Privacy Policy
How we collect, use and protect personal data — for planners and their guests alike.
Last updated: 2 July 2026 · Effective: 2 July 2026
CHEKHMATE BY SPREEH | PRIVACY POLICY
This Privacy Policy explains how Chekh Innovations Private Limited (“Chekhmate”, “Platform,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data and other information when you access or use the Chekhmate application and its associated services. By using the Platform, you confirm that you have read, understood, and agree to the practices described in this Policy.
Chekhmate is a technology platform designed to help wedding planners and event professionals manage weddings and events digitally – including guest lists, RSVPs, event schedules, show flows, logistics, accommodation, travel details, and event-related documents. The Platform acts solely as a technology tool; it does not organise or execute events.
This Policy should be read together with our Terms and Conditions. Capitalised terms not defined herein shall have the meanings assigned to them in the Terms and Conditions.
1. Definitions
For the purposes of this Privacy Policy:
- “Planner” / “User” / “You” / “Your” refers to any wedding planner or event professional who registers on and uses the Platform.
- “Guest” refers to any individual whose details are uploaded or managed by a Planner through the Platform, including invitees, family members, and other event attendees.
- “Guest Data” refers to all personal data relating to Guests that is uploaded, entered, or managed by Planners on the Platform.
- “Personal Data” has the meaning ascribed to it under the DPDP Act, 2023 and includes any data about an individual who is identifiable by or in relation to such data.
- “Sensitive Personal Data or Information” (“SPDI”) has the meaning ascribed to it under the SPDI Rules and includes passwords, financial information, health data, biometric data, and similar categories as prescribed.
- “Data Fiduciary” has the meaning ascribed to it under the DPDP Act, 2023 and, in respect of information collected directly from Planners, refers to Chekhmate.
- “Third-Party Services” refers to external platforms, tools, or services that integrate with or support the Platform, including but not limited to WhatsApp Business API (via 360dialog), cloud hosting providers, and analytics tools.
2. Data Collection
To provide our platform services, Chekhmate collects the following categories of information:
Information Planner Provides to Platform
- Account Information: When you register for an account, we collect your name, email address, mobile number, business name (if applicable), and any other details necessary to verify and create your account.
- Event and Guest Information: To facilitate event planning, we collect details relating to your events (e.g., event name, date, time, venue, schedule, show flow) and Guest Data such as names, contact numbers, RSVP responses, accommodation preferences, travel details, and family/relationship information. All such data is uploaded by you, the Planner; Chekhmate does not independently collect data from Guests or third parties.
- Bride, Groom, and Family Details: Contact details and other relevant personal information of the bride, groom, and their families, as uploaded by the Planner for event coordination purposes.
- Communication Data: If you use our WhatsApp Business API integration (via 360dialog) or other communication tools to send invitations, reminders, or updates to Guests, we may collect message metadata, delivery reports, and interaction logs.
- Vendor Details: Information relating to vendors engaged for events, including contact names, business names, and service descriptions, as uploaded by you.
- Documents and Media: Any documents, images, or files you upload to the Platform for event management purposes.
- Support and Communications: When you contact our support team, we collect the details of your enquiry, including timestamps, attachments, and communication history.
Information Platform Collects Automatically
We collect certain data automatically to enhance Platform security, performance, and user experience:
- Usage Data: Information about how you interact with the Platform, such as features used, pages viewed, actions taken, session duration, and referring URLs. This data may be collected through cookies and similar technologies.
- Device and Technical Data: Your IP address, device type, operating system, browser type and version, and other technical identifiers to maintain Platform compatibility and security.
- Third-Party Integration Data: If you use the WhatsApp Business API integration, we may receive limited data necessary for the integration to function (e.g., delivery status, recipient identifiers). Such services handle your data independently in accordance with their own privacy policies.
Information Platform Does Not Collect
Chekhmate does not collect or store payment card numbers, banking credentials, or other sensitive financial information. Chekhmate does not independently collect personal data from Guests – all Guest Data is provided by Planners.
3. Data Processing
Chekhmate processes personal data in accordance with the DPDP Act, 2023, the IT Act, 2000, and the SPDI Rules. The lawful bases on which we rely include:
- Consent: We process your personal data with your explicit consent, such as when you create an account, upload Guest Data, connect your WhatsApp Business number, or opt in to receive notifications and communications. You may withdraw your consent at any time by contacting us (see Section 12 below). Withdrawal of consent may limit your ability to use certain features of the Platform.
- Performance of a Contract: We process your data as necessary to fulfil our contractual obligations to you, including creating and managing your account, enabling event planning and guest management, facilitating communication workflows, and providing support.
- Legitimate Interests: We may process certain data based on our legitimate interests, provided those interests are not overridden by your rights. This includes improving Platform usability and performance, securing accounts, detecting fraud, conducting internal analytics, and responding to enquiries.
- Lawful collection:You are responsible for ensuring that any personal data you upload to the Platform – particularly Guest Data – has been collected lawfully and that you have obtained the necessary consent or other lawful basis to share such data with Chekhmate for processing.
4. Data Use
Chekhmate uses the information collected for the following purposes:
- Service Delivery and Core Features: To create and manage your account; to enable event setup, guest list management, RSVP tracking, schedule management, and logistics coordination; to store and organise event-related documents and media.
- Communication Workflows: To facilitate invitations, updates, and reminders sent by Planners to Guests via the WhatsApp Business API integration or other communication tools; to respond to support enquiries and provide Platform notifications.
- Platform Security and Fraud Prevention: To monitor login activity and access logs; to detect unauthorised access, suspicious behaviour, or potential misuse; to maintain Platform integrity and safeguard data.
- Legal and Regulatory Compliance: To retain records for audit, tax, or regulatory purposes; to comply with applicable laws; to respond to lawful requests from public authorities.
- Platform Improvement and Analytics: To analyse how users interact with the Platform and improve navigation, features, and user experience; to run internal analytics for system performance; to improve future versions of the product through anonymised or aggregated insights.
- Third-Party Integrations: To enable the WhatsApp Business API integration (via 360dialog) and ensure it functions smoothly.
- Limitations: Chekhmate does not sell or rent your personal data or Guest Data.
5. Data Sharing and Disclosure
We limit the sharing of your personal information to what is necessary to provide and support our services:
- Authorised Employees: Your information may be accessed by authorised Chekhmate personnel on a need-to-know basis, subject to strict confidentiality obligations.
- Trusted Service Providers: We may share data with third-party service providers who assist us in operating the Platform, including cloud hosting and storage providers, analytics providers, and customer support tools. These partners are contractually bound to use your data only for the services they provide and must delete or return data once processing is complete, unless otherwise required by law.
- WhatsApp Business API (360dialog): If you use the WhatsApp integration, limited information (e.g., recipient contact details, message metadata) may be shared with 360dialog to enable the integration. You are encouraged to review the privacy policies of 360dialog and WhatsApp, as they process data independently.
- Legal and Regulatory Disclosures: We may disclose your information to comply with applicable laws or legal processes; in response to court orders, law enforcement requests, or government enquiries; or to investigate fraud, enforce agreements, or protect the rights and safety of Chekhmate and its users.
- With Your Consent or Instruction: We may share your information when you explicitly direct us to do so.
- Business Transfers: If Chekhmate undergoes a merger, acquisition, asset sale, or corporate restructuring, your information may be transferred as part of that transaction. We will ensure that such transfers are conducted securely and in accordance with this Privacy Policy.
- Anonymised Data: We may use or share de-identified or anonymised data for internal research, product development, and system optimisation. Such data does not identify you or your Guests.
6. Data Storage and Security
Storage
Your data is stored on secure cloud infrastructure provided by trusted third-party hosting providers, with servers located in India. Data is retained only for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by applicable law.
Security Measures
Chekhmate implements industry-standard security practices to protect against unauthorised access, loss, misuse, or alteration of your data. These measures are designed to comply with the “reasonable security practices and procedures” required under Section 43A of the IT Act and the SPDI Rules, including adherence to IS/ISO/IEC 27001 or equivalent standards.
Incident Response and Breach Notification
Chekhmate maintains an incident response plan. In the event of a data breach, we will take appropriate steps to contain the incident, notify affected users as required by law (including under the DPDP Act, 2023 and the IT Act, 2000), and work to remediate any harm.
No Absolute Guarantee
Whilst we implement robust security measures, no internet-based platform can guarantee absolute security. By using the Platform, you acknowledge and accept this inherent risk.
7. Data Retention and Deletion
- Retention Period: We retain your personal data for as long as your account is active and you are using the Platform, as needed to deliver services or fulfil legal, accounting, or regulatory obligations, and for a limited period after account deactivation or inactivity.
- Deletion Requests: You may request deletion of your personal data at any time by emailing us at chekhmate@spreeh.com. We will verify your identity and, where eligible, process the request within a reasonable timeframe. Certain data may be retained in backups for disaster recovery or auditing purposes, and we may decline a deletion request if the data is necessary for legal compliance, resolving disputes, or enforcing our rights.
- Inactivity-Based Deletion: If your account remains inactive for an extended period (e.g., 12 months), we may deactivate or delete your account and associated data. You will be notified in advance and given the opportunity to reactivate.
- Planner Responsibilities: If you are a Planner who uploads Guest Data, you are responsible for managing and, where appropriate, deleting such data in accordance with applicable data protection laws. Upon deletion of your account, associated Guest Data may also be removed unless retention is required under a lawful basis.
- Impact of Deletion: Deletion of your personal data may affect your ability to use certain features of the Platform. Once deleted, information cannot be restored.
8. User Rights Under the DPDP Act, 2023
As a user of the Chekhmate Platform, you have the following rights under the Digital Personal Data Protection Act, 2023:
For the purposes of applicable law, the Data Fiduciary with respect to information collected directly from Planners is:
- Company Name: Chekh Innovations Private Limited
- Entity Type: Private Limited
- Registered Office:E 309, Room A, Crystal Plaza Premises, C.S.L New Link Road, Opp Infinity Mall, Andheri West, Mumbai, Maharashtra, India – 400053.
Important: Chekhmate is considered your Data Fiduciary only with respect to the information we collect directly from you, the Planner. If you collect personal data from Guests or other individuals through the Platform, you are the Data Fiduciary for that data and are responsible for ensuring compliance with the DPDP Act, 2023 in handling and processing that information.
- Right to Access: You have the right to know whether Chekhmate is processing your personal data and, upon request, to receive a summary of the personal data we hold about you and details of how it is being used.
- Right to Correction: You have the right to request the correction or updating of any inaccurate, incomplete, or outdated personal data we hold about you.
- Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent, or when you believe your data is being processed unlawfully. This right may be subject to exceptions where data must be retained for legal reasons.
- Right to Withdraw Consent: Where the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the legality of processing conducted before withdrawal but may affect your ability to use certain features of the Platform.
- Right to Grievance Redressal: You have the right to file grievance with our Grievance Officer (see Section 13 below). We will respond within the timeline prescribed under the DPDP Act, 2023 and any rules framed thereunder.
To exercise any of the above rights, please contact us at chekhmate@spreeh.com. We reserve the right to refuse a request if you are not entitled to the right you seek to enforce.
9. Compliance With the IT Act and SPDI Rules
In addition to the DPDP Act, Chekhmate complies with the Information Technology Act, 2000 and the SPDI Rules:
- Sensitive Personal Data or Information (SPDI): Where any SPDI (as defined under the SPDI Rules) is collected or processed, we do so only with your prior informed consent and for a lawful purpose connected with a function or activity of the Platform.
- Reasonable Security Practices: Chekhmate implements comprehensive information security practices and procedures consistent with IS/ISO/IEC 27001 or equivalent standards, as required under Section 43A of the IT Act and Rule 8 of the SPDI Rules.
- Collection Limitation: We collect only such personal data as is necessary for the purposes identified in this Policy and do not retain it for longer than is required.
- Disclosure Restrictions: SPDI is not disclosed to third parties without your prior consent, except as required by law or as necessary for the performance of a lawful contract.
- Grievance Redressal: A Grievance Officer has been designated in accordance with Rule 5(9) of the SPDI Rules and Section 28 of the DPDP Act (see Section 13 below).
10. WhatsApp Business API Integration
Chekhmate enables Planners to connect their WhatsApp Business number through API integration using our official partner, 360dialog.
- Planner Control:The WhatsApp Business account remains under the Planner’s control. Chekhmate only facilitates the technical integration and does not control or manage the Planner’s WhatsApp account or the content of messages sent through it.
- Data Sharing: Limited data (such as recipient contact details and message metadata) may be transmitted to 360dialog and WhatsApp to enable messaging functionality. These third-party services process data independently in accordance with their own privacy policies.
- Planner Responsibility:When using this feature, Planners must comply with WhatsApp’s Terms of Use and messaging guidelines, as well as applicable data protection laws. Chekhmate is not responsible for any restrictions, delays, or disruptions caused by WhatsApp or 360dialog.
11. Children’s Privacy
The Chekhmate Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data directly from children under 18. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take prompt steps to delete or anonymise such information.
If you are a Planner submitting Guest Data that includes information relating to minors (e.g., for family events), you confirm that you have obtained the necessary consent from the child’s parent or legal guardian, in compliance with the DPDP Act, 2023.
12. Opt Out and Withdrawing Consent
You have the right to withdraw your consent for the collection, use, or sharing of your personal data at any time:
- Marketing Communications:You may opt out of promotional communications at any time by clicking the “unsubscribe” link in our emails or by contacting us at chekhmate@spreeh.com. You may still receive non-promotional communications relating to your account or ongoing events.
- Third-Party Integrations: You may manage your data-sharing preferences for third-party integrations (e.g., WhatsApp) via your account settings or by contacting support. Opting out of certain integrations may limit your ability to use related features.
- Cookies and Tracking Technologies: You can manage cookie preferences and disable certain types of tracking by adjusting your browser settings or using any cookie consent tools on our Platform.
- General Withdrawal of Consent: You may withdraw your consent for data processing at any time by contacting us at chekhmate@spreeh.com. We will process such requests promptly, subject to any legal or operational limitations.
13. Grievance Officer
In accordance with Section 28 of the DPDP Act, 2023 and Rule 5(9) of the SPDI Rules, Chekhmate has designated the following Grievance Officer:
- Name: Bhuveer Kodnani
- Designation: Grievance Officer
- Email: bhuveer.kodnani@spreeh.com
- Postal Address:E-309, Room A, Crystal Plaza Premises, C.S.L New Link Road, Opp Infinity Mall, Andheri West, Mumbai, Maharashtra, India – 400053.
To assist us in responding effectively, please write from your registered email address and include your full name, a description of your concern or complaint, and any relevant screenshots, timestamps, or reference numbers.
We will acknowledge your grievance and aim to resolve it in the timelines required under applicable law.
14. Platform Role and Limitation of Liability
Chekhmate is a technology platform only. It does not organise, plan, or execute events and is not responsible for:
- (a) Event execution or vendor services;
- (b) Guest communication outcomes, including message delivery, guest responsiveness, or restrictions imposed by WhatsApp or other third-party services;
- (c) Inaccuracies, errors, or omissions in data uploaded by Planners; and
- (d) Event-related disputes or losses.
All planning and operational responsibility remains with the Planner using the Platform.
15. Third-Party Links and Services
The Platform may contain links to external websites, services, or applications that are not owned or operated by Chekhmate. We do not control, endorse, or assume responsibility for the content, policies, or practices of any third-party site or service. We encourage you to review the privacy policies of any third-party service you use in connection with the Platform.
16. Responding to Legal Requests
We may access, preserve, and disclose your personal information in response to lawful requests from government authorities, courts, law enforcement agencies, or regulatory bodies when we have a good faith belief that such disclosure is required by applicable law. This includes compliance with court orders, subpoenas, and lawful investigative demands.
We may also access, preserve, or share your information if we believe in good faith that doing so is necessary to detect, prevent, or investigate fraud or illegal activity; to protect the rights, safety, or property of Chekhmate, our users, or the public; or to prevent imminent physical harm.
17. Governing Law and Dispute Resolution
Unless otherwise required by applicable law, any dispute arising out of or in connection with this Privacy Policy shall be governed by the laws of India, without regard to conflict of law principles. Disputes shall be subject to the exclusive jurisdiction of the courts of Mumbai, India.
18. Updates to This Policy
We may update, revise, or amend this Privacy Policy from time to time. When we make material changes, we will provide notice through email, in-app notifications, or on the Platform.
It is your responsibility to review this Policy periodically. Your continued use of the Platform after changes have been posted constitutes your acceptance of the updated Policy.
19. Contact Us
If you have any questions about this Privacy Policy or Chekhmate’s data practices, please contact us at:
- Email: chekhmate@spreeh.com
- Postal Address:E-309, Room A, Crystal Plaza Premises, C.S.L New Link Road, Opp Infinity Mall, Andheri West, Mumbai, Maharashtra, India – 400053.