Version 2026-07-07.v4
Privacy Policy
Effective date: 7 July 2026 Applies to: Swayamvar mobile app, website, and any live events organised under the Swayamvar brand
Swayamvar is a curated, live-event matchmaking service inspired by the Indian Swayamvara tradition. This Privacy Policy explains what personal data we collect from you, why, how long we keep it, who we share it with, and the rights you have under India's Digital Personal Data Protection Act 2023 ("DPDPA") and the Information Technology Rules 2021.
If you don't agree with this Policy, please do not use Swayamvar. Continuing to use the app or attending a Swayamvar event means you accept it.
1. Who we are (the Data Fiduciary)
Swayamvar is operated by Chetan Amin as a sole proprietor, doing business as "Swayamvar". We are the "Data Fiduciary" under DPDPA §2(i) for the personal data described below.
Contact for privacy matters: support@myswayamvar.app Grievance Officer: Chetan Amin — support@myswayamvar.app Registered office / correspondence address: A-1402, Pushp Vinod 1, S.V. Road, Opp. Tirumala, Borivali (West), Mumbai 400092, Maharashtra, India
We currently have no separate Data Protection Officer — the Grievance Officer performs both roles. If Swayamvar is later incorporated (LLP or Pvt Ltd) or grows past the DPDPA "Significant Data Fiduciary" threshold, we will appoint a dedicated DPO and update this Policy.
2. Who this Policy is for
This Policy applies to:
- Attendees / Data Principals: anyone who signs up on the app, whether they eventually attend an event or not.
- Event guests: anyone who is present at a Swayamvar event, including plus-ones or observers, whose image or voice may be captured.
- Website visitors: anyone who visits myswayamvar.app, api.myswayamvar.app, app.myswayamvar.app, or any Swayamvar-branded landing page.
If you are none of the above but believe your data has been processed by us (for example if a friend uploaded a photo containing you), contact the Grievance Officer.
3. What personal data we collect
We collect only the data we need to run the service. There is no ad tracking, no third-party analytics beyond what is listed below, and no "shadow" profile building.
3.1 At sign-up
- Your mobile phone number (used only for one-time-password sign-in via Firebase Authentication)
- Your name
- Your date of birth
- Your gender (WOMAN / MAN — Swayamvar's event format is currently gendered; see §12)
3.2 During onboarding
- Your city and neighbourhood (Mumbai neighbourhoods list per app; for future cities we will update this Policy)
- Your profession (industry + role title — both optional)
- Your highest level of education
- Your relationship status
- Whether you have children (Yes / No / Prefer not to say)
- Your intent for using the app (Open to whatever / Taking it slow / Something serious / Marriage)
- Four photographs of you: one face photo (with liveness check — you blink to prove the photo is not static), one lifestyle photo, one photo about a passion, one candid photo
- A short voice note recorded by you (max 60 seconds)
- Your answers to 15 curated bio questions covering values, communication style, and life goals
3.3 At events
- Whether you "lit a diya" for a particular man before the event (interest signal used to build the guest list; see §7)
- Which 3 men you picked on-site as potential dinner partners
- Photographs and video recorded during the event (only if you granted the specific consent toggles for these — see §5)
- Your post-event feedback about the match and the evening
3.4 Automatically
- Your IP address and device type when you use the app (for security and troubleshooting)
- Timestamps of every consent grant, revoke, and policy acceptance (audit trail — see §5, §9)
- App error and crash logs (contain no bio content; they contain only stack traces and device metadata)
- The version of every policy document you agreed to and when
3.5 What we do NOT collect
We do not collect:
- Your caste, religion, or community
- Your salary, income, or financial account details (payments happen outside the app via UPI transfer to us)
- Your precise GPS location, contacts, call/SMS logs, or content from other apps
- Any biometric identifier beyond the face liveness check (which is not retained as a biometric template — only the resulting photo is stored)
- Your name of anyone you know or refer to us — Swayamvar has no referral or "invite friends" feature
We ask about children (Yes/No) only for compatibility matching. We never collect data about your actual children.
4. Why we collect it (purposes and legal bases)
Under DPDPA §7, every purpose must have a lawful basis. Here is each of our purposes with the specific basis:
| Purpose | Data used | Legal basis (DPDPA §7) |
|---|---|---|
| Verifying you are a real person | Phone, face photo with liveness, verification video-call | Your consent (Toggle 1) |
| Showing your profile to other invited attendees at your event | Photos, bio answers, city/neighbourhood, DOB, voice note | Your consent (Toggle 1) |
| Computing compatibility for match ordering (deterministic + AI) | DOB, bio answers, profile fields, Vedic-astrology derivations | Your consent (Toggle 1) |
| Running the live event safely | Event photography | Your consent (Toggle 2) |
| Internal safety review + AI training on event dynamics | Event video from specific rounds | Your consent (Toggle 3) |
| Marketing (reels, testimonials, potential TV/streaming) | Photos, voice note, your story | Your consent (Toggle 4 — optional, revocable at any time) |
| Fraud prevention, safety-of-others, incident investigation | Full profile + activity logs | Legitimate use — safety of Data Principals (DPDPA §7(h)) |
| Responding to grievances, LEA requests, court orders | As required | Legal compliance (DPDPA §7(g)) |
| Product analytics (event success rate, drop-off analysis) | Aggregated only (no names, no photos) | Legitimate use — improving our service (DPDPA §7(h)) |
We do not process your data for any purpose other than these. If we ever add a new purpose, we will update this Policy and (where required by DPDPA) ask for a fresh consent.
5. The four consent toggles (DPDPA §7 fresh consent)
At onboarding we ask for four separate consents, each with a Grant / Revoke choice and its own audit trail. Consent is captured with your typed signature, timestamp, and the exact policy version you saw at the time.
- App Profile Use — required. Enables Swayamvar to show your profile to other invited users at your event.
- Event Photography — required to attend an event. Enables photography of you at the venue for internal safety and records.
- Internal Safety Video — required to attend an event. Enables video recording during specific event rounds (e.g., scent round, dinner reveal) for safety review and AI training. Never published.
- Media & Marketing Use — optional. Enables Swayamvar to use your photos, voice, or story in marketing (reels, ads, potential TV / streaming appearances).
Toggle 4 is revocable at any time from Settings → Consents. Revoking Toggle 4 means we won't use your data in future marketing; we will remove you from active online marketing surfaces within 30 days, but existing physical materials (already-printed flyers, DVDs sent to media partners) cannot always be recalled.
Revoking Toggles 1–3 is not offered as a toggle because those are prerequisites for using Swayamvar. The way to revoke them is to delete your account (Settings → Delete Account).
6. Who we share your data with (recipients)
We rely on a small, deliberately limited set of service providers, each of whom is bound to protect your data:
| Recipient | What they see | Purpose | Location |
|---|---|---|---|
| Google LLC (Firebase Authentication) | Your phone number and the OTP we send you | Sending SMS OTP for sign-in | Google's global infrastructure — data may transit or reside outside India |
| Anthropic PBC (Claude AI) | Your age, city, neighbourhood, profession, education, relationship status, journey intent, bio Q&A, Vedic-astrology derivations (Nakshatra, Rashi, Nadi, Gana, Yoni). Not your name, phone, photos, or voice note. | Generating a 2–3 sentence compatibility reasoning shown to the matched woman | Anthropic's US servers |
| IONOS SE | All data hosted on our MariaDB database and Fastify API — profile, photos, voice, bio, activity | Hosting infrastructure | Germany (EU) |
| The other user in a match | Your face photo, age, neighbourhood, bio answers, voice note, compatibility short-tag. Never your name, phone, or contact details. | Enabling the match itself | Within the app |
| Our internal team (currently 1 person: the founder) | All of the above, for verification calls, payment reconciliation, grievance response, event running | Operations | Within our internal tools |
| Government / law enforcement | Only what is lawfully requested, in the minimum quantity required | Legal compliance | India |
| Event venue staff and vendors | Your face and voice at the venue itself (physical presence — no data files shared) | Running the event | At the venue only |
Cross-border transfer notice (DPDPA §16): Some of these providers process data outside India. By granting consent you agree to this transfer. We will update this section if the Central Government issues a restriction against any of these jurisdictions.
No sale of data. We do not sell your personal data. We do not embed third-party ad networks (Meta Pixel, Google Ads, etc.) in the app. We do not run any programmatic advertising.
7. How the diya, invitation, and match flow uses your data
Because Swayamvar's mechanic is unusual, we call out the data flow explicitly:
- Pre-event browse. A woman signed up to attend an event browses invited men. She sees their face, age, neighbourhood, bio, voice, and a compatibility tag. She does not see their name or phone.
- Lighting a diya. She may tap a diya on any man she's interested in. The diya is stored against her account against that man for that event.
- Aggregate signal to men. Each man sees only the count of women who lit diyas on him — never names, never photos, never identities.
- Admin invitation. Our team invites the men with the most diyas (and any additional invitees based on manual capacity balancing).
- Payment. Both women and men pay a per-event fee via UPI transfer to Swayamvar's UPI ID; the admin confirms payment manually.
- On-site pick-3. After event activities, each woman picks 3 men (unordered set) on her phone.
- Matching engine. Our engine assigns each woman one dinner partner from her 3 picks, using the compatibility score to resolve contention when two women pick the same man.
- Reveal. Each woman sees her partner's face and per-event candidate number. Names are exchanged face-to-face at the dinner table.
- Feedback. After the event, both individuals submit private feedback on the match. Feedback is per-person, not joint, and is used for our internal quality tracking.
Steps 1–2 rely on Toggle 1 (App Profile Use). Steps 5–8 rely on Toggles 2 and 3 (event photography and video). Step 9 is legally required (DPDPA §7(h) legitimate use — service improvement).
8. How long we keep your data (retention)
| Data | Retention |
|---|---|
| Active account: profile fields, photos, voice, bio answers | While your account is active |
| Account after deletion request | Retained for 30 days (soft-delete grace window so you can restore), then permanently purged |
| Consent and policy-acceptance records | Retained indefinitely for audit under DPDPA §8(4); anonymised (linked to a hash, not to your name or phone) after the 30-day purge window |
| Event photos and video | Up to 6 months for safety review, then deleted — unless you granted Toggle 4 and we used a specific asset in a published piece, in which case that asset may be retained for its promotional life. |
| Payment records (invitation, amount, admin confirmation) | 7 years — required for Indian tax compliance (Income Tax Act §44AA) |
| Match records and post-event feedback | Personal identifiers deleted with your account; aggregated (no names, no photos) statistics retained indefinitely for reporting |
| Server logs (IP, device, request path) | 90 days |
| App error / crash logs | 30 days |
We do not use your data for any purpose after the retention window elapses.
9. Your rights under DPDPA
You have the right to:
- Access — download a copy of everything we hold on you. Use Settings → Download my data, or email support@myswayamvar.app. We deliver the export within 7 days (DPDPA §11).
- Correction — edit your profile from within the app at any time. If a field is not editable in-app (e.g., date of birth after account creation), email us and we will correct it.
- Erasure — delete your account from Settings → Delete Account, or email support@myswayamvar.app. Deletion is completed 30 days after the request (see §8).
- Withdrawal of consent — revoke Toggle 4 at any time from Settings → Consents. Revoking Toggles 1–3 requires account deletion.
- Grievance redressal — write to our Grievance Officer (§11). We acknowledge every grievance within 24 hours and resolve standard grievances within 15 days. Impersonation, non-consensual sexual imagery, and deepfake complaints are resolved within 24 hours per the IT Rules 2021.
- Nomination (DPDPA §13) — nominate another individual to exercise your rights on your behalf in the event of your death or incapacity. Send us the nominee's name, contact and a written authorisation and we will register the nominee.
- Escalation to the Data Protection Board of India — if we don't resolve your grievance to your satisfaction, you may escalate to the Board under DPDPA §13(3).
We do not charge for any of these requests. If a request is manifestly unfounded or excessive (e.g., a demand for a 100th data export in a month), we may either refuse or charge a reasonable administrative fee — we will always explain why in writing.
10. Security
We use the following controls to protect your data:
- TLS in transit for every request between the app and our servers, and between our servers and third-party providers.
- Encrypted storage at rest for photos on our storage backend, currently OS-level disk encryption on our managed VPS. As we scale we will migrate to an encrypted object store (S3 with KMS or equivalent) and update this Policy accordingly.
- No passwords — we don't store any. Sign-in is one-time-password via SMS.
- Least-privilege database access — our application role has SELECT/INSERT/UPDATE/DELETE only on the tables it needs; the database is not exposed to the public internet.
- Role-based access in admin tools — only authorised personnel with the ADMIN role can access user records, payment status, and event management. All admin actions are attributed and auditable.
- Backup and disaster recovery — nightly MariaDB dumps to a separate bucket, retained for 30 days.
No system is perfectly secure. If a personal data breach affects you, we will notify you and the Data Protection Board of India as required by DPDPA §8(6).
11. Grievance Officer
Under IT Rules 2021 Rule 3(2) and DPDPA §8(9), our Grievance Officer is:
Chetan Amin Email: support@myswayamvar.app
Response SLA (IT Rules 2021 Rule 3(2)(b)):
- Acknowledgement of grievance: within 24 hours
- Resolution of standard grievances: within 15 days
- Resolution of complaints involving impersonation, non-consensual sexual content, deepfakes, or artificially morphed images of the complainant: within 24 hours
What to include in your complaint:
- Your registered phone number (so we can locate your account)
- A clear description of the issue
- Date and time
- Any evidence (screenshots, references)
If we do not resolve your grievance to your satisfaction, you may escalate to the Data Protection Board of India established under DPDPA.
12. Children
Swayamvar is intended for adults (18+) only. We do not knowingly collect personal data from anyone under 18. If we discover a user is under 18 we will delete the account and refund any fees paid.
Under DPDPA §9, processing children's data requires verifiable parental consent — which we do not accept for a matrimonial-style service. If you believe an under-18 user has an account, notify the Grievance Officer.
13. Gender-specific format
Swayamvar's current event format is gendered (women choose from a pool of men) reflecting the Indian Swayamvara tradition. We collect and store gender as a required onboarding field. We plan to add non-binary and same-gender event formats in future — this Policy will be updated when that happens.
If your gender identity differs from what you were assigned at birth and you would like to attend a Swayamvar event, please email us privately at support@myswayamvar.app and we will accommodate you or refer you to a partner service where possible.
14. Cookies (website)
Our mobile app does not use cookies. If we run a marketing website, we may use:
- A single first-party cookie to remember whether you've dismissed a cookie banner (retention: 30 days)
We do not currently use any analytics platform, tracking pixels, retargeting, or third-party ad cookies. If we adopt privacy-friendly first-party analytics in the future, we will update this Policy before doing so.
15. Changes to this Policy
We may update this Policy. When we do, the effective date at the top of this document changes and the internal version tag increments. Any material change (new recipients, new purposes, changed retention) triggers a re-acceptance prompt in the app on your next open — you will be shown the new text and asked to confirm before continuing to use Swayamvar.
Non-material changes (typo fixes, formatting) do not trigger a re-prompt but are still recorded in the version log we keep.
16. Contact
For any question about this Policy or your data:
Chetan Amin (Grievance Officer / Data Fiduciary contact) Email: support@myswayamvar.app
This Policy is written in English. If we release a Hindi or Marathi translation, the English version remains the authoritative reference in case of conflict. On written request to the Grievance Officer we will provide a summary of your rights under this Policy in Hindi or Marathi.