Privacy Policy

How AstroSure AI Private Limited collects, uses, shares, and protects your personal data

AstroSure AI Private Limited (“AstroSure”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy (the “Policy”) describes how we collect, use, disclose, retain, and safeguard your personal data when you access or use the AstroSure mobile application, websites, and related services (collectively, the “Services”).

This Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “SPDI Rules”), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (the “DPDPA”), to the extent and as and when its provisions are notified.

By accessing or using the Services, you confirm that you have read and understood this Policy and consent to the practices described in it. If you do not agree, please do not use the Services.

1. Data Fiduciary / Body Corporate Identity

For the purposes of this Policy:

• Data Fiduciary (under the DPDPA) and Body Corporate (under the SPDI Rules): AstroSure AI Private Limited
• Registered Office: 8th Floor, New No. 250, Old No. 268, Dadha Chambers, Avvai Shanmugam Salai, Royapettah, Chennai - 600014, Tamil Nadu, India
• Email: privacy@astrosure.ai
• Data Protection / Grievance Officer: see Clause 13

2. Key Definitions

• Personal Data — any data about an individual who is identifiable by or in relation to such data.
• Sensitive Personal Data or Information (SPDI) — has the meaning given in Rule 3 of the SPDI Rules and includes passwords, financial information, physical/physiological/mental-health condition, sexual orientation, medical records and history, and biometric information.
• Processing — any operation performed on Personal Data, including collection, storage, use, sharing, disclosure, retention, alteration, and erasure.
• Data Principal — the individual to whom the Personal Data relates (i.e., you).

3. Categories of Personal Data We Collect

We collect the following categories of Personal Data:

3.1 Identity and Contact Information

• Full name, gender, profile photo (optional)
• Mobile number and email address
• Authentication identifiers (e.g., OTP-verified phone number, social-login identifiers)

3.2 Astrological Data (Critical for our Services)

• Date of birth, exact time of birth, and place of birth
• Birth coordinates (latitude / longitude, time-zone)
• Partner / family birth details (only when you voluntarily add them for compatibility, Guna Milan, or family-chart features)

We treat exact time and place of birth as highly sensitive because they are core inputs to natal-chart computations and are unique to you.

3.3 Payment Information

Payments are processed by external payment service providers (such as Razorpay and the Apple App Store). We do not store full card numbers, CVV codes, UPI PINs, or net-banking credentials on our servers. We retain only transaction identifiers, masked card data, billing address, GSTIN (if provided), and subscription status as may be returned by the payment provider.

3.4 User-Generated Content

• Mood-journal entries, notes, queries to the Agastyaa AI assistant
• Predictions feedback (verified, inaccurate, partial, skipped)
• Survey responses, ratings, and reviews
• Custom rituals you create

3.5 Device, Usage, and Technical Information

• Device model, operating-system version, unique device identifiers, advertising identifiers (where permitted)
• App version, language and locale settings
• IP address, network operator, approximate location (city / region) inferred from IP
• Crash logs, performance data, in-app screen views, taps, and feature usage events
• Marketing-attribution data (campaign source, install-referrer, postback identifiers)

3.6 Precise Location Data (Optional)

We collect precise GPS-level location only if you explicitly grant the relevant permission, for features such as accurate sunrise / sunset, panchang, and muhurat computations. You may revoke this permission at any time through your device settings.

3.7 Communications

Where you contact our customer-support team or our Grievance Officer, we may collect the contents of your communications, your contact details, and any attachments you submit.

4. Purposes for Which We Process Your Personal Data

We process your Personal Data only for specific, lawful, and clearly identified purposes, including:

• to create and authenticate your Account, and to verify your identity through OTP, passkey, or social login;
• to compute and deliver astrological outputs (natal charts, divisional charts, dasha, transits, panchang, muhurat, predictions, compatibility, numerology, tarot draws, remedies, etc.);
• to personalise the Services through our Hyper-Personalization Engine, including adaptive guidance, daily overview, and recommended rituals;
• to operate the Agastyaa conversational AI assistant and generate AI-powered guidance, explanations, and reports grounded in your astrological context;
• to process payments, manage Subscriptions, prevent payment fraud, and issue receipts and tax invoices;
• to send you transactional, service, and Account-related communications (e.g., reminders, renewal alerts, important updates);
• to send you marketing and promotional communications, where you have not opted out and where consent is required, only with your prior consent;
• to provide customer support, address grievances, and investigate complaints;
• to monitor, debug, secure, and improve the Services and to develop new features;
• to train, evaluate, and improve our AI systems, including the Agastyaa Engine and the Hyper-Personalization Engine, in each case on de-identified or aggregated data wherever feasible;
• to comply with applicable law, court orders, and lawful requests from public authorities; and
• to enforce our Terms & Conditions and protect our rights, property, and the safety of our Users and the public.

5. Lawful Basis and Consent

We process your Personal Data on one or more of the following lawful bases under applicable Indian law:

• Consent — for purposes that require your explicit consent, such as the use of Astrological Data for personalised forecasts and AI processing, marketing communications, and access to precise device location;
• Performance of contract — to deliver Services you have purchased or signed up for;
• Legitimate uses (as recognised under the DPDPA) — for legally permitted purposes such as compliance with law, prevention of fraud, and the safe operation of the Services;
• Compliance with legal obligations — including taxation, accounting, and regulatory disclosure requirements.

Where consent is the lawful basis, your consent is free, specific, informed, unconditional, and unambiguous, signified by a clear affirmative action. You may withdraw your consent at any time by writing to privacy@astrosure.ai or through the in-app privacy settings, subject to legal or contractual restrictions and processing carried out before such withdrawal.

6. Sharing of Personal Data with Third Parties

We share your Personal Data only with the following categories of recipients, and only to the extent necessary for the purposes described in this Policy:

6.1 Service Providers (Data Processors)

• Cloud hosting and infrastructure providers (e.g., AWS, GCP, or equivalent)
• Payment service providers (e.g., Razorpay, Apple In-App Purchase, Chargebee, Juspay)
• Communications and engagement providers (e.g., CleverTap, push-notification services, SMS / email gateways)
• Analytics and measurement providers (e.g., Google Analytics for Firebase, AppsFlyer, Google Tag Manager, ClickHouse via Airbyte, Metabase)
• AI / large-language-model providers (e.g., Anthropic for Claude-based generation), with appropriate contractual safeguards
• Translation providers (e.g., Google Cloud Translation, Bhashini)
• Observability and monitoring (e.g., Sentry, Prometheus, Grafana, Langfuse)
• Customer-support tooling and ticketing systems

Each such service provider is contractually required to process your Personal Data only on our documented instructions and to implement reasonable security safeguards.

6.2 Legal and Regulatory Disclosure

We may disclose your Personal Data where we believe in good faith that such disclosure is required or permitted under applicable law, including disclosures to (a) government authorities, courts, or law-enforcement agencies in response to lawful requests; (b) auditors and professional advisers; and (c) parties involved in actual or contemplated legal proceedings, in each case to the minimum extent necessary.

6.3 Corporate Transactions

If AstroSure is involved in a merger, acquisition, restructuring, financing, or sale of assets, your Personal Data may be transferred to the relevant counterparty as part of such transaction, subject to appropriate confidentiality protections.

6.4 No Sale of Personal Data

We do not sell your Personal Data to any third party.

7. Cross-Border Data Transfers

Some of our service providers and AI partners may process your Personal Data outside India. Where this occurs, we transfer such data only to jurisdictions and entities that are not restricted under the DPDPA or any notification issued by the Central Government, and we put in place reasonable contractual safeguards to ensure that the data continues to be protected at a level comparable to that required under Indian law.

8. Data Retention

We retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, including to:

• deliver the Services to you for the duration of your Account;
• satisfy our legal, accounting, taxation, and regulatory obligations (typically up to 8 (eight) years for financial records under applicable Indian law);
• resolve disputes, enforce our agreements, and respond to lawful requests;
• operate fraud-prevention, safety, and security functions.

Once your Account is deleted and the applicable retention period has lapsed, we will either irreversibly delete or anonymise your Personal Data such that you can no longer be identified from it.

9. Information Security

We implement reasonable security practices and procedures consistent with the ISO/IEC 27001 family of standards and the SPDI Rules, including:

• encryption of data in transit using industry-standard TLS, and encryption at rest of sensitive fields where appropriate;
• role-based access controls, principle-of-least-privilege, and audit logging;
• secure software-development lifecycle practices, code reviews, and dependency scanning;
• regular vulnerability assessments and penetration testing;
• incident-response procedures aligned to applicable breach-notification requirements.

However, no electronic transmission or storage system is fully secure. While we strive to protect your Personal Data, we cannot guarantee its absolute security and therefore do so on a best-efforts basis.

10. Children’s Personal Data

The Services are not intended for individuals under the age of 18 (eighteen) years. We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child, we will delete such data without undue delay. If you are a parent or guardian and believe your child has provided Personal Data to us, please contact privacy@astrosure.ai.

11. Your Rights as a Data Principal

Subject to applicable law (including the DPDPA, once and as its provisions are notified), you have the following rights in relation to your Personal Data:

• Right to information — to obtain a summary of the Personal Data we process about you and the purposes of such processing;
• Right to correction and erasure — to have inaccurate or misleading Personal Data corrected, completed, or updated, and to have Personal Data erased where it is no longer necessary for the purpose for which it was collected. To delete your AstroSure account and the personal data associated with it, please follow the steps described in our Account Deletion Policy;
• Right to nominate — to nominate another individual who shall, in the event of your death or incapacity, exercise these rights on your behalf;
• Right to grievance redressal — to raise a grievance regarding the processing of your Personal Data with our Grievance Officer (Clause 13);
• Right to withdraw consent — to withdraw any consent previously given for processing, subject to lawful consequences.

You may exercise these rights by writing to privacy@astrosure.ai or through the in-app privacy controls. We will respond to verifiable requests within the timelines required by applicable law.

12. Cookies, SDKs, and Similar Technologies

Our website uses cookies and similar technologies, and our mobile application uses third-party software-development kits (SDKs), to operate, secure, and analyse the Services. These include:

• Strictly necessary — for authentication, session management, and security;
• Analytics — to understand how Users interact with our Services so we can improve them (e.g., GA4 via Firebase, AppsFlyer);
• Advertising / attribution — to measure the effectiveness of our marketing campaigns and, where lawful, to deliver relevant advertising (e.g., Google Tag Manager, Google Ads, Meta Ads via server-to-server attribution);
• Functionality — to remember your preferences and personalise your experience.

You can control cookies through your browser settings and device-level advertising preferences. Disabling certain cookies or SDKs may affect the functionality of the Services.

13. Grievance Officer and Data Protection Contact

In compliance with the SPDI Rules, the IT Rules, 2021, and the DPDPA, we have appointed the following officer:

• Name: Devraj Rahul Bafna
• Designation: Grievance Officer / Data Protection Contact
• Email: rahul@astrosure.ai | grievance@astrosure.ai | privacy@astrosure.ai
• Postal Address: 8th Floor, New No. 250, Old No. 268, Dadha Chambers, Avvai Shanmugam Salai, Royapettah, Chennai - 600014, Tamil Nadu, India
• Working Hours: Monday to Friday, 10:00 to 18:00 IST

We will acknowledge any grievance within 24 hours and aim to resolve it within 15 days of receipt, in accordance with applicable law. If your concerns are not satisfactorily resolved, you may approach the Data Protection Board of India once it is constituted under the DPDPA.

14. AI-Driven and Automated Processing

Several core features of the Services rely on automated processing and AI models:

• the Astro Engine performs deterministic astrological computations on your Astrological Data;
• the Hyper-Personalization Engine profiles your interactions to deliver personalised guidance, recommendations, and timing;
• the Agastyaa Engine uses large language models (including third-party models such as those provided by Anthropic) to generate conversational guidance, predictions, and explanations.

AI-generated outputs are not deterministic and may contain errors. None of these automated processes is used to make decisions that produce legal effects or similarly significant effects on you. You retain final decision-making authority over how you use any guidance provided by the Services.

15. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, applicable law, or the Services. The updated version will be made available within the Services and on our website, with the “Effective Date” updated. Where the changes are material, we will notify you through reasonable means (e.g., in-app notice, email). Your continued use of the Services after such notice constitutes acceptance of the updated Policy.

16. Contact Us

If you have any questions, comments, or concerns about this Policy or our data practices, please contact us at:

• Email (Privacy): privacy@astrosure.ai
• Email (Grievance): grievance@astrosure.ai
• Email (Support): support@astrosure.ai
• Postal Address: AstroSure AI Private Limited, 8th Floor, New No. 250, Old No. 268, Dadha Chambers, Avvai Shanmugam Salai, Royapettah, Chennai - 600014, Tamil Nadu, India

Disclaimer: This Privacy Policy template has been drafted to align with current Indian data-protection law as understood at the date of issue, including the SPDI Rules, the IT Rules, 2021, and the Digital Personal Data Protection Act, 2023. Several provisions of the DPDPA depend on subordinate rules and notifications that may evolve after the issue date of this template. This document must be reviewed, customised, and approved by qualified Indian legal counsel before being published or used in production. Square-bracketed placeholders ([•], [Insert ...]) must be completed before use.