Privacy Policy
1. Who We Are
Shubh Kriya (“we”, “us”, “our”) is a software-as-a-service platform that helps Hindu priests manage bookings, clients, and ceremony services. We are subject to the New Zealand Privacy Act 2020 and, where applicable, the EU General Data Protection Regulation (GDPR).
2. Data Controller & Data Processor
For personal information relating to your own account, Shubh Kriya acts as the data controller.
For client information uploaded by Pandits, Shubh Kriya generally acts as a data processor (or service provider), processing that information on behalf of the account holder.
3. Information We Collect
We collect the following categories of personal information:
- Account information — name, email address, phone number, password (stored as a one-way hash), and profile details you provide on registration or through your profile settings.
- Booking data — ceremony type, date, time, address, special requirements and notes attached to a booking.
- Usage data — pages visited, features used, browser type, operating system and IP address, collected automatically via server logs and first-party analytics.
- Communications — emails you send to our support team and any feedback you submit in-app.
- Payment data — billing details for pandit subscriptions are processed directly by Stripe; we do not store card numbers on our servers.
4. Information Provided by Users
Pandits may enter personal information relating to their clients, including names, contact information and booking details. Users are responsible for ensuring they have the necessary authority or consent to provide that information to Shubh Kriya. We process this information only on behalf of the account holder to provide the Service.
Information entered by Pandits regarding their clients remains under the control of the account holder. Shubh Kriya processes this information solely to provide the Service.
5. How We Use Your Information
We use your personal information to:
- Create and manage your account.
- Process, confirm and send notifications about bookings.
- Send ceremony reminders and samagri lists to clients.
- Process subscription payments for pandit accounts.
- Improve the platform through anonymised usage analytics.
- Respond to support requests and legal enquiries.
- Comply with our legal obligations under New Zealand law.
Analytics help us understand which features are used, identify errors and improve platform performance. We do not use analytics to build advertising profiles.
We will never sell your personal information to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
6. Legal Basis for Processing
Where the GDPR applies, we process personal information because:
- it is necessary to perform our contract with you;
- you have provided consent;
- processing is necessary to comply with legal obligations; or
- we have a legitimate interest in operating, securing and improving the Service.
7. Cookies & Tracking
We use essential cookies to keep you signed in and to maintain your session security. We may also use first-party analytics cookies to understand how the platform is used. We do not use third-party advertising or tracking cookies.
You can control cookie preferences through our Cookie Policy page and your browser settings. Disabling essential cookies will prevent you from remaining signed in.
8. Who We Share Data With
We share personal information only with trusted third-party service providers who process data on our behalf under appropriate data processing agreements:
- AWS (Amazon Web Services) — cloud infrastructure, database storage and web application hosting (ap-southeast-2 region, hosted in Sydney, Australia; web pages are delivered via AWS's global content delivery network).
- Stripe — subscription payment processing.
- Resend — transactional email delivery.
- Google — optional sign-in (Google OAuth) and address lookup (Google Maps), only when you use those features.
We may disclose your information if required by law, court order, or to protect the rights and safety of our users.
9. International Transfers
Our infrastructure is based in the AWS ap-southeast-2 region (Sydney, Australia). Web pages and static assets may be served from AWS content-delivery edge locations closer to you, and some service providers may process data in other jurisdictions. Where transfers occur outside New Zealand, we ensure appropriate safeguards are in place consistent with the Privacy Act 2020 and the GDPR standard contractual clauses where applicable.
10. Security
We use industry-standard security measures including encrypted network connections (HTTPS/TLS), password hashing, encryption of data at rest, access controls and regular security updates to help protect your personal information. No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Data Retention
We retain account data for as long as your account is active. If you close your account, we will delete or anonymise your personal information within 90 days, except where we are required to retain it for legal or regulatory compliance (e.g. financial records, which may be kept for 7 years under New Zealand law). If your account is cancelled or terminated, it may be recovered within 30 days; after that recovery window, deletion proceeds as described above.
After deletion, your account will no longer be accessible. Some information may remain in encrypted backups for a limited period before being automatically overwritten.
12. Your Rights
Under the New Zealand Privacy Act 2020 and, where applicable, the GDPR, you have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of your personal information (“right to be forgotten”).
- Object to or restrict certain processing of your data.
- Receive a copy of your data in a portable format.
- Complain to us directly about how we have handled your personal information, and lodge a complaint with the Office of the New Zealand Privacy Commissioner.
To exercise any of these rights, please contact us at the address below. We will respond within 20 working days as required by the Privacy Act 2020. We encourage you to raise any concerns with us first so we can try to resolve them for you directly.
13. Children's Privacy
Shubh Kriya is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us immediately.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email and display the updated date at the top of this page. Your continued use of the Service after the updated Privacy Policy becomes effective means the revised policy will apply to your use of the Service.
15. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy, please reach out:
Shubh Kriya — Privacy
Email: developer@devwin.co.nz
New Zealand