Privacy Policy
Last updated: March 2026
1. Data Fiduciary
Tarashastra ("we", "our", or "us") is an AI-powered Vedic Astrology service available on WhatsApp and Telegram. For the purposes of the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000, the Data Fiduciary is:
Aashutosh Bhattad
Email: [email protected]
Location: India
2. Lawful Basis for Processing
We process your personal data based on your explicit consent (DPDPA Section 6). Before collecting any data, we present a clear notice and obtain your agreement. You may withdraw consent at any time (see Section 8).
3. Data We Collect
We collect the following categories of personal data, each for a specific purpose:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Identity | Name (as provided by you) | Personalize astrology readings |
| Contact | Phone number (WhatsApp) or Telegram user ID | Deliver messages and identify your account |
| Birth Details | Date of birth, time of birth, place of birth, geographic coordinates | Calculate your Vedic birth chart (kundali) |
| Conversation History | Questions you ask and AI-generated responses | Provide context-aware readings; remember past discussions |
| Subscription & Usage | Credit balance, plan type, message counts, usage dates | Manage your subscription and enforce usage limits |
| Payment Records | Transaction IDs, amount paid, payment status, currency | Process payments and prevent fraud. We do NOT store card/UPI details — Razorpay handles payment instruments directly. |
| Referral Data | Referral code, referred-by code | Manage referral rewards |
| Language Preference | English or Hindi | Communicate in your preferred language |
We do not collect: Aadhaar number, PAN, health data, biometric data, caste, religion, sexual orientation, or political opinion.
4. Third-Party Data Processors
Your data is shared with the following third-party services solely for providing the astrology service:
| Service | Provider | Data Shared | Purpose | Server Location |
|---|---|---|---|---|
| AI Processing | Google Gemini (Google LLC) | Birth details, questions, conversation context | Generate astrology readings | Global (Google Cloud) |
| AI Processing (Fallback) | DeepSeek / Anthropic Claude | Same as above (only when primary AI is unavailable) | Backup AI generation | Global |
| Database | Supabase (PostgreSQL) | All stored data listed in Section 3 | Persistent data storage | Cloud-hosted |
| Payments | Razorpay Software Pvt Ltd | Transaction details, user identifier | Payment processing (PCI-DSS compliant) | India |
| Messaging | Meta Platforms (WhatsApp) | Phone number, messages | Message delivery on WhatsApp | Global (Meta servers) |
| Messaging | Telegram FZ-LLC | Telegram user ID, messages | Message delivery on Telegram | Global |
| Geocoding | Google Maps (Google LLC) | Birth city name | Convert city name to geographic coordinates | Global (Google Cloud) |
We do not sell your data to any third party. Data is shared only as described above.
5. Cross-Border Data Transfer
Some of our data processors operate outside India. By consenting to this policy, you acknowledge that your data may be transferred to and processed in jurisdictions outside India, including the United States (Google, Meta) and other countries. These transfers are necessary to provide the service.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Conversation history | 180 days from the date of conversation, then automatically deleted |
| Birth chart & user profile | Until you request deletion or withdraw consent |
| Subscription data | Until you request deletion or withdraw consent |
| Payment records | 7 years (required by Indian tax and financial regulations) |
| Consent records | 7 years (legal audit trail) |
7. Data Security
We implement reasonable security measures as required under the Information Technology (Reasonable Security Practices) Rules, 2011:
- Encrypted database connections (TLS/SSL)
- Parameterized database queries to prevent injection attacks
- Input sanitization and validation on all user inputs
- Webhook signature verification (HMAC SHA-256) for payment and messaging callbacks
- Rate limiting to prevent abuse
- Atomic database operations to prevent race conditions on financial transactions
8. Your Rights
Under the DPDPA 2023 and IT Act 2000, you have the following rights:
| Right | How to Exercise |
|---|---|
| Access your data | Send /mydata in the bot to receive a copy of all your stored data |
| Delete your data | Send /deletedata in the bot to permanently delete all your personal data |
| Withdraw consent | Send /withdrawconsent in the bot. This will delete your data and stop the service. |
| Cancel scheduled deletion | Send /canceldelete in the bot during the 28-day grace period to restore your account |
| Correct your data | Contact our Grievance Officer at [email protected] |
| Grievance redressal | Contact our Grievance Officer. We will respond within 72 hours. |
9. Grievance Officer
In compliance with the Information Technology Act, 2000 and DPDPA 2023, our Grievance Officer is:
Name: Aashutosh Bhattad
Email: [email protected]
Address: India
Response time: Within 72 hours of receipt of complaint
If you are not satisfied with the resolution, you may approach the Data Protection Board of India as established under DPDPA 2023.
10. Children's Data
Our service is intended for users aged 18 and above. We do not knowingly collect data from children under 18. If you believe a minor has provided us with personal data, please contact our Grievance Officer for immediate deletion.
11. AI-Generated Content Disclosure
All astrology readings provided by Tarashastra are generated by artificial intelligence (primarily Google Gemini) based on Vedic astrology calculations performed by astronomical computation engines. These readings are for guidance and entertainment purposes only and do not constitute professional advice of any kind.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. If we make material changes, we will notify you through the bot before the changes take effect. Continued use of the service after notification constitutes acceptance. You may withdraw consent if you disagree with any changes.
13. Applicable Law
This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. Any disputes shall be subject to the jurisdiction of courts in India.