1. Who We Are

This Privacy Policy explains how we collect, use, and protect your personal data when you use Wisherly.

The "data fiduciary" (controller) responsible for your personal data is:

Sanjee Gopinath Pavan Kumar (also referred to as "SG Pavan Kumar"), Proprietor
Trading as: Wisherly - Supar Digital Moments
GSTIN: 29EOHPP1493F1ZJ
Registered address: 2nd Floor #35, 2nd Main 2nd Cross 2nd Stage, Pipe Line Road Vijayanagar, Bengaluru, Karnataka 560040, India
Email: reachpavan02@gmail.com

This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act); the Information Technology Act, 2000 and rules framed thereunder; and applicable international frameworks including the EU GDPR for users located in the EEA/UK.

2. Data We Collect

2.1 Information You Provide

• Account data: Name, email, phone number, profile photo.
• Profile data: Date of birth, gender, city, state, address (optional), referral source.
• Content you upload: Photos, audio, video, messages, recipient names, and other content you add to surprise pages.
• Payment data: Billing state (for GST), payment method selection. Card and UPI details are collected directly by Razorpay and are never seen or stored by Wisherly.
• Support communications: Emails, messages, and screenshots you send us.

2.2 Information Collected Automatically

• Device and browser data: IP address, browser type, OS, device type.
• Usage data: Pages visited, features used, clicks, session duration.
• Cookies and similar technologies: See our Cookie Policy.

2.3 Information from Third Parties

• Sign-in providers: If you sign in with Google, we receive your name, email, and profile picture from Google.
• Payment processor: Razorpay confirms to us the success/failure of a payment and a payment reference. We do not receive your card number or CVV.

3. Purposes of Processing

• Create and maintain your account.
• Deliver the surprise pages you create.
• Process payments and issue GST invoices.
• Provide customer support.
• Improve and secure the Platform.
• Comply with legal obligations (tax, accounting, law enforcement).
• Send service-related emails (receipts, password resets, policy updates).
• With your consent: send marketing communications, reminders, newsletters.

4. Legal Basis for Processing

Under the DPDP Act, 2023 and other applicable laws, we process your personal data on the following bases:

5. Who We Share Your Data With

We do not sell your personal data. We share it only with:

We have contractual arrangements with our sub-processors requiring them to protect your data and use it only for the purposes we specify.

6. Security

We implement reasonable security practices as prescribed under Section 43A of the IT Act and IS/ISO/IEC 27001 framework standards, including:

• HTTPS/TLS encryption for all data in transit.
• Encryption at rest for sensitive data stored in Firebase.
• Role-based access control — only authorised personnel can access customer data.
• Audit logs of all admin actions.
• Regular review of security controls.

No system is perfectly secure. You are responsible for keeping your account credentials safe.

7. Data Retention

8. Your Rights Under the DPDP Act

As a "Data Principal" under the DPDP Act, 2023, you have the right to:

• Access: Obtain a summary of your personal data we hold.
• Correction and erasure: Correct inaccurate data and request deletion of data no longer needed.
• Withdraw consent: Withdraw consent at any time (withdrawal does not affect prior lawful processing).
• Nominate: Nominate another person to exercise your rights in case of death or incapacity.
• Grievance: Lodge a grievance with our Grievance Officer (see below) and, if unresolved, with the Data Protection Board of India.

To exercise any right, email reachpavan02@gmail.com with subject line: "DPDP Request — [Your Right]".

We will respond within 30 days.

9. Children's Data

Wisherly is available to users aged 13 and above, with parental or guardian consent required for users under 18.

• We do not knowingly collect data from children under 13.
• For users between 13 and 17, we rely on parental/guardian consent before processing personal data.
• If you believe a child under 13 has provided us with data, please contact us at reachpavan02@gmail.com and we will delete it.
• We do not profile, track, or target advertising to children.

10. International Data Transfers

Your data is primarily stored in India (Firebase asia-south1 region). Some sub-processors (Vercel, Google's global infrastructure) may process data in other countries. All transfers are governed by Standard Contractual Clauses or equivalent safeguards where required.

11. Cookies

We use cookies and similar technologies. See our Cookie Policy for full details.

12. Data Protection Officer

Our Data Protection Officer is:

SG Pavan Kumar
Email: reachpavan02@gmail.com (Subject: "DPO — [Your Query]")

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023:

We will acknowledge grievances within 48 hours and resolve them within 30 days.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the Platform at least 7 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

15. Contact

SG Pavan Kumar (Proprietor)
Trading as: Wisherly - Supar Digital Moments
2nd Floor #35, 2nd Main 2nd Cross 2nd Stage, Pipe Line Road Vijayanagar
Bengaluru, Karnataka 560040, India
Email: reachpavan02@gmail.com
GSTIN: 29EOHPP1493F1ZJ

This Privacy Policy is prepared in accordance with the Digital Personal Data Protection Act, 2023; the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and, where applicable, the EU General Data Protection Regulation (EU 2016/679).