Privacy Policy

Vivah.vip Technologies Pvt. Ltd., a company incorporated in India with its registered office in Pune, Maharashtra. For DPDP purposes we are the “Data Fiduciary”. For GDPR purposes we are the “Data Controller”. Contact our Grievance Officer / DPO at dpo@vivah.vip.

• Mobile number and email (for OTP, account access, transactional notifications)
• Profile details you provide (name, DOB, gender, religion, community, caste, mother tongue, education, occupation, income, lifestyle, family info, preferences)
• Photos and biodata documents you upload
• Verification documents (Aadhaar masked, employment proof, salary slips, education certificates) — only when you opt into a verification package
• Match interactions (interest sent / received / accepted / declined, chat metadata, meeting notes by mediators)
• Payment metadata (Razorpay order/payment IDs, status, refund records — never card numbers)
• Device + technical data (IP, device fingerprint, user agent, login audit timestamps)
• Channel data if you onboard via WhatsApp or Telegram (your chat ID, opt-in timestamp)

• Contract: to run the matchmaking service you signed up for — discovery, interest exchange, mediator coordination, payment processing.
• Legitimate interest: fraud prevention, abuse detection, photo moderation, mediator oversight, AI compatibility scoring (with rule-based fallback if you opt out).
• Legal obligation: tax records, payment records (RBI), webhook audit, refund records.
• Consent: AI features, marketing emails, photo unlocks, sharing of contact details to a matched family.

We use the Anthropic Claude API to score compatibility, parse biodata uploads, detect fraud signals, and generate plain-language match explanations. The slim profile data sent to Claude excludes phone numbers, addresses, photos and family contact details. Our calls use Anthropic prompt caching and Redis-side response caching to minimise data transferred.

Claude does not store or train on this data per Anthropic's commercial terms. You can disable AI features in your account settings — we fall back to a deterministic rule-based scorer.

• Mediators assigned to your match (see metadata + profile, escort meetings).
• Other users see only the profile fields your visibility settings allow. Photos are blurred until both sides accept interest. Phone numbers are never shown without explicit consent.
• Processors: Razorpay (payments), MSG91/Twilio (SMS), Meta (WhatsApp), Telegram (chat bot), Anthropic (Claude API). Each has its own privacy policy; we have data-processing agreements with all of them.
• Government / courts when legally compelled. We publish a transparency note annually.

MySQL primary database and Redis cache are hosted on an Ubuntu VPS located in India. Backups are encrypted (AES-256) and stored off-site within India. AI calls leave the EU/India only insofar as Anthropic routes them.

• Active accounts: while your account is active.
• Deleted accounts: profile + photos purged within 30 days. Audit + payment records retained 7 years for legal/tax compliance.
• Chat transcripts (onboarding NLU): 1 year then purged.
• Voice clips in chat (between matches): 90 days after the conversation closes.
• Verification documents: kept while you hold an active verification badge; deleted within 60 days of badge revocation or account closure.

Under DPDP (India) and GDPR (EEA/UK) you can:

• Access the personal data we hold about you
• Correct inaccurate data (most fields are editable directly from /me)
• Erase your account and most data (subject to legal retention)
• Restrict or object to specific processing (e.g. AI features, marketing)
• Receive a portable copy of your profile data in JSON
• Withdraw consent at any time
• Lodge a complaint with the Data Protection Board of India or your local DPA

Email dpo@vivah.vip and we respond within 30 days.

Passwords are not used — all sign-in is OTP-based. Refresh tokens are hashed before storage. Payment card data never touches our servers (Razorpay handles it). TLS 1.2+ in transit, AES-256 at rest for backups, HSTS, Helmet headers, rate-limited endpoints, brute-force defence on OTPs, and a published vulnerability disclosure programme at security@vivah.vip.

We use a single first-party local-storage entry (vivah-auth) to keep your session. We do not run third-party analytics, advertising or social trackers. The Razorpay checkout script sets its own cookies during payment.

Vivah.vip is intended for adults legally eligible to marry in India (18+ for women, 21+ for men). We do not knowingly accept profiles below those ages and will delete any such account when discovered.

We post the “last updated” date at the top of this page. Material changes are emailed to all active users with at least 14 days' notice. The latest version is always at /privacy.