Privacy Policy

1. Introduction

At Samarohh, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform.

This policy applies to all users of Samarohh's services, including our website, mobile applications, and related services. By using our platform, you agree to the collection and use of information in accordance with this policy.

We are committed to transparency in our data practices and regularly review and update this policy to ensure compliance with applicable privacy laws and regulations.

2. Information We Collect

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: Create and manage your account, provide event management services, process RSVPs, and deliver invitations
• Payment Processing: Process subscriptions, handle billing, manage refunds, and send payment confirmations
• Communication: Send service updates, security alerts, event reminders, and respond to customer inquiries
• Personalization: Customize your experience, recommend features, and provide relevant content
• Customer Support: Assist with technical issues, provide account help, and resolve service-related problems
• Analytics and Improvement: Analyze usage patterns, improve platform performance, and develop new features
• Legal Compliance: Meet legal obligations, enforce terms of service, and protect against fraud
• Security: Monitor for security threats, prevent unauthorized access, and ensure platform integrity
• Marketing: Send promotional offers, product updates, and event-related communications (with consent)
• Research: Conduct research and analysis to improve our services and user experience

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract: To provide our services and fulfill our contractual obligations to you
• Legitimate Interest: To improve our services, ensure security, and communicate with you
• Consent: For marketing communications and non-essential data processing
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest: To protect the safety and security of our users and platform

5. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except in the following circumstances:

• Service Providers: Trusted third-party service providers who assist in operating our platform (payment processors, email services, cloud hosting, analytics)
• Legal Requirements: When required by law, court order, or government request to comply with legal obligations
• Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy proceeding
• Event Guests: Event-related information shared with invited guests as necessary for event coordination
• Consent: With your explicit consent for specific purposes
• Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
• Professional Advisors: With legal counsel, accountants, or other professional advisors

6. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Role-based access controls, multi-factor authentication, and secure password policies
• Regular Audits: Periodic security assessments, vulnerability testing, and compliance audits
• Secure Infrastructure: Cloud hosting with enterprise-grade security, firewalls, and intrusion detection
• Employee Training: Regular security awareness training for all staff members
• Incident Response: Established procedures for responding to security incidents and data breaches
• Data Minimization: Collection and retention of only necessary data for legitimate business purposes
• Regular Backups: Secure, encrypted backups with disaster recovery capabilities

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention schedule and applicable laws.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data to another service in a structured format
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent for processing that requires your consent
• Automated Decision-Making: Request human review of automated decisions affecting you

To exercise these rights, please contact us using the information provided in the Contact Us section. We will respond to your request within 30 days and may require verification of your identity.

9. Cookies and Tracking Technologies

10. Third-Party Services

Our platform integrates with various third-party services. Each service has its own privacy policy, and we encourage you to review them:

• Payment Processors: Razorpay, Stripe, and other payment providers for secure transactions
• Email Services: SendGrid, Mailgun, or similar for email delivery and analytics
• Communication Platforms: WhatsApp Business API, SMS gateways for messaging
• Analytics: Google Analytics, Mixpanel for usage insights and performance monitoring
• Cloud Services: AWS, Google Cloud, or Azure for hosting and data storage
• Customer Support: Zendesk, Intercom, or similar for help desk functionality

We are not responsible for the privacy practices of these third parties. We only share the minimum necessary information required for them to provide their services.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during international transfers, including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions by competent data protection authorities
• Binding corporate rules for intra-group transfers
• Certification schemes and codes of conduct
• Your explicit consent where required

We maintain appropriate safeguards regardless of the location where your data is processed.

12. Children's Privacy

Our services are not intended for children under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age.

If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately.

For users between 13 and 18 years old, we recommend parental guidance when using our services.

13. Data Breach Notification

In the event of a data breach that poses a risk to your personal information, we will notify affected users and relevant authorities in accordance with applicable laws. Our breach notification procedures include:

• Immediate assessment of the breach's scope and impact
• Notification to affected individuals within 72 hours when legally required
• Communication through multiple channels (email, platform notifications)
• Guidance on protective measures you can take
• Reporting to data protection authorities as required

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending email notifications to registered users
• Displaying prominent notices within the platform
• Providing advance notice for significant changes (at least 30 days where required)

Your continued use of our services after such changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

15. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that allows you to tell websites that you do not want to have your online activities monitored. We currently do not respond to DNT signals, but we respect your privacy choices and provide controls within our platform to manage your data preferences.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

For data protection inquiries specific to GDPR, CCPA, or other regional regulations, please indicate this in your communication so we can direct your inquiry appropriately.