Privacy Policy
Effective: 10 May 2026Updated: 18 May 2026Applies to: All users of astroayodhya.com and the AstroAyodhya mobile app on Android and iOS
1.Data Fiduciary (Controller)
Laraware Private Limited (CIN U62099UP2023PTC198188) is the Data Fiduciary under the DPDP Act 2023 and Data Controller under GDPR for all personal data collected on AstroAyodhya.com.
- Registered Address: B-2/64, Vibhutikhand, Gomtinagar, Lucknow, UP — 226010
- Privacy Contact: privacy@astroayodhya.com
- Grievance Officer: grievance@astroayodhya.com
- Phone: +91-7314621515
2.Data We Collect
| Category | Data Points | Purpose |
|---|---|---|
| Identity | Name, gender, date of birth, time of birth, place of birth | Kundali generation, personalisation |
| Contact | Email address, phone number | Account, OTP, notifications |
| Account | Password (hashed), Google sub ID, login history | Authentication |
| Astrological | Birth chart (Lagna, planets, dashas) | Core service delivery |
| Payment | Order ID, amount, gateway reference (Razorpay / Stripe) | Billing and receipts |
| Device / Usage | IP address, browser/OS, pages visited, session duration | Security, analytics |
| Mobile device | Device model, OS version, unique device ID, app version, network type (WiFi/mobile) | App functionality, fraud prevention |
| Push notifications | FCM token (Android) / APNs token (iOS) | Booking reminders, rashifal, order updates (with consent) |
| Diagnostics | Crash logs, error stack traces (anonymised) | App stability (Sentry) |
| Communications | Support messages, consultation notes | Customer service |
| Physical | Shipping address, gotra (for puja sankalp only) | Product delivery, puja services |
Data We Do NOT Collect
- Card numbers, CVV, UPI IDs, or bank account details — handled exclusively by Razorpay, Stripe, Apple, or Google
- Contacts, call logs, or SMS — we never request these permissions
- Precise real-time GPS location — coarse location only for panchang city, with your permission
- Face recognition or biometric data — Face ID / Touch ID is processed entirely by your device OS
- Background location tracking — we never track location in the background
- Photos or camera roll content — camera access only during live Acharya video consultations
We do NOT sell, rent, or trade your personal data to advertisers or data brokers.
3.Sensitive Data — Birth Data Special Protection
Birth Data is Sensitive Personal Data under the DPDP Act 2023. Your date, time, and place of birth is the basis for astrological analysis.
- AES-256 encryption at rest; TLS 1.3 in transit
- Stored on AWS Mumbai (ap-south-1), India — data stays in India
- Never sold or shared with third parties for commercial purposes
- Used only for astrological services you request
- Shared with empanelled Acharyas only when you book a consultation or forecast review
4.How We Use Your Data
- Account creation, authentication, and security (OTP, 2FA)
- Generating your Vedic kundali, rashifal, panchang, and tools
- Creating and delivering paid forecast reports (AI + Acharya review)
- Scheduling and conducting live Acharya consultations
- Processing puja bookings and prasad delivery
- Fulfilling physical product orders
- Sending transactional WhatsApp/email notifications (booking confirmations, reminders)
- Customer support and grievance resolution
- Fraud detection and platform security
- Improving our AI models and services (aggregated, anonymised)
- Complying with legal obligations under Indian law
5.Legal Basis for Processing
| Processing Activity | Legal Basis |
|---|---|
| Account creation and core service delivery | Contract performance (Article 6(1)(b) GDPR / DPDP consent) |
| Kundali and astrological computation | Contract performance + Legitimate interest |
| Marketing emails / WhatsApp (opted-in only) | Consent (freely given, withdrawable) |
| Analytics and platform improvement | Legitimate interest (anonymised) |
| Legal compliance (GST, IT Act) | Legal obligation |
| Fraud prevention | Legitimate interest |
6.Data Security
- All birth data (PII) is encrypted at rest using AES-256 encryption.
- All data in transit is protected by TLS 1.3 / HTTPS.
- Passwords are hashed using bcrypt — we cannot see your password.
- Access to personal data is restricted to authorised personnel on a need-to-know basis.
- We conduct periodic security audits and vulnerability assessments.
- In the event of a data breach, we will notify affected users within 72 hours per DPDP Act requirements.
Logs and error reports are scrubbed of all PII before storage. We follow the 'Privacy by Design' principle across our infrastructure.
7.Third Parties We Share Data With
We share minimum necessary data with the following trusted processors:
| Service | Purpose | Data Shared |
|---|---|---|
| Razorpay | INR payment processing | Name, email, phone, order amount |
| Stripe | USD payment processing | Name, email, order amount |
| Firebase (Google) | Push notifications (FCM/APNs) | Push token (no PII) |
| Apple In-App Purchase | iOS digital purchases | Purchase events |
| Google Play Billing | Android digital purchases | Purchase events |
| Twilio | OTP SMS delivery | Phone number, OTP code |
| Meta WABA | WhatsApp transactional messages | Phone number, template params |
| Cloudinary | Image CDN for share cards | Name, contribution amount |
| Agora.io | Video consultation infrastructure | Session token (no PII) |
| Sentry | Error monitoring | Anonymised error logs, request IDs |
| Google Analytics 4 | Usage analytics (with consent) | Anonymised usage data |
We do NOT sell, rent, or trade your personal data to any third party for marketing purposes.
8.Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until account deletion + 2 years (legal compliance) |
| Kundali / astrological calculations | Until account deletion |
| Order and payment records | 7 years (GST / Income Tax Act requirement) |
| Consultation recordings | 30 days from session date, then deleted |
| Log files | 14 days (rolling) |
| Marketing opt-in records | Until withdrawal of consent + 1 year |
9.Your Rights
Under the DPDP Act 2023 and GDPR (for EU/UK users), you have the right to:
- Access: Request a copy of personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Erasure (Right to be Forgotten): Request deletion of your data (subject to legal retention obligations)
- Portability: Receive your data in a machine-readable format
- Withdraw Consent: Withdraw marketing/analytics consent at any time
- Object: Object to processing based on legitimate interests
- Lodge a Complaint: With the Data Protection Board of India (DPDP Act) or your local Data Protection Authority (GDPR)
To exercise your rights, email: privacy@astroayodhya.com. We will respond within 30 days.
10.Push Notifications
- Push notifications are entirely optional — you will be asked to opt-in during onboarding or in Settings
- We send push notifications for: booking reminders, order updates, daily rashifal (if subscribed), new Acharya availability
- Disable anytime: App Settings → Notifications → Toggle OFF, or device Settings → AstroAyodhya → Notifications
- Disabling push notifications does not affect core app functionality
11.Location Data
- We request COARSE location permission only — to auto-fill your city for panchang
- We do NOT collect precise GPS coordinates except for puja GPS certificate generation (with explicit consent at time of puja)
- We do NOT track location in the background
- Location permission is optional — you can manually enter your city for panchang
- Location data is not shared with third parties for advertising
12.Camera and Microphone
- Camera and microphone are accessed ONLY during live Acharya video consultations
- Sessions may be recorded only with in-app consent notification
- Consultation recordings are stored for 30 days for quality assurance, then deleted
- Camera and microphone are never accessed in the background or outside consultation features
13.Third-Party Analytics and Advertising
- We use Google Analytics 4 (Firebase Analytics) for anonymised usage analytics — no PII shared
- We do NOT use advertising SDKs (AdMob, Meta Audience Network, etc.) in the App
- We do NOT show third-party advertisements in the App
- We do NOT share your data with advertisers or ad networks
14.Account Deletion
You may delete your account at any time:
- In the AstroAyodhya mobile app: Profile → Delete account → Confirm
- By email: account-deletion@astroayodhya.com — processed within 30 days
- Once deleted, your kundali, order history, and forecasts CANNOT be recovered — download your data before deleting
- Financial transaction records are retained for 7 years as required by Indian tax law (GST compliance)
15.Children's Privacy
- Our Platform and App are not directed to children under 13 years of age
- We do not knowingly collect personal data from children under 13
- If we become aware that a child under 13 has provided personal data, we will delete it immediately
- Users aged 13–17 may use the App only with verifiable parental or guardian consent
- Acharya video consultations are restricted to users 18 years and above
- Parents/guardians: contact privacy@astroayodhya.com to request data deletion for a child
16.Cookies
For detailed information about the cookies we use and how to manage them, please read our Cookie Policy.
17.Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the website. The revised policy will be effective from the date of publication.
18.Contact & Grievance Officer
- Privacy queries: privacy@astroayodhya.com
- Grievance Officer: grievance@astroayodhya.com
- Response time: Within 30 days for privacy requests, within 48 hours for grievances
- Phone: +91-7314621515
- Laraware Private Limited, B-2/64, Vibhutikhand, Gomtinagar, Lucknow — 226010, Uttar Pradesh, India.
Issued by Laraware Private Limited · CIN U62099UP2023PTC198188
B-2/64, Vibhutikhand, Gomtinagar, Lucknow, Uttar Pradesh — 226010
legal@astroayodhya.com · +91-7314621515