1. Overview
Celebra ("we", "our", "us") operates the Celebra platform at celebra.in — a marketplace connecting customers with event service vendors across India. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over it.
By using Celebra — whether as a customer or a registered vendor — you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.
2. Data We Collect
We collect the following categories of data, depending on how you use Celebra:
We do not collect payment information, Aadhaar, PAN, or any government ID. We do not use passwords — authentication is entirely OTP-based.
3. How We Use Your Data
- Authentication: Your email is used solely to send a one-time password (OTP) and verify your identity. We do not share it with vendors or third parties for marketing.
- Platform functionality: Your saved vendors, contact history, and reviews are used to power features of your account dashboard.
- Vendor discoverability: Vendor profile data (business name, city, category, phone, photos) is shown publicly to help customers find the right vendor.
- Service communications: We may email you to notify you of application status (vendors), OTP codes, or important policy changes. We do not send promotional emails without your consent.
- Platform improvement: Aggregated, anonymised usage data is used to understand how the platform is used and improve it.
- Safety & compliance: We may use data to investigate abuse, enforce our Terms & Conditions, and comply with applicable law.
4. Vendor Data — How It Is Handled
When you register as a vendor on Celebra, your business profile is stored in our database and displayed publicly once approved by our team. Here is specifically how vendor data is handled:
- Public profile data (business name, category, city, phone, description, services, pricing, photos) is visible to all visitors of Celebra without requiring them to log in.
- Photos are stored in Supabase Storage under a vendor-specific folder. Each vendor can upload up to 20 gallery images and one cover image.
- Lead records — when a customer clicks "Call" or "WhatsApp" on your profile, a lead event is recorded and visible to you in your Vendor Dashboard. No customer personal data is shared with you from this action beyond what the customer chooses to share directly.
- Reviews are permanently associated with your profile. You may reply to reviews through your dashboard. Reviews are visible publicly.
- Profile deletion: If you delete your business profile from the dashboard, all associated data — photos, leads, and profile details — is permanently removed. Reviews may be retained in anonymised form for platform integrity.
- Data removal request: You may also submit a formal data removal or update request if you no longer have access to your account.
5. Customer / User Data — How It Is Handled
- Email: Stored in our database linked to your account. Not shared with vendors. Used only for authentication (OTP) and essential platform communications.
- Session: Your login session is stored as a hashed token in a secure httpOnly cookie. It cannot be accessed by JavaScript. Sessions expire after 30 days of inactivity.
- Saved vendors & contact history: Stored in your account and visible only to you. Not shared with vendors or third parties.
- Reviews: Your written reviews are public and attributed to your account. You may delete your account to request removal, but historical reviews may be retained in anonymised form.
- Account deletion: You may delete your account from your profile settings. This removes your email, session data, saved vendors, and contact history. Alternatively, email us at support@celebra.in to request manual deletion.
6. Third-Party Services
Celebra uses the following third-party services that may process your data:
We do not sell your data to any third party. We do not use advertising networks or tracking pixels. We do not share your email with any marketing service.
7. Data Retention
8. Your Rights
You have the following rights with respect to your personal data:
- Access: Request a copy of the data we hold about you.
- Correction: Update inaccurate or incomplete data (via your account settings or by emailing us).
- Deletion: Request deletion of your account and associated personal data.
- Portability: Request your data in a structured, machine-readable format.
- Withdrawal of consent: Stop using the platform at any time. You may also email us to have your data removed.
Vendors specifically may submit a profile update or removal request here.
To exercise any of these rights, email us at support@celebra.in. We will respond within 7 business days.
9. Security
We take security seriously and have implemented the following measures:
- Passwords are never stored — authentication is exclusively OTP-based.
- Session tokens are hashed using SHA-256 before storage.
- Sessions are stored in httpOnly, Secure cookies inaccessible to JavaScript.
- All Supabase tables have Row Level Security (RLS) enabled.
- HTTP headers include Content-Security-Policy, X-Frame-Options: DENY, HSTS, and Referrer-Policy.
- OTP codes expire in 5 minutes and are rate-limited to 3 sends per 10 minutes.
Despite these measures, no system is 100% secure. In the event of a data breach, we will notify affected users within 72 hours via email.
10. Children's Privacy
Celebra is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at support@celebra.in and we will delete the account promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify registered users via email. Continued use of the platform after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy, contact us at:
Celebra Support
Email: support@celebra.in
Platform: celebra.in
Vendors may also use our Vendor Data Request form for profile update or removal requests.