hchk
Open app

Legal

Privacy Policy

Last updated: 21 June 2026

This Privacy Policy explains how Hichki(“Hichki”, “we”, “us”) handles personal data when you use our wedding and event operations platform (the “Service”). We are based in India, and aim to comply with India’s Digital Personal Data Protection Act, 2023 and applicable rules.

Who is responsible for your data

Hichki plays two different roles depending on whose data is involved:

  • For account holders (planners and families who sign up), we determine how your account information is used and act as the data fiduciary (controller).
  • For guest information you add(your guest list, their contact details, RSVPs, travel and stay details, and any documents you upload), you — the account holder — decide what is collected and why. For that data, Hichki acts as a data processor, handling it only on your instructions to provide the Service. You are responsible for having a lawful basis and the necessary consent to add other people’s personal data.

Information we collect

  • Account data: name, email address, phone number, and authentication details when you create or use an account.
  • Workspace & guest data: the wedding/event details, guest names and contact details, family groupings, relationships, RSVP responses, dietary or accessibility notes, accommodation and travel arrangements, and budget or vendor information you enter.
  • Uploaded documents: files you choose to upload, which may include travel tickets (flight/train) and government identification such as Aadhaar. Where the feature supports it, documents are read in your browser to extract details (e.g. PNR, name, dates); files and the extracted details may be stored as part of your workspace to provide the Service. Government IDs are sensitive — only upload them where you have consent and a genuine need.
  • Usage & device data: log data, IP address, browser type, and actions taken in the Service, used to operate, secure, and improve it.
  • Cookies: we use strictly necessary cookies to keep you signed in and maintain your session. We do not use them for third-party advertising.

How we use information

  • To provide, maintain, and secure the Service and your account.
  • To send messages you initiate to your guests (for example WhatsApp save-the-dates, RSVP reminders, and updates) through messaging providers.
  • To extract and organise details from documents you upload, so guest, travel, and accommodation records stay accurate.
  • To respond to your requests and provide support.
  • To detect, prevent, and address technical issues, fraud, or misuse.
  • To comply with legal obligations.

Sharing and service providers

We do not sell personal data. We share it only with service providers who help us run the Service, under appropriate confidentiality and data protection terms. These currently include:

  • Hosting & database: Supabase and our cloud infrastructure providers, who store and process workspace data on our behalf.
  • Messaging providers: WhatsApp Business and/or SMS providers used to deliver the messages you send to your guests.
  • Legal & safety: authorities or advisors where required by law, or to protect the rights, safety, and security of users and the public.

Some providers may process data outside India. Where they do, we take reasonable steps for such transfers to be consistent with applicable law.

Data retention

We keep personal data for as long as your account or workspace is active and as needed to provide the Service, then for any further period required to comply with legal obligations, resolve disputes, and enforce our agreements. Account holders can delete guests, documents, and workspaces; deleted data is removed from active systems and from backups within a reasonable period.

Security

We use reasonable technical and organisational measures — including access controls, encryption in transit, and row-level data isolation per workspace — to protect personal data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your rights

Subject to applicable law, you may request to access, correct, update, or delete your personal data, withdraw consent, or raise a grievance. If the data concerns guest information held within an account holder’s workspace, we may direct your request to that account holder, who controls that data; we will assist them as their processor.

Children

The Service is intended for adults (18+) organising or attending events. We do not knowingly create accounts for children. Account holders are responsible for any information they add about minors (for example, guests) and must have the appropriate consent to do so.

Grievance Officer & contact

For privacy questions, requests, or grievances under applicable Indian law, you can reach our Grievance Officer through our website, hichki.in. We will acknowledge and respond within the timelines required by law.

Hichki, India.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for significant changes, take additional steps as required by law. Continued use of the Service after an update means you accept the revised policy.