Privacy Policy

1. Who We Are

HeartCraft ("we", "us", "our") operates birthday.myheartcraft.com — a service that lets you create personalized virtual birthday experiences and share them as links. Our parent brand is MyHeartCraft (myheartcraft.com).

For questions, contact us at: contacttheheartcraft@gmail.com

2. What Data We Collect

• Name & Date of Birth — of the birthday recipient, entered by you to personalize the bash.
• Letter content — the personal message you write, stored to render the experience for the recipient.
• Payment data — processed securely by Razorpay and/or Paytm. We never store your card or UPI credentials.
• Session ID — a randomly generated identifier stored in localStorage to track your creation session. It is not linked to your identity.
• Usage analytics — page views, clicks, and interaction events collected via Meta Pixel (Facebook) and Microsoft Clarity, only if you consent.
• IP address & browser metadata — collected automatically by our hosting infrastructure for security and performance monitoring.

3. How We Use Your Data

• To generate and host the personalized birthday bash link you share.
• To process your one-time payment (₹199).
• To send you the shareable link after payment.
• To improve the product using aggregated, anonymised analytics.
• To troubleshoot errors and monitor uptime.

We do not sell your data to third parties.

4. Cookies & Tracking

We use cookies and similar technologies for the following purposes:

• Strictly necessary — session management (localStorage), payment security. Cannot be disabled.
• Analytics (consent required) — Meta Pixel (ID: 2026450284755012) and Microsoft Clarity (ID: vaq94q5ecx) fire only after you click "Accept" in our cookie banner.

You can withdraw consent at any time by clearing your browser data or contacting us.

5. Third-Party Services

• Razorpay — payment gateway. Privacy policy →
• Meta (Facebook) — conversion tracking. Privacy policy →
• Microsoft Clarity — session recording & heatmaps. Privacy policy →

6. Data Retention

Birthday bash data (name, date, letter) is retained for as long as the shareable link is active — typically 1 year after creation. Payment records are retained for 7 years for legal/tax compliance.

7. Your Rights

Depending on your jurisdiction (DPDP Act, GDPR, CCPA), you may have the right to:

• Access the personal data we hold about you.
• Request deletion of your data.
• Withdraw consent for analytics at any time.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email contacttheheartcraft@gmail.com.

8. Updates to this Policy

We may update this policy from time to time. We will post the new version on this page with an updated "Last updated" date.