Privacy Policy

1. Who we are

Astro-Vedic is a Vedic astrology product offering birth-chart computation, daily horoscopes, panchang, dashās, matchmaking and a chat consultation with an LLM-powered astrologer. It is built and operated by an independent developer based in India. For any privacy-related question or request, contact us at support@omastrovedic.com.

2. What information we collect

2.1 Account information

When you create an account we collect your email, name and date of birth. If you sign in with Google we receive your email, name, profile picture URL and the stable Google account identifier (sub) — we never see your Google password. Date of birth is required to confirm you are 18+ and is also used when you compute your own chart.

2.2 Birth chart data

To compute a chart we ask for the subject's name, date, time and place of birth (geocoded to latitude/longitude and timezone). You may compute charts as a guest without saving anything; saving a chart stores it under your account so you can revisit it.

2.3 Usage and device data

When you use the apps we automatically receive your IP address, browser or device user-agent, app version, language preference, chosen theme, and timestamps of requests. We use these for fraud prevention, abuse / rate-limit enforcement, error diagnosis, and aggregate analytics. Authentication tokens issued to your device are stored locally (httpOnly cookies on web, Android Keystore / iOS Keychain via flutter_secure_storage on mobile).

2.4 Payment data (only if you pay)

If you make a payment, the transaction is processed by Razorpay (India) or the platform billing system (Google Play / Apple App Store). We receive a transaction identifier, amount and status; we do not see or store your card number, UPI handle or wallet credentials.

2.5 Communications

If you email us or use the in-app consult feature, we keep that message for support purposes. The chat-with-the-astrologer messages are sent to a large-language-model provider (see §4) and to our own servers to compute and stream a reply.

3. How we use your information

• Compute your charts, horoscopes, panchang and other readings.
• Authenticate you, keep your session alive, and manage your saved charts.
• Personalise content (language, daily outlook, family/relation tags).
• Detect abuse, fraud and quota violations; rate-limit auth and chat endpoints.
• Improve the product through aggregated, de-identified analytics.
• Send you transactional emails — sign-up verification, password reset, payment receipts. We do not send marketing email without your opt-in.
• Comply with legal obligations (DPDP, tax, lawful requests).

4. Sub-processors we share data with

We use the following third parties strictly to operate the service. Each receives only the minimum data needed for its function.

• Google Cloud Platform — hosting (Cloud Run, Cloud SQL Postgres) and Google Sign-In ID-token verification. Data is stored in the asia-south1 region (Mumbai).
• Anthropic, Google AI Studio (Gemini), Groq — large- language-model providers powering the in-app chat. Chat messages and the grounding chart context are sent over HTTPS at the moment you ask a question. They are not used by the provider to train their models when configured in API mode.
• Razorpay— payments (India). Subject to Razorpay's own privacy policy.
• Sentry — error reporting (stack traces; we strip PII before sending).
• Google Play / Apple App Store — app distribution, crash reports, optional in-app purchases.

We do not sell your personal data. We do not share it with advertising networks. We do not use third-party tracking pixels.

5. Where your data lives

Your account, saved charts and audit logs are stored in encrypted Postgres in India (asia-south1). Backups are encrypted at rest. Birth-data columns (PII) are also encrypted at rest with AES-256-GCM at the application layer when the encryption key is configured.

6. How long we keep your data

• Account & saved charts— until you delete your account. After you tap “Delete account” we soft-delete immediately and hard-delete (cascade) after a 30-day grace window during which you can change your mind.
• Authentication tokens — refresh tokens are single-use, rotated, and expire after 30 days of inactivity.
• Audit logs (login, payment, delete events) — up to 180 days for fraud investigation, then deleted.
• Chat messages — kept in your local app for the session and not stored long-term on our side beyond the token budget meter.

7. Your rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (edit your profile or a saved chart).
• Delete your account and all associated data — Dashboard → Privacy on the web or Profile → Delete account on mobile.
• Export your data (request via email; we respond within 30 days).
• Withdraw consent and stop using the service at any time.
• Lodge a complaint with the Data Protection Board of India (DPDP) or your local supervisory authority (GDPR).

To exercise any of these rights, email support@omastrovedic.com.

8. Children

Astro-Vedic is intended for users 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

9. Cookies

The web app uses two httpOnly cookies (avp_access, avp_refresh) strictly for authentication. We do not use tracking, advertising or analytics cookies.

10. Security

Traffic is end-to-end TLS. Passwords are hashed with bcrypt. Refresh tokens are single-use with reuse-detection. Sensitive PII fields are encrypted at the application layer (AES-256-GCM) before storage. Access to production systems is restricted and audited.

11. Changes to this policy

We may update this policy as the product evolves or regulations change. Material changes will be announced in the app and via email to registered users at least 7 days before they take effect. The date at the top of this page reflects the last update.

12. Contact

Privacy questions, data-export requests and rights enquiries: support@omastrovedic.com.