Privacy Policy

1. Overview

AstroKamya Technologies ("AstroKamya," "we," "us," "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, mobile application, and services.

This policy complies with the Digital Personal Data Protection (DPDP) Act, 2023, the DPDP Rules, 2025, the Information Technology Act, 2000, and the IT (Reasonable Security Practices) Rules, 2011.

      Data Fiduciary: Under the DPDP Act, AstroKamya acts as a "Data Fiduciary" — it determines the purpose and means of processing your personal data. You, as the user, are the "Data Principal."
    

2. Data We Collect

2.1 Information You Provide Directly

Data Category	Examples	Purpose
Identity Data	Full name, profile picture	Account creation, personalization
Contact Data	Email address, phone number	Authentication, notifications, customer support
Birth Data	Date of birth, time of birth, place of birth	Astrological chart calculations, AI predictions
Payment Data	Billing name, transaction ID	Subscription management, invoicing
Preferences	Language, notification settings, topic interests	Service personalization

2.2 Information Collected Automatically

Data Category	Examples	Purpose
Device Data	IP address, browser type, device model, OS version	Security, troubleshooting, analytics
Usage Data	Pages viewed, features used, reading history, session duration	Service improvement, personalization
Location Data	Country (from IP address), timezone	Localized horoscopes, regional content
Cookies	Session tokens, preference cookies	Authentication, remembering settings

2.3 Information from Third Parties

Source	Data Received	Purpose
Google SSO	Name, email, profile picture	Quick, secure sign-in
Facebook SSO	Name, email, profile picture	Quick, secure sign-in
Razorpay	Payment status, transaction ID	Payment confirmation

3. Sensitive Personal Data

We understand that birth data (date, time, and place of birth) may be considered sensitive personal information. We treat it with the highest level of security:

Birth data is encrypted at rest using AES-256 encryption
Birth data is encrypted in transit using TLS 1.3
Birth data is used only for astrological calculations and predictions
Birth data is never sold, shared for advertising, or used for profiling beyond our Services
You can request complete deletion of your birth data at any time

4. How We Use Your Data

4.1 Primary Purposes (Consent-Based)

Service Delivery: Generate birth charts, AI predictions, horoscopes, compatibility reports
Account Management: Create and maintain your user account
Payment Processing: Manage subscriptions, process payments, generate invoices
Communication: Send reading notifications, account alerts, customer support

4.2 Secondary Purposes (Legitimate Interest)

Service Improvement: Analyze usage patterns to improve AI accuracy and user experience
Security: Detect and prevent fraud, abuse, and unauthorized access
Analytics: Aggregate, anonymized data for platform improvement (no individual identification)

4.3 Marketing (Opt-in Only)

Promotional emails about new features, offers, or content
You can opt out at any time via email preferences or by contacting us
We never send unsolicited SMS/WhatsApp messages for marketing

      Key Principle: We do NOT sell your personal data. We do NOT share your birth data with advertisers. We do NOT use your data for targeted advertising by third parties.
    

5.1 Service Providers

We share limited data with trusted service providers who help us operate the platform:

Provider	Data Shared	Purpose
Cloudflare	IP, request metadata	CDN, DDoS protection, performance
Razorpay	Payment details	Payment processing
Google (SSO)	Auth tokens	Social login authentication

All service providers are contractually bound to protect your data and use it only for the specified purpose.

5.2 Legal Disclosure

We may disclose data if required by:

A valid court order or government authority directive
The Information Technology Act, 2000 or DPDP Act, 2023 requirements
Law enforcement requests in accordance with Indian law
To protect the safety or rights of our users or the public

5.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change and given the opportunity to delete your data.

6. Data Retention

Data Type	Retention Period	Basis
Account data	Until account deletion + 30 days	Service delivery
Birth data	Until account deletion	Consent
Payment records	7 years	Tax/legal compliance (IT Act, GST)
AI reading history	Until account deletion	Service delivery
Server logs	90 days	Security, debugging
Anonymous analytics	Indefinitely	Legitimate interest

After the retention period or upon valid deletion request, data is permanently erased or irreversibly anonymized.

7. Your Rights (Data Principal Rights)

Under the DPDP Act, 2023, you have the following rights:

7.1 Right to Access

You can request a summary of your personal data we hold and how it is being processed.

7.2 Right to Correction

You can update or correct your personal data through your account settings or by contacting us.

7.3 Right to Erasure

You can request deletion of your personal data. We will process your request within 30 days, subject to legal retention requirements.

7.4 Right to Withdraw Consent

You can withdraw consent for data processing at any time. The process for withdrawal is as simple as the process for providing consent. Note: withdrawing consent may limit your ability to use certain Services.

7.5 Right to Grievance Redressal

If you believe your data rights have been violated, you can:

Contact our Grievance Officer (see Section 12)
If unsatisfied, file a complaint with the Data Protection Board of India

7.6 Right to Nominate

In the event of death or incapacity, you may nominate another individual to exercise your data rights on your behalf, as provided under the DPDP Act.

How to Exercise Your Rights

To exercise any of these rights, contact us at care@astrokamya.com with the subject line "Data Rights Request." We will respond within 48 hours and fulfill your request within 30 days.

8. Data Security

We implement industry-standard security measures:

Encryption: AES-256 encryption at rest, TLS 1.3 in transit
Authentication: JWT-based tokens, bcrypt password hashing, optional 2FA
Infrastructure: Cloudflare edge network, DDoS protection, rate limiting
Access Control: Role-based access, principle of least privilege
Monitoring: Real-time security monitoring and anomaly detection
Backups: Encrypted automated backups with geo-redundancy

Breach Notification

In the event of a personal data breach, we will:

Notify the Data Protection Board of India as required
Inform affected users via email within 72 hours of discovery
Take immediate steps to contain and remediate the breach
Provide affected users with guidance on protective measures

9. Children's Data

Our Services are intended for users 18 years of age and older.

We do not knowingly collect data from children under 18 without verifiable parental consent
If we become aware that a child under 18 has provided data without consent, we will delete it promptly
We do NOT engage in targeted advertising or behavioral monitoring of children
Parents/guardians can contact us to manage or delete their child's data

10. Cookies & Tracking Technologies

10.1 Essential Cookies

Required for the platform to function. These include:

Session authentication tokens
CSRF protection tokens
User preference storage

10.2 Analytics Cookies

We use privacy-respecting analytics to understand platform usage. Data is aggregated and does not identify individual users.

10.3 No Advertising Cookies

We do NOT use third-party advertising cookies, tracking pixels, or fingerprinting technologies for ad targeting.

11. Cross-Border Data Transfers

Your data is primarily stored on servers operated by Cloudflare. Some data may be processed in jurisdictions outside India for Service delivery purposes. In such cases:

We ensure adequate data protection measures are in place
Transfers comply with the DPDP Act requirements
We do not transfer data to jurisdictions restricted by the Central Government

12. Grievance Officer

In compliance with Section 13 of the IT Act, 2000 and the DPDP Act, 2023:

Name: Sumit Pramanik
Designation: Founder, Data Protection Officer & Grievance Officer
Email: care@astrokamya.com
Response time: Within 48 hours of receipt
Resolution time: Within 30 days

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via:

Email notification to registered users
In-app notification banner
Updated "Last Updated" date on this page

Changes take effect 15 days after notification for material changes.

14. Contact Us

For privacy-related questions or concerns:

Email: care@astrokamya.com
Subject line: "Privacy Inquiry"
Website: astrokamya.com