Privacy Policy
Version 1.0 · Draft for Legal Review · DPDP Act 2023 Compliant
1. Who We Are
Graha Life is an AI-assisted Vedic astrology and spiritual guidance service. Contact: nav@graha.life
2. What Data We Collect
Data You Provide
| Data Type | Fields | Purpose |
|---|---|---|
| Identity | Name, phone number | Account creation |
| Birth Data | DOB, time, place | Chart computation |
| Language | Preferred language | Delivering readings in your language |
| Communication | Questions, voice messages | Generating readings |
Data Generated by the Service
Your natal chart (computed planetary positions), conversation history, and anonymized usage data.
What We Do NOT Collect
Biometric data, current location, contacts, photos, Aadhaar/PAN, financial data beyond payment references.
3. How We Use Your Data
Computing your chart, generating readings, delivering daily horoscope, processing payments, sending notifications, and improving service quality (anonymized, aggregated only).
We will NEVER: sell to third parties, use for advertising, train third-party AI with your personal readings, or profile minor users.
4. Data Storage & Security
- Database: Supabase (PostgreSQL) with Row Level Security
- Encryption: AES-256 at rest, TLS 1.2+ in transit
- Payment data handled by Razorpay (PCI-DSS Level 1 compliant) — we never see or store card/UPI credentials
- Birth data is encrypted before storage and can be deleted anytime
5. Data Sharing
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase | Encrypted stored data | Database hosting |
| Razorpay | Payment references | Payment processing |
| LLM Providers | Anonymized chart context (NO names, NO phone numbers) | AI readings |
| Cloudflare | Request metadata | API hosting |
Your full birth data (name + DOB + time + place together) is never sent to LLM providers.
6. Your Rights (DPDP Act)
- Access: Request a summary of your data — contact nav@graha.life
- Correction: Update inaccurate data through the bot
- Erasure: Delete all your data by typing
/delete_my_datain the bot, or email nav@graha.life - Withdraw consent: As easy as giving it — through the bot or email
- Nominate: Register a nominee for your data rights
7. Data Retention
| Data Type | Retention |
|---|---|
| Account & birth data | Until you delete your account |
| Conversation history | 12 months from last interaction |
| Payment records | 8 years (legal requirement) |
| Usage analytics | Anonymized — indefinite |
8. Children's Privacy
Designed for users 18+. Under-18 users require parental consent (DPDP Act Section 9). No behavioral tracking of minors.
9. Cookies
We use only essential cookies (session, language, CSRF). No advertising cookies, no analytics trackers, no third-party tracking pixels.
10. Contact
Privacy inquiries & data deletion: nav@graha.life
General support: nav@graha.life