Party Script Back to site

Privacy Policy

Last updated: June 2026

This Privacy Policy describes how [Registered business / proprietor name] ([Sole Proprietorship]), operator of Party Script("we", "us", "our"), collects, uses, discloses, stores, and protects your information when you use our event operations workspace at partyscript.in (the "Service"). We are the data fiduciary in respect of personal data processed through the Service. By using the Service you consent to the practices described here.

This policy is published in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Information we collect

  • Account information — your name, email address, phone number, password (stored only as a salted hash), and organization details.
  • Event & workspace data — content you create: events, tasks, vendors, budgets, guest lists (RSVPs), files, run-of-show, issues, comments, and related records.
  • Payment information — when you subscribe, billing is processed by Razorpay. We receive transaction identifiers and subscription status; we never receive or store your full card number, CVV, UPI PIN, or bank credentials.
  • Usage & technical data — IP address, device/browser type, and access logs needed to operate, secure, and debug the Service.
  • Communications — messages you send us for support or grievances.

2. Sensitive personal data

We do not intentionally collect sensitive personal data (such as financial account numbers, health, biometric, or government-ID data) beyond what is strictly necessary. Any guest or vendor information you upload is content you control and warrant you are authorized to process.

3. Purpose & lawful basis

We process personal data for the following purposes, on the basis of your consent and our legitimate business interest in operating the Service:

  • To create your workspace and provide, maintain, and improve the Service.
  • To authenticate you and keep your organization's data secure.
  • To process subscription payments and prevent fraud.
  • To send transactional and notification emails you have enabled (manage these in Settings → Notifications).
  • To respond to support requests and comply with legal obligations.

4. Disclosure & data processors

We share data only with sub-processors that help us run the Service, under contractual confidentiality and security obligations:

  • Supabase — database, authentication, and file storage.
  • Razorpay — subscription payments (PCI-DSS compliant; card data handled solely by Razorpay).
  • Resend — transactional and notification email delivery.
  • Netlify — application hosting and content delivery.

We do not sell your personal data. We may disclose information if required by law, court order, or a lawful request by a public authority, or to protect our rights, users, or the public.

5. International transfers

Some sub-processors may store or process data on servers located outside India. Where this occurs we take steps to ensure a comparable standard of protection, consistent with the DPDP Act and applicable transfer restrictions.

6. Data security

We implement reasonable security practices including row-level security (each organization can access only its own records), encrypted connections (TLS), hashed passwords, and access controls. While we follow industry-standard safeguards, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Data retention

We retain your data for as long as your account is active and as needed to provide the Service. On account deletion we remove or irreversibly anonymize personal data within a reasonable period, except where retention is required for legal, tax, accounting, or fraud-prevention purposes.

8. Your rights

Subject to applicable law (including the DPDP Act), you have the right to:

  • access and obtain a copy of your personal data;
  • correct or update inaccurate or incomplete data;
  • request erasure of your personal data;
  • withdraw consent (which does not affect prior lawful processing);
  • nominate another individual to exercise your rights in case of death or incapacity; and
  • grievance redressal as described below.

To exercise these rights, email sushant@partyscript.in.

9. Cookies

We use strictly necessary cookies and similar technologies to keep you signed in and to operate the Service. We do not use third-party advertising cookies.

10. Children

The Service is intended for business use and is not directed at children under 18. We do not knowingly collect personal data of children without verifiable parental consent as required by the DPDP Act.

11. Grievance Officer

In accordance with the IT Act and the DPDP Act, the Grievance Officer for Party Script is:

We acknowledge grievances within 2 business days and aim to resolve them within 30 days.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above; continued use after changes constitutes acceptance.

13. Contact

[Registered business / proprietor name], [Street, City, State, PIN], India. Email sushant@partyscript.in.