Privacy Policy
Effective date: June 21, 2026
AlwaysYou ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at alwaysyou.in. By using our platform, you consent to the practices described in this policy.
1. Information We Collect
Information you provide directly:
- Account information: Email address, name, and profile picture (via Google OAuth or OTP login)
- Gift/invitation content: Names, dates, photos, videos, audio files, and personal messages you enter into templates
- Payment information: Billing details processed by Razorpay (we do not store raw card numbers)
- RSVP and guestbook submissions: Guest names, phone numbers, responses, and messages submitted on your invitation pages
- Support communications: Emails or messages you send to us
Information collected automatically:
- Usage data: Pages visited, template interactions, button clicks, and navigation flows (via PostHog)
- Device information: Browser type, operating system, screen size, and IP address
- Cookies and local storage: Session tokens, preferences, and creator authentication cookies
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account and purchases
- Generate, host, and display your personalised gift sites and invitations
- Process payments through Razorpay
- Send transactional emails (purchase confirmations, expiry reminders, abandoned creation nudges)
- Provide customer support
- Analyse platform usage to improve our service (anonymised)
- Prevent fraud and enforce our Terms of Service
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your personal data for advertising outside of our platform.
3. Media and User Content Storage
Photos, videos, and audio files you upload are stored on Cloudinary, a cloud media management service. Files are tagged with your checkout reference and retained for the duration of your plan plus a grace period. We use Cloudinary's signed uploads to ensure that only authorised uploads are accepted.
Your instance data (template fields, recipient information) is stored in our database hosted by Supabase on servers in the EU. Row-level security ensures that your data can only be accessed by you and our administrative team.
4. Third-Party Service Providers
We share information with the following third-party providers solely to operate the Service:
- Supabase (database and auth) — Privacy Policy
- Cloudinary (media storage) — Privacy Policy
- Razorpay (payments) — Privacy Policy
- PostHog (analytics) — Privacy Policy
- Google (OAuth authentication, Fonts) — Privacy Policy
5. Cookies
We use the following cookies:
- Authentication cookies: Required to keep you logged in (Supabase session token)
- Creator cookies:
ay_creator_[instanceId]— stored locally to let you manage your creation without logging in - Analytics: PostHog uses a first-party cookie to track anonymous usage events
You can disable cookies in your browser settings, but this may affect the functionality of the platform.
6. Data Retention
- Active instances: Retained for the duration of your plan
- Expired/deleted instances: Data is marked deleted and purged after 30 days
- Account data: Retained for as long as your account is active. You may request deletion at any time
- Payment records: Retained for 7 years as required by Indian financial regulations
- RSVP and guestbook data: Retained with the instance; deleted when the instance is purged
7. Your Rights
Under applicable Indian data protection law and, where relevant, GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated personal data
- Port your data (receive a copy in a machine-readable format)
- Object to processing in certain circumstances
To exercise any of these rights, email us at support@alwaysyou.in. We will respond within 30 days.
8. Security
We implement industry-standard security measures including TLS encryption in transit, Row Level Security (RLS) on our database, signed upload URLs for media, and JWT-based authentication. No system is 100% secure; in the unlikely event of a data breach we will notify affected users as required by law.
9. Children's Privacy
Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us immediately at support@alwaysyou.in.
10. International Users
AlwaysYou is operated from India. If you access our platform from outside India, your data will be transferred to and processed in India and the EU (Supabase servers). By using our platform, you consent to this transfer.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on our platform at least 7 days before the changes take effect.
12. Contact Us
For privacy-related enquiries or to exercise your rights:
AlwaysYou — Privacy TeamEmail: support@alwaysyou.in