Privacy Policy
Last updated: 5 July 2026
This Privacy Policy describes how Navaneethan K, a sole proprietor based in Coimbatore, Tamil Nadu, India ("Vagaiyara", "we", "us", "our"), collects, uses, discloses and protects your information when you use the Vagaiyara mobile application ("App") and the website at vagaiyara.com (together, the "Service").
This Policy is issued under the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
Short version: We collect the personal information you give us plus what's needed to operate the app (device info, usage logs). We use it only to run the Service. We don't sell your data. You can see, correct or delete your data any time.
1. What information we collect
1.1 Information you provide directly
- Account: mobile number, email address (optional), handle, password, name, date of birth, gender, marital status, profile photo.
- Family graph: relationship type and the identity of the other endpoint (their handle/phone/email), event invites, event RSVPs.
- Community and identity attributes: mother tongue, religion, community/caste, sub-community (used for matching in the matrimony feature). These are Sensitive Personal Data (SPDI) under Indian law.
- Matrimony profile (if you opt in): height, body type, occupation, income band, education, family background, horoscope details (rasi, nakshatra, lagnam, gotra, dosham), city, marital preferences.
- Government ID (optional): if you choose to add a government ID (Aadhaar, PAN, Voter ID, Passport, Driving Licence) for identity verification. We store only the number you provide; we do not scan or upload the physical document.
- Messages, event photos, and other content you post or share.
- Support and feedback you send us.
1.2 Information collected automatically
- Device identifiers and metadata: device model, OS version, app version, language, time zone, IP address.
- Usage logs: which features you used, time stamps, crash reports.
- Firebase notification token (for push notifications).
1.3 Information from third parties
- When you sign in with Google or Apple (federated sign-in), we receive your email address and basic profile from that provider.
- Payment status from Razorpay (order id, amount, whether the payment succeeded — we never receive or store your card, UPI PIN, or bank credentials).
2. Why we collect it (purposes of processing)
- To create and operate your account and verify your identity via OTP.
- To build and display your family graph and enable connections with your relatives.
- To power event invitations, RSVPs, and photo sharing.
- To enable direct messaging between you and other users of the Service.
- To operate the matrimony feature: rank, filter and display prospective matches based on your preferences.
- To process payments and manage subscriptions.
- To send transactional messages (OTP, security, subscription) and, if you have consented, marketing communications.
- To detect, prevent and respond to abuse, fraud, and violations of our Terms.
- To comply with applicable law and respond to legal requests.
- To measure and improve the Service (aggregated analytics).
3. Legal basis
We process your personal data on the basis of the consent you provide when creating an account and when opting into features like matrimony or contact-import. For payments, the legal basis is contractual necessity. For fraud prevention and compliance, we rely on our legitimate interests and legal obligations. You can withdraw consent at any time (see Section 7).
4. Who we share it with
We do not sell your personal data. We share it only with:
- Other users of the Service, based on your privacy settings. Certain attributes (name, handle, relationships) are always visible; others (photos, community, phone, email, personal details) can be gated to "Public", "Relatives only", "Close relatives" or "Only me".
- Service providers under contract, only to help us run the Service:
- Google Firebase (authentication, cloud messaging, real-time chat) — data processed in Google's global data centres.
- Cloudflare R2 (photo and file storage).
- Google Cloud Run (backend compute).
- Neon / Upstash / Neo4j Aura (databases, cache, graph).
- Razorpay (payment processing) — subject to Razorpay's own privacy policy.
- Law enforcement or courts, where legally compelled.
- A successor entity, if we are acquired or merged, subject to a written commitment that your data will continue to be handled under a policy at least as protective as this one.
5. International data transfers
Some of our service providers store data outside India. Where this happens, we rely on the provider's contractual and technical protections and, where required, the provisions permitted under the DPDP Act for cross-border transfer.
6. How long we keep it
- Active account data: as long as your account is active.
- Deleted account: we remove your profile, photos, and messages within 30 days of your deletion request. Some records are retained longer only where required by law (for example, payment records under the Companies Act / GST rules — typically 8 years).
- Logs: up to 12 months.
- Backups: automatically expire per our backup rotation; deletion from live systems is immediate.
7. Your rights
Under the DPDP Act 2023 and other applicable laws, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data (most fields are editable in-app from Edit Profile).
- Erase your data — see the Delete account page.
- Withdraw consent at any time. This may limit or end your access to certain features.
- Grievance redressal — see Section 11.
- Nominate another person to exercise your rights if you are unable to.
8. Security
We use industry-standard measures to protect your data, including TLS encryption in transit, encryption at rest for databases, hashed passwords (bcrypt), rate limiting, and role-based access controls. No system is perfectly secure — if you become aware of any vulnerability, please report it to [email protected].
We will notify you and the relevant Data Protection Board within a reasonable time if a personal data breach affecting you occurs.
9. Children
The Service is not intended for anyone under 18. We do not knowingly collect data from children. If we learn that we have collected data from a child, we will delete it promptly.
10. Analytics and cookies
The App uses Firebase Analytics and Crashlytics for aggregated usage metrics and crash reporting. The website uses only functional cookies necessary for the site to work.
11. Grievance officer
If you have a complaint about how we handle your data, contact:
Navaneethan K — Grievance Officer
Email: [email protected]
Address: Coimbatore, Tamil Nadu, India (full postal address available on written request)
We aim to acknowledge grievances within 48 hours and resolve them within 30 days. If you are not satisfied, you may escalate to the Data Protection Board of India.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified in the App and via the "Last updated" date above.