Privacy Policy

Celabe Concierge is a wedding-planning service for Goa destination weddings, operated by Carson Rodrigues, a sole proprietor based in Goa, India (“we”, “us”). For everything in this policy, the data fiduciary (India) and data controller (UK/EU) is Carson Rodrigues. Privacy contact: rodriguescarson@gmail.com.

1. Information we collect

We collect only what the service needs. Specifically:

• Intake form details — both partners’ full names, your email address, your phone / WhatsApp number (optional), your wedding date (or best guess), guest count, budget range, venue preferences, the “feeling you want”, and any free-text notes you add. Free-text fields contain whatever you choose to write — please share only what is useful for planning.
• Planning records we create about your wedding — the AI-generated planning brief and budget allocation, vendor shortlists, quotes received, status notes, and drafted outreach messages to vendors (these drafts reference your first names and event details such as date, guest count and venue direction).
• Correspondence — emails and WhatsApp messages exchanged with you while planning, and the messages we send vendors on your behalf.
• Payment records — if you engage us, invoices and records of planning-fee payments. Card and bank details are handled by the payment gateway, not by us (see section 6).
• Routine technical data — we run no analytics and set no tracking cookies. Our hosting infrastructure keeps ordinary server logs (such as IP address and request time) for security and debugging only.

2. How we collect it

• Directly from you, through the intake form on this site.
• From your messages to us by email or WhatsApp during planning.
• Generated inside our planning tools as we work on your wedding (briefs, shortlists, quote comparisons, outreach drafts).

We do not buy data about you, enrich your profile from data brokers, or collect anything from social media.

3. How we use it

• To produce your planning brief — a budget split by vendor category, a booking timeline, and Goa-specific watchouts, generated with AI assistance (section 4).
• To source and book vendors — building shortlists from our Goa vendor network, drafting outreach, collecting quotes and comparing them against your budget.
• To communicate with you about your wedding — briefs, shortlists, quotes and approvals, by email and WhatsApp.
• To run the business — invoicing, accounting, tax filings and keeping records the law requires.

We do not sell your data, use it for advertising, or send marketing emails today. If we ever introduce a newsletter or marketing, it will be opt-in and you will be able to unsubscribe at any time.

4. AI processing

We are open about this because it is core to how the service works. To generate your planning brief and vendor outreach drafts, we send relevant wedding details to OpenRouter, Inc., a United States company, which routes the request to AI models operated by Anthropic, PBC (United States). What is sent: your first and last names, wedding date, guest count, budget range, venue preferences, and the free-text “vibe” and notes you wrote. Your email address and phone number are not sent to AI providers.

We do not use your data to train AI models. The retention and training practices of OpenRouter and Anthropic themselves are governed by their own terms, not ours.

5. Legal basis for processing

India (DPDP Act 2023). We process your personal data on the basis of the consent you give when you submit the intake form, and for certain legitimate uses recognised by the Act (such as processing necessary for the purpose you voluntarily provided the data for). You may withdraw consent at any time by writing to us; we will stop processing unless the law requires us to keep something (such as tax records).

UK / EU (GDPR and UK GDPR) — many of our couples are UK or EU residents planning a destination wedding. Our legal bases are:

• Contract (Art. 6(1)(b)) — processing needed to plan your wedding and to take the steps you request before engaging us (your intake, the brief, sourcing, quotes).
• Consent (Art. 6(1)(a)) — any future marketing communications, and optional data such as your phone number.
• Legitimate interests (Art. 6(1)(f)) — running and securing the service, keeping business records, and preventing fraud or abuse.
• Legal obligation (Art. 6(1)(c)) — tax and accounting records under Indian law.

6. Who we share data with

• Wedding vendors — to get you quotes we share event details: date, guest count, requirements, and your first names where a draft mentions them. We do not give vendors your email or phone number unless you ask us to introduce you directly. Outreach is sent from us, not from you.
• AI providers — OpenRouter, Inc. and Anthropic, PBC, as described in section 4.
• Hosting — your data is currently stored on infrastructure we manage ourselves. We plan to move the database to Supabase (a managed cloud Postgres provider); when we do, Supabase will become a subprocessor and we will update this policy with the hosting region.
• Payment gateway — when you pay our planning fee electronically we use a payment gateway (such as Razorpay). Your card or bank details go to the gateway directly and never touch our systems; we receive only a confirmation and reference.
• Professional advisers and authorities — accountants or lawyers under confidentiality, and public authorities where the law genuinely requires it.

We do not share data with advertising networks or data brokers. We do not sell data.

7. International transfers

We are based in India, so if you are in the UK or EU, planning your wedding with us means your data is transferred to and processed in India. AI processing (section 4) additionally takes place in the United States. India does not hold a UK or EU adequacy decision; we rely on the transfer being necessary to perform the contract you ask for (Art. 49(1)(b) GDPR) and, with processors, on contractual safeguards.

8. How long we keep data

You can ask us to delete your data sooner — see our Data Deletion Policy.

9. Your rights

If you are in India (DPDP Act 2023), as a Data Principal you have the right to:

• access a summary of the personal data we process about you and how we use it;
• correction and completion of inaccurate or incomplete data;
• erasure of data we no longer need to keep by law;
• grievance redressal through our Grievance Officer (section 10);
• nominate another person to exercise your rights if you are unable to;
• withdraw consent at any time, as easily as you gave it.

If you are not satisfied with our response, you may complain to the Data Protection Board of India.

If you are in the UK or EU (GDPR / UK GDPR), you have the right to: access your data; rectification; erasure; restriction of processing; data portability; objection (including to anything we do under legitimate interests); withdrawal of consent at any time; and to lodge a complaint with your supervisory authority — the ICO in the UK, or your national data protection authority in the EU.

To exercise any right, email rodriguescarson@gmail.com from the address you used on the intake form. We will verify it is you, and respond within 30 days. There is no charge.

10. Grievance Officer

As required by the DPDP Act 2023, our Grievance Officer is Carson Rodrigues (Goa, India), reachable at rodriguescarson@gmail.com. Grievances are acknowledged promptly and answered within 30 days of receipt. Please use the subject line “Grievance” so it is routed correctly.

11. Cookies

Essential cookies only — no tracking. This site uses no analytics, no advertising cookies, and no third-party trackers. The only cookies or similar storage that may be set are those strictly necessary to serve the site. If that ever changes, we will update this policy and ask for consent where the law requires it.

12. Security

• All traffic to the site is encrypted in transit (HTTPS).
• Access to planning data is restricted to the operator and anyone working on your wedding under confidentiality.
• We collect the minimum data the service needs, and delete on the schedule above.
• No system is perfectly secure. If a breach affects your personal data, we will notify you and the relevant authorities as the DPDP Act and GDPR require.

13. Children’s Data

Celabe Concierge is contracted by adults: you must be 18 or older to engage us, and we never knowingly collect personal data directly from anyone under 18. Under India’s DPDP Act 2023 (§9), a child is anyone under 18, and processing a child’s personal data requires the verifiable consent of a parent or lawful guardian.

Wedding planning does, however, inherently involve limited information about minors, supplied by you — guest counts broken down by age band, children’s meal counts, roles such as flower girl or ring bearer in event timelines, and requirements for children’s-entertainment vendors. When you give us any information about a minor, you do so as that child’s parent or lawful guardian, or you confirm that you hold the guardian’s consent to share it for planning your wedding.

Please share the minimum. Counts and age bands are all we need (“six children aged 4–10”). Do not put children’s names, photos or other identifying details in free-text notes — free-text fields are sent to AI providers as described in section 4.

We never track, profile, behaviourally monitor, or advertise to children. This is true by construction: we run no tracking, no behavioural monitoring and no advertising of any kind, for anyone (section 11), so the DPDP Act §9 prohibition on tracking and targeted advertising directed at children is met.

A parent or guardian may ask us to erase a minor’s data at any time via our Data Deletion Policy; we treat such requests with priority.

14. Changes to this policy

When we change this policy we will post the new version here with a new effective date. For material changes — new data types, new sharing, new purposes — we will email you before they take effect.

15. Contact

Carson Rodrigues, sole proprietor, Goa, India · rodriguescarson@gmail.com. We answer privacy questions within 30 days, usually much faster.