This Privacy Policy explains what personal information shvigo.com(“Shvigo”) collects, why we collect it, and how we use and protect it.
1. What we collect
We collect only what is necessary to run the service.
- Email address — collected when you start the unlock flow and verified with a one-time code. Used to identify your account, send the OTP, and email purchase confirmations.
- Purchase records — which itinerary you bought, the amount, the Razorpay order ID, and a timestamp. Used to grant you continued access and for accounting.
- Session cookies — a single encrypted cookie (HTTP-only, SameSite=Lax) that keeps you signed in. The cookie contains an opaque session token; it does not store your email or any personal data in readable form.
- Server logs — anonymized request logs (IP, user agent, route, time) retained for up to 30 days for security and debugging.
We do not collect your name, address, phone number, or any government ID. We do not use any third-party advertising trackers, analytics that fingerprint users, or social media pixels at this time.
2. Payment information
All payment information (cards, UPI, netbanking) is processed by Razorpay. Shvigo never sees or stores your full card number, CVV, UPI PIN, or banking credentials. Razorpay's privacy practices are described at razorpay.com/privacy.
3. Email
Transactional emails (OTP and purchase confirmations) are sent through Resend. Resend processes your email address solely for delivery. We do not send marketing emails. If we ever start a newsletter, it will be opt-in only.
4. How we use your information
- To verify your identity and sign you in
- To deliver the itineraries you have purchased
- To send purchase confirmations and access links
- To prevent abuse, detect fraud, and protect the service
- To comply with legal obligations (tax records, lawful requests)
5. Who we share it with
We share the minimum data necessary with the following service providers, each acting under a confidentiality and data-protection obligation:
- Razorpay — payment processing
- Resend — transactional email delivery
- Neon / Vercel — database and hosting infrastructure
We do not sell, rent, or trade your personal information to third parties for marketing.
6. How long we keep your data
- Account email and purchases: retained as long as you maintain access to your purchases.
- OTP codes: deleted from the database within 10 minutes (the code's validity window) or upon use.
- Server logs: up to 30 days.
7. Your rights
You can request a copy of your data, ask us to correct an error, or request deletion of your account by emailing hello@shvigo.com. Note that deleting your account also revokes access to any itineraries you have purchased.
8. Cookies
We use a single essential cookie to keep you signed in. This cookie is strictly necessary for the service to function and does not require consent under most jurisdictions. No advertising or analytics cookies are set.
9. Children
Our service is not intended for children under 18. We do not knowingly collect data from minors. If you believe a child has provided us information, please email us and we will delete it.
10. Security
We take reasonable measures to protect your data, including encrypted transport (HTTPS), hashed OTPs, signed session cookies, and a least-privilege approach to data access. However, no system is perfectly secure — please use a strong unique password for your email account.
11. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date reflects the most recent change. Material changes will be announced on the website.
12. Contact
For privacy questions, email hello@shvigo.com.