session duration
• Referring website URLs
• Search queries and filters used on the Platform
• Recently viewed listings (venue and vendor IDs)
• Saved vendors and saved venues
• Cookie identifiers and local storage data

2.7 User-Generated Content

• Reviews and star ratings submitted for Vendors and Venues
• Review photographs uploaded alongside reviews
• Comments, feedback, and support messages

Under the DPDP Act, 2023, we process personal data on the following lawful bases:

4.1 Core Platform Services

• Creating and managing your user or vendor account
• Authenticating your identity via OTP or email/password
• Displaying vendor and venue listings to Users
• Forwarding your inquiry details to the Vendor you contact
• Processing and tracking booking requests
• Displaying and managing your saved vendors and saved venues
• Tracking your recently viewed listings for convenience

4.2 Platform Improvement and Personalization

• Personalizing listing recommendations based on city, category, and preferences
• Analyzing search and browsing behavior to improve search results
• Monitoring platform performance and fixing technical issues
• Conducting internal analytics and reporting

4.3 Safety, Security, and Fraud Prevention

• Detecting, investigating, and preventing fraudulent, abusive, or illegal activity
• Enforcing our Terms of Service and community standards
• Verifying vendor identity and listing accuracy
• Responding to legal requests, court orders, and government investigations
• Protecting the rights and safety of HALYO, its users, and third parties

4.4 Communications

• Sending transactional notifications (booking status, inquiry updates)
• Sending account-related communications (password reset, OTP)
• Sending platform updates, policy changes, and important notices
• Sending marketing communications only where you have opted in

5.1 Sharing with Vendors

When you submit an inquiry to a Vendor or Venue through HALYO, your contact information (name, phone number, email, event details) is shared with that Vendor for the purpose of responding to your inquiry. By submitting an inquiry, you explicitly consent to this disclosure.

5.2 Sharing with Technology and Service Providers

We engage trusted technology partners to operate the Platform. These include:

• Supabase, Inc. (database, authentication, and cloud infrastructure — servers may be located outside India)
• Cloud hosting and CDN providers for platform performance
• Analytics services for platform improvement
• SMS/OTP gateway providers for authentication
• Email service providers for transactional and marketing communications

All third-party processors are contractually required to process your data only as directed by HALYO and to maintain appropriate security standards.

5.3 Legal and Regulatory Disclosure

We may disclose personal data when:

• Required by applicable law, court order, or government/regulatory authority
• Necessary to investigate, prevent, or act on illegal activity or policy violations
• Necessary to protect the rights, property, or safety of HALYO, its Users, or the public
• Required in connection with legal proceedings, arbitration, or dispute resolution

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or insolvency proceeding involving HALYO, your personal data may be transferred to the successor entity. We will notify you of any such transfer via email or prominent notice on the Platform.

6.1 Types of Cookies Used

6.2 Cookie Management

You may disable non-essential cookies through your browser settings or device controls. Note that disabling strictly necessary cookies will impair or prevent access to authenticated features of the Platform. Most browsers allow cookie management via Settings > Privacy or Cookies.

6.3 Local Storage and Session Storage

We use browser local storage and session storage to persist your search preferences, city selection, and session state for a seamless user experience.

HALYO's infrastructure is powered by Supabase, Inc., whose servers may be located outside India including in the United States or European Union. By using the Platform, you acknowledge and consent to your personal data being transferred to, stored in, and processed in jurisdictions outside India.

HALYO takes reasonable steps to ensure that such transfers are governed by appropriate contractual safeguards (Standard Contractual Clauses or equivalent) and that the receiving entity maintains security standards consistent with this Policy and applicable Indian law.

We retain personal data for as long as necessary to fulfill the purposes described in this Policy:

After the applicable retention period, data is securely deleted or anonymized such that it can no longer be attributed to an individual Data Principal.

HALYO implements industry-standard technical and organizational security measures including:

• HTTPS (TLS/SSL) encryption for all data in transit
• AES-256 encryption for data at rest in the database
• Bcrypt hashing for all stored passwords (via Supabase Auth)
• Row Level Security (RLS) policies ensuring users access only their own data
• OTP-based two-factor authentication for account actions
• Role-based access control limiting platform team access to data
• Regular security audits and vulnerability assessments
• Access logging for administrative and database operations
• Automatic session expiry and JWT token rotation

In the event of a personal data breach that is likely to result in a risk to your rights, HALYO will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act, 2023.

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

To exercise any of the above rights, contact our Grievance Officer at halyobookings@gmail.com with the subject line "Data Rights Request — [Right Name]". We will respond within 30 days. We may require identity verification before processing your request.

To delete your HALYO account and associated personal data:

We do not knowingly collect, use, or store personal data from persons below the age of 18 years. If you are under 18, you must not register, create an account, or use the Platform without verifiable parental or guardian consent.

If we become aware that personal data has been collected from a child without parental consent, we will delete such data immediately. If you believe your child has provided data to HALYO, please contact halyobookings@gmail.com immediately.

Under the DPDP Act, 2023, processing of personal data of children requires verifiable parental consent and must not involve behavioral monitoring or targeted advertising directed at children. HALYO complies with these requirements.

The Platform may contain links to third-party websites, social media pages, payment portals, or external resources. These third-party services operate independently and are governed by their own privacy policies.

HALYO is not responsible for the privacy practices, content, security, or terms of any third-party website or service accessed through links on our Platform. We strongly encourage you to review the privacy policies of any third-party sites you visit.

WhatsApp share and contact features on the Platform may route you to WhatsApp's platform and are subject to WhatsApp/Meta's privacy policies.

14.1 Types of Marketing Communications

• New vendor and venue announcements in your preferred city
• Wedding planning tips, blog articles, and checklists
• Seasonal promotions and featured listings
• Platform feature updates and new tools
• Survey invitations for platform improvement

14.2 Opt-In and Opt-Out

Marketing communications are sent only where you have opted in at registration or subsequently. You may opt out at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating notification preferences in your account dashboard
• Emailing halyobookings@gmail.com with subject "Unsubscribe"

Opt-out requests are processed within 7 business days. Transactional communications (booking confirmations, OTPs, security alerts) are not affected by marketing opt-outs.

HALYO may revise this Privacy Policy from time to time to reflect changes in law, platform features, or data practices. All updates will be posted on this page with a revised Effective Date.

For material changes affecting your rights or the way we use your personal data, we will notify you via:

• Email to your registered email address (at least 14 days before the change takes effect)
• A prominent banner on the HALYO homepage
• An in-app notification upon your next login

Continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy. If you do not accept the revised Policy, you must stop using the Platform and may request account deletion.