Legal

Privacy Policy

Last updated: April 2026 · Version 1.0

1. Introduction

Vedohum Collective ("Vedohum", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform, in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and the General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Information You Provide

  • Account data: Name, email address, phone number, password (hashed, never stored in plain text).
  • Profile data: Age, address, state, country, wellness interests, profile photo.
  • Booking data: Experience selections, dates, times, guest counts, special requirements or health notes.
  • Payment data: Processed by Stripe and Razorpay. We never receive, store, or process your card number, CVV, or bank credentials.
  • Communications: Messages sent through the platform support system.
  • Partner data: Business name, professional qualifications, KYC documents (PAN, GST, licences), bank account details for payouts.

2.2 Information Collected Automatically

  • Device & browser: IP address, browser type, operating system, device type.
  • Usage data: Pages visited, features used, search queries, session duration.
  • Location: Country-level geolocation derived from IP address (used for payment provider routing and currency display). We do not collect precise GPS coordinates.

3. How We Use Your Data

  • Service delivery: Processing bookings, sending confirmations, generating QR codes, facilitating check-ins.
  • Personalisation: Recommending experiences based on your stated interests and booking history via our AI recommendation engine.
  • Communication: Transactional emails (booking confirmations, refund notifications), booking reminders, and review prompts.
  • Safety & security: Fraud detection, identity verification, and platform integrity.
  • Legal compliance: Tax reporting (TDS under Indian tax law), regulatory obligations, and dispute resolution.
  • Platform improvement: Aggregated, anonymised analytics to improve user experience.

4. Data Sharing

We do not sell your personal data to third parties. We share data only with:

  • Partners: Your first name, last initial, and health/special requirement notes are shared with the practitioner for your booked experience. Your email, phone, and full address are never shared.
  • Payment providers: Stripe and Razorpay process payments on our behalf.
  • Email services: Resend delivers transactional and notification emails.
  • Cloud infrastructure: Supabase (database), Cloudflare (CDN and security), Vercel (application hosting).
  • Legal authorities: When required by law, court order, or to protect the safety of users.

5. Data Storage & Security

Your data is stored in encrypted databases hosted on Supabase infrastructure. All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

Access to personal data is restricted to authorised personnel only. All administrative access is logged in an immutable audit trail.

6. Data Retention

  • Active accounts: Data retained for the lifetime of your account.
  • Deleted accounts: Personal data anonymised within 30 days of account deletion. Booking and payment records retained for 7 years for tax compliance.
  • Consent records: Retained permanently as a legal audit trail (DPDPA requirement).
  • KYC documents: Retained for 5 years after partner account closure per regulatory requirements.

7. Your Rights

Under DPDPA and GDPR, you have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate or incomplete data.
  • Deletion: Request erasure of your personal data (subject to legal retention requirements).
  • Portability: Receive your data in a machine-readable format.
  • Withdraw consent: Opt out of marketing communications at any time from account settings.
  • Grievance redressal: Contact our Data Protection Officer for any privacy concerns.

To exercise any of these rights, contact us at privacy@vedohum.com.

8. Cookies

We use essential cookies to maintain your authentication session and preferences. We do not use third-party tracking cookies or advertising cookies. Analytics are collected using privacy-respecting, aggregated methods.

9. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. Continued use of the Platform after changes constitutes acceptance.

11. Contact & Grievance Officer

Data Protection Officer:
Vedohum Collective
Email: privacy@vedohum.com

For general enquiries: support@vedohum.com

Veda

Hey, I'm Veda, Let me Assist you..

Your Wellness Concierge

Powered by Vedohum AI

Veda

Hey, I'm Veda, Let me Assist you..

Your Wellness Concierge

Powered by Vedohum AI