Privacy Policy
Effective 2026-05-22 · Last updated 2026-05-22
This Privacy Policy describes how Eena Private Limited ("we", "us") collects, uses, and shares personal information when you use beyondRegular (the "Service") or visit our website. We are committed to handling your data in accordance with the Digital Personal Data Protection Act, 2023 (India), the General Data Protection Regulation (EU), and other applicable laws.
1. Who We Are
Eena Private Limited is a private limited company incorporated in India.
- Registered office: [14, RADHA KISHNA NAGAR, OLD NO. D03 B13,], [DD NAGAR, Dharamshala [D.D. Nagar], ], [GWALIOR], [MADHYA PRADESH] [474005], India
- CIN: [U62013MP2026PTC081331]
- Data protection contact: connect@eenaverse.com
2. Information We Collect
2.1 Information You Provide
- Account data: name, email address, hashed password (or Google OAuth identifier).
- Brand profile: brand name, brand color, default CTA text.
- Customer Content: videos and images you upload, video metadata (heading, price, product link, etc.).
- Billing data: billing country, currency, applied coupon codes, and subscription history. We do NOT store payment card numbers - those are handled exclusively by Dodo Payments.
- Support communications: messages sent via the contact form, including the message body and your IP address.
2.2 Information We Collect Automatically
- Authentication: session cookies (HTTP-only, secure flag), login timestamp, login attempt counts, account lockout state.
- Geolocation: your country (from your IP address via Vercel/Cloudflare headers) - used solely to determine billing currency.
- Widget analytics: when shoppers interact with a beyondRegular widget on your storefront, we collect anonymous event data: impression count, click count, CTA-click count, fullscreen opens, and a session-scoped random ID. No shopper personal data is collected.
2.3 What We Do NOT Collect
- Shopper personal data (no names, no emails, no phone numbers from your storefront visitors).
- Payment card details.
- Health, financial, or other sensitive categories.
3. How We Use Your Information
We use the data we collect to:
- Provide, operate, and maintain the Service
- Authenticate you and secure your account (rate limiting, lockout, password reset)
- Process subscription payments via Dodo Payments
- Send transactional emails (verification, password reset, payment receipts, subscription status)
- Send lifecycle and product emails only with your consent (you can opt out from settings → notifications)
- Compute and display widget analytics on your dashboard
- Detect and prevent fraud, abuse, and violations of our Terms
- Comply with legal obligations
4. Legal Basis for Processing (GDPR)
- Contract performance: account creation, subscription processing, service delivery
- Legitimate interest: security, fraud prevention, service improvement
- Consent: marketing emails, optional analytics
- Legal obligation: tax records, complying with court orders
5. Third-Party Service Providers
We share data only with the following processors, each contractually bound to confidentiality:
| Service | Purpose | Data shared |
|---|---|---|
| Dodo Payments | Subscription billing | Email, name, billing country |
| Resend | Transactional + lifecycle email | Email, name, message content |
| Cloudflare R2 | Video / image storage | Customer Content |
| Turso (libSQL) | Database hosting | All structured app data |
| Vercel | App hosting + edge geo lookup | IP, request headers |
| Google (OAuth) | Optional sign-in | Email, name (with your consent only) |
We do NOT sell personal data. We do NOT share data for advertising. We do NOT use your data to train machine-learning models.
6. Data Retention
- Account data: retained while your account is active and for 90 days after deletion (to allow recovery in case of accidental deletion).
- Customer Content: deleted when you delete a preset or close your account. Backups purged within 30 days.
- Analytics events: retained for 13 months (enough for year-over-year analysis), then aggregated.
- Billing records: retained for 8 years per Indian Income Tax Act requirements.
- Contact form messages: retained for 2 years for support quality and dispute resolution.
7. International Transfers
Some processors (Vercel, Resend, Cloudflare) operate globally. When data is transferred outside India, we rely on Standard Contractual Clauses or equivalent legal mechanisms. Indian customer data is stored on Turso's AWS ap-south-1 (Mumbai) region by default.
8. Your Rights
Subject to applicable law, you have the right to:
- Access: request a copy of your personal data
- Rectify: correct inaccurate data (most fields are editable in account settings)
- Erase: delete your account and associated data (Settings → Account → Delete account, with email confirmation)
- Object: withdraw consent for marketing emails (Settings → Notifications)
- Port: request export of your data in a machine-readable format - email connect@eenaverse.com
- Complain: lodge a complaint with the Data Protection Board of India or your local regulator
9. Security
- Passwords hashed with bcrypt (cost factor 10)
- HTTPS enforced on all endpoints (Vercel)
- Database connections encrypted via TLS (Turso)
- Webhooks signed with HMAC-SHA256 (Dodo Payments)
- Rate limiting on authentication endpoints to prevent brute force
- Account lockout after 10 failed login attempts
- No payment card data ever touches our servers (handled by Dodo)
If you become aware of a security vulnerability, please email connect@eenaverse.com with details. We will acknowledge within 48 hours.
10. Cookies
We use a minimal set of cookies:
- Session cookie (essential) - keeps you logged in. HTTP-only, secure, SameSite=Lax.
- CSRF token (essential) - protects form submissions.
- Geolocation header (essential, not stored) - Vercel/Cloudflare provide your country code on each request for currency display.
We do not use third-party analytics, advertising, or tracking cookies on the dashboard.
11. Children
The Service is not directed at users under 18. We do not knowingly collect personal data from children. If you believe we have, please contact us at connect@eenaverse.com.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified by email at least 30 days before they take effect.
13. Contact
For any privacy-related question or request, contact us at connect@eenaverse.com or write to:
Eena Private Limited
[14, RADHA KISHNA NAGAR, OLD NO. D03 B13,], [DD NAGAR, Dharamshala [D.D. Nagar], ], [GWALIOR], [MADHYA PRADESH] [474005], India