Privacy Policy

Astrika Technologies ("Astrika", "we", "us") operates the Astrika Vedic Jyotish platform at astrika.in. We act as the Data Fiduciary under India's Digital Personal Data Protection Act 2023 (DPDP) for the personal data you provide while using the Service.

Address: Astrika Technologies, Bhubaneswar, Odisha, India. Contact: support@astrika.in.

The data we process falls into four categories:

• Account identification: name, email address, and (optionally) a hashed password. We use these to create and manage your account, log you in, and email you transactional notifications.
• Birth details: date, time, and place of birth for any profile you create. This is the core input to chart computation and reading generation. Without it, the Service cannot function.
• Usage data: the charts you generate, the questions you ask, the readings produced, and your credit balance. We use these to deliver the Service and provide your history.
• Payment data:processed entirely by Razorpay (a PCI-DSS Level 1 certified payment gateway). Astrika does not see or store your full card details; we only receive the result of the transaction (success/failure plus Razorpay's order ID).

We do not collect biometric, financial account, health, caste, religion, sexual orientation, or political-affiliation data. We do not buy or rent personal data from third parties.

Under DPDP 2023, we process your data on the legal basis of your consent, which you provide at sign-up by accepting these terms. Where processing is incidental to payment, we also rely on the "performance of contract" basis. You may withdraw consent at any time (see "Your rights" below); doing so will terminate your account and trigger deletion of your data.

We use a small set of third-party processors strictly to operate the Service:

• Razorpay (India): processes all payments. Receives your name, email, and payment details. Razorpay operates under its own privacy policy.
• Anthropic (USA):we use Anthropic's API to generate readings. We send your chart summary plus your question text. No name, email, or payment data is sent. Anthropic does not train on API traffic per their published policy.
• Resend (USA): sends transactional emails (welcome, sign-in codes, receipts, password reset). Receives your email address and email content.
• Hetzner (Germany):hosts the database and backend servers. We store your data on Hetzner's EU infrastructure.
• Vercel (USA): hosts the website frontend. Receives only standard web request metadata (IP, user agent).

International transfers under DPDP: as the Government of India has not yet designated restricted countries, transfers to the USA and Germany via these processors are currently permitted. If the position changes, we will update this policy and adjust processors accordingly.

We do not sell your personal data to anyone, ever. We will only share data with law enforcement or government authorities in response to a valid legal order under Indian law.

• Account data (name, email): kept while your account is active. Deleted within 30 days of account closure.
• Birth details, charts, readings, questions: kept while your account is active. Deleted automatically when you delete a profile (cascade includes all dependent data).
• Order records (payment receipts): retained for 7 years to meet Indian tax and audit requirements, even after account deletion. These records contain order ID, amount, and timestamps, not card details.
• Email logs: kept for 90 days for delivery debugging, then deleted.

As a Data Principal, you have these rights:

• Right to information: know what data we hold about you. Most of it is visible in the dashboard; anything else, email us and we will respond within 30 days.
• Right to correction and updating: edit your name and email in account settings, edit your profile birth details in the profile editor.
• Right to erasure: delete a profile to cascade-delete all its data, or email us to close your entire account. Order records are retained per tax law as noted above.
• Right to grievance redressal: if you are not satisfied with how we handle your data, contact our Grievance Officer below. If still unresolved, you may approach the Data Protection Board of India.
• Right to nominate: you may nominate another individual to exercise your rights in case of death or incapacity. Email us with the nomination request.
• Right to withdraw consent: withdraw at any time by closing your account. Processing already done up to that point remains lawful.

Astrika is not for users under 18. We do not knowingly collect data from children. If you are a parent or guardian and believe your child has created an account, email us and we will close the account and delete the data.

We use the browser's local storage to keep you signed in (an auth token), to remember the chart you were viewing for adoption after sign-up, and to track which credit pack to return to after a Razorpay redirect. We do not use third-party advertising or tracking cookies.

We protect your data with industry-standard measures: TLS in transit, encryption at rest where the database supports it, hashed passwords (bcrypt), server-side session revocation, atomic credit operations, audit logging on admin actions, and content security policies on every response.

We will notify you and the Data Protection Board promptly if any personal data breach occurs that affects you, in line with DPDP requirements.

In accordance with DPDP 2023 and Section 5(9) of the Information Technology (Intermediary Guidelines) Rules, our Grievance Officer is:

Grievance Officer
Astrika Technologies
Bhubaneswar, Odisha, India
support@astrika.in

We will acknowledge grievances within 24 hours and resolve them within 15 days from the date of receipt.

We may update this policy from time to time. Material changes will be announced via email or an in-app notice. Continued use after such notice constitutes acceptance.