Privacy Policy
1. Introduction
SutrVerse Private Limited (“SutrVerse”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your Personal Data. This Privacy Policy explains how we collect, use, disclose, retain, and secure information when you visit our websites or use our venue-management products and applications—including VenueOS, VenueSutr, SutrOS, PlannerSutr, and VendorSutr (collectively, the “Services”).
This policy aligns with applicable laws, including India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the EU/UK GDPR, and relevant U.S. state privacy laws. By using the Services at sutrverse.in or any related subdomain, you agree to the practices described here.
2. Scope & Roles
This Policy applies to all users of the Services, including venue owners, staff, planners, vendors, website visitors, and the event customers whose information is entered into our platform by venue teams.
- Data Fiduciary / Controller: For account, billing, marketing, and support data, SutrVerse acts as an independent Data Fiduciary (India) / Controller (GDPR).
- Data Processor:For “Customer Content” (e.g., event-host data, leads, guest lists, messages) that our business users enter or generate in the Services, SutrVerse acts as a Data Processor. Venue teams are responsible for the lawful collection of this data. We do not share data between different venue tenants.
3. Information We Collect
We collect the following categories of information to operate our Services:
- Account & Profile— name, business name, role, email address, phone number, profile photo, and password hashes.
- Customer Content— venue inventory (spaces, catering), leads, event details, quotations, bookings, décor selections, and end-customer contact details entered by venue teams.
- Usage & Diagnostics— device identifiers, browser type, IP address, timestamps, pages/features visited, and performance metrics.
- Communications— support tickets, in-app chat, and metadata for external messages (e.g., logging that a WhatsApp or Instagram message attempt was made via our interface).
- Integrations— limited access tokens for third-party tools (e.g., Google OAuth profile data, Meta/Instagram Business connections).
- Payments & Billing— transaction records, billing addresses, GSTIN, and tokenized payment references.
4. How We Use Information & Legal Bases
We process data based on consent, contract performance, legal obligations, and legitimate business interests to:
- Provide & Improve Services: authenticate users, configure accounts, and improve features using aggregated, de-identified usage data.
- Facilitate Operations: enable venue teams to manage leads, generate quotations, and seamlessly process bookings.
- Enable Communications: allow venue teams to send WhatsApp templates, portal links, and payment reminders. (Note: when venue teams send messages via WhatsApp or Instagram deep links from our interface, the message body is composed client-side; we only log the attempt for audit purposes and do not relay message content through our servers.)
- Security: protect against fraud, abuse, and unauthorized access.
5. Third-Party Services & Integrations
We use third-party providers to operate the Services (e.g., cloud hosting, managed PostgreSQL, content delivery, and payment processing). We do not sell personal information to third parties or advertisers.
When you enable specific integrations, data is processed per their respective terms:
- Google (Sign-In / OAuth): we receive your name, email, and profile picture for authentication. Our use of data received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.
- Meta Platforms (Instagram / WhatsApp):venue teams connecting Instagram Business accounts process content in line with Meta’s Platform Terms. We do not store message content beyond what is necessary to display recent conversations to the authorized venue team.
6. AI-Powered Features
Certain platform features may leverage AI to generate décor visuals, summarize messages, or automate workflows. Customer Content is processed strictly to deliver the requested feature. We do not use Customer Content to train third-party foundation models without your explicit direction or consent.
7. Data Security & Retention
We use industry-standard measures, including HTTPS encryption in transit, encryption at rest, role-based access controls, and audit logging. We retain different categories of data for different periods:
- Account & Subscription Data— life of the active venue account plus up to 3 years.
- Customer Content— retained until deleted by the venue admin. Upon account termination, data is deleted or anonymized within 90 days.
- System Logs & Diagnostics— 180 to 365 days (unless required longer for security holds).
- Billing & Tax Records— up to 8 years, or as required by applicable accounting laws.
8. International Data Transfers
SutrVerse is operated from India. Our infrastructure sub-processors may store or process data in regions outside India. By using the Service, you consent to these transfers, which are subject to appropriate legal safeguards (e.g., Standard Contractual Clauses).
9. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
- Access, obtain a copy of, or correct your personal data.
- Request deletion or restriction of your information.
- Withdraw consent for optional processing or marketing communications.
- (For end-customers) if your data was entered by a venue using SutrVerse, please contact the venue directly to exercise your rights, and we will assist them as their Data Processor.
To exercise your direct rights, email us at SutrVerse@gmail.com. We will respond within 30 days.
10. Regional Disclosures
- India (DPDP Act): SutrVerse Private Limited acts as the Data Fiduciary. We rely on valid consent or legitimate use. Grievances can be directed to SutrVerse@gmail.com.
- EU/UK (GDPR): data subjects may lodge a complaint with their local supervisory authority. Contact our DPO at SutrVerse@gmail.com.
- United States:we do not “sell” or “share” personal data for cross-context behavioral advertising as defined by laws in California, Colorado, Virginia, etc.
11. Children’s Privacy
SutrVerse is a B2B platform not directed at children under 16 (or 18 in certain jurisdictions). We do not knowingly collect data from minors.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via an in-app notice or email to account administrators.
13. Contact Us
Privacy inquiries, general support, and the Grievance Officer (India) can all be reached at SutrVerse@gmail.com.
See also our Terms of Service and Data Deletion Instructions.