Abhijit Muhurat · 12:00–12:55 IST· śubh muhurat todayKundli Vedic Jyoti report · 15% off ₹499 · ends 31 JulyClaim the offer →
Abhijit Muhurat · 12:00–12:55 IST· śubh muhurat todayKundli Vedic Jyoti report · 15% off ₹499 · ends 31 JulyClaim the offer →
Vedic Jyoti

Privacy Policy

Last updated: 2026-05-28

Last updated: 2026-05-28.

This Privacy Policy explains what personal data Vedic Jyoti collects, how it is used, who it is shared with, how long it is kept, and the rights you have under India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian laws. It applies to the website at vedicjyoti.in, our mobile clients, the Acharya consultation platform, the online shop and any supporting services (together the "Service").

The data fiduciary under the DPDP Act is Serene Soul Jewellery, a sole proprietorship of Deepak Chaudhary (registered office: [Registered office address]), which operates Vedic Jyoti. Our designated Grievance Officer is contactable via the Grievance Officer page.

By creating an account, ticking the consent boxes at signup, or otherwise using the Service, you consent to the processing described in this Policy. You can withdraw consent at any time — Section 4 explains how.

Our promises to you

A short, plain-language summary of how we behave. The rest of this Policy is the formal version of these promises.

1. Definitions

For ease of reference (terms used here have the meaning given in the DPDP Act where applicable):

2. Data we collect

2.1 Information you give us

2.2 Information we collect automatically

2.3 Information from third parties

3. Purposes — why we use your data

Purpose Data used Legal basis
Compute your birth chart, divisional charts and dashas Birth details Contract performance
Generate your personalised report, including AI-assisted prose Birth details, chart, name, sex Contract performance
Run an Acharya consultation Account, chart, your messages Contract performance
Take payment and issue an invoice Account, payment metadata Contract + legal obligation
Send transactional email (receipts, order updates) Email Contract performance
Send optional product updates Email Consent
Authenticate sign-in via OTP Phone (HMAC) Consent + contract performance
Detect fraud, abuse and rate-limit abuse Technical data, phone hash, IP Legitimate interest + legal obligation
Improve the Service in aggregate Pseudonymous analytics Legitimate interest
Respond to your messages and grievances Whatever you share with us Contract + DPDP Act
Comply with tax and accounting law Order + payment data Legal obligation

We do not sell your data, run third-party advertising on the Service, or share your data for any other party's marketing.

4. Notice and consent under the DPDP Act

Where the DPDP Act requires consent, we obtain it through an active choice (a ticked checkbox at signup, or an explicit confirmation in a later flow) and we record the date and a hashed IP for an auditable trail. The notice at the point of collection sets out the data, the purpose, your right to withdraw consent and your right to grievance redressal.

You can withdraw consent for a particular processing activity at any time — for marketing email this is one click in the email itself; for other purposes, write to support@vedicjyoti.in. We will stop the relevant processing prospectively. Where the processing is necessary for contract performance (for example, delivering a report you have paid for), withdrawing consent may mean we can no longer deliver that part of the Service; we will tell you if so.

5. Sharing — processors we use

We share the minimum data necessary with carefully selected processors to deliver the Service. Each processor handles your data on our written instructions, under standard contractual safeguards.

Processor Purpose What we share Region
AstrologyAPI (Vedic Rishi) Chart, divisional, panchang, varshphal computation Birth date / time / lat-long / time-zone India / Cloud
Anthropic (Claude) AI-assisted report prose and Acharya support Computed chart + conversation context US
Supabase Auth + database + file storage Account, hashed phone, birth, reports EU / US
Razorpay Payments, settlements, invoices Name, email, amount; card details stay with Razorpay India
Resend Transactional email Email address + message body US / EU
Twilio / Supabase Phone SMS / WhatsApp OTP Phone number in transit; hashed at rest India / US
Vercel Hosting + request routing Request logs, performance metrics Multiple
Upstash Redis cache + queue (rate limits, OTP throttling) Pseudonymous keys (e.g. phone-hash) India / EU
PostHog Product analytics Pseudonymous events; no raw PII EU
Sentry Error monitoring Pseudonymous stack traces, request IDs EU / US

We may add, replace or remove processors from time to time; this table is updated when we do.

In addition, Acharyas (verified astrologers) receive only the information you choose to share within a session.

6. Cross-border transfers

Some processors host data outside India (for example, Anthropic in the United States; PostHog in the European Union; Sentry, Resend and Vercel across multiple regions). The DPDP Act permits cross-border transfers to all countries not specifically restricted by the Government of India. Where transfers occur, we contractually require appropriate technical and organisational safeguards.

7. Retention schedule

We keep personal data only for as long as necessary for the purpose for which it was collected, after which we delete or anonymise it.

Data Retention
Account record (User row) While the account is active; deleted on request, see Section 11
Phone-number HMAC Same as account
Birth details (BirthDetail) While the account is active; deleted with the account
Generated reports (PDF + content) While the account is active; downloadable copies in your dashboard
Acharya conversation history 12 months active access; archived for a further 12 months; then deleted
Payment invoices 7 years from the financial year-end (Indian income-tax & GST)
Consent records While the account is active + 3 years (auditability)
Error / diagnostic logs (Sentry) 90 days
Analytics events (PostHog) 365 days at user-level; aggregated indefinitely
Marketing-email delivery logs (Resend) 30 days

When you ask for deletion (Section 11), we erase the identifying data and retain only what we are legally required to keep (notably tax records), pseudonymising it where possible.

8. Security

9. Cookies and similar technologies

We use a small number of first-party cookies:

We do not use third-party advertising or cross-site tracking cookies. We honour the browser's "Do Not Track" signal for analytics.

10. Children

The Service is intended for users 18 years and older. We do not knowingly collect personal data from children. If you believe a minor has created an account, please email support@vedicjyoti.in so we can verify and delete it.

11. Your rights under the DPDP Act

As a Data Principal you have the right to:

To exercise any of these rights, email support@vedicjyoti.in from your registered email, or use the in-product controls (Profile → Privacy). We will acknowledge within 48 hours and resolve within 30 days (complex matters get an interim status update at 30 days and a final resolution within 90 days).

12. Automated decision-making and AI

We do not make any solely automated decisions that produce a legal or similarly significant effect on you. The AI-assisted prose in our reports is constrained to your computed chart and is reviewed against deterministic computations. Nothing automatic determines whether you qualify for the Service, the price you pay, or your access to your account.

13. Data breach notification

If we become aware of a personal-data breach affecting your data, we will notify you and the appropriate authority (the Data Protection Board of India, once it is notified by the Government) without undue delay, with the information required by the DPDP Act and the rules made under it. We will also publish a notice describing the breach and the remedial steps taken.

14. Marketing communications

If you have opted in (the "marketing" consent at signup), we may send occasional product updates by email. Every such email carries a one-click unsubscribe link. Transactional emails (order receipts, account notices) are not optional while your account is active.

15. Third-party links

The Service may link to third-party sites or services (for example, payment gateways or social media). Their privacy practices are governed by their own policies, not by ours. We do not control and are not responsible for their content.

16. Grievance Officer

In compliance with the DPDP Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our designated Grievance Officer is reachable via the Grievance Officer page. The page sets out the officer's name, email, phone, postal address, working hours, and the timelines for acknowledgement and resolution.

17. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and on this page, with the "Last updated" date refreshed at the top.

18. Contact