MyAstroTech Privacy Policy

1.1 This document constitutes our commitment to safeguarding your privacy as a Data Principal under Indian law. We act as the Data Fiduciary for all personal data collected through our Platform.

1.2 This Privacy Policy applies to:

• All users accessing our website and mobile applications
• Registered Members and unregistered visitors
• Astrologers and service providers using our Platform
• All personal data submitted in digital form

1.3 By accessing, registering, or using our Platform, you expressly consent to this Privacy Policy. If you do not agree, please discontinue use immediately.

2.1 'Personal Data' means any data about an individual who is identifiable by or in relation to such data, including:

• Name, email address, phone number
• Date of birth, time of birth, place of birth (birth details)
• Gender, marital status, photograph
• Payment information, billing details
• IP address, device information, location data
• Chat transcripts, call recordings, consultation history

2.2 'Data Principal' means you, the individual to whom the personal data relates.

2.3 'Data Fiduciary' means MyAstroTech (Godly Innovations Private Limited), which determines the purpose and means of processing personal data.

2.4 'Processing' means any operation performed on personal data, including collection, storage, use, disclosure, sharing, or erasure.

2.5 'Consent' means a free, specific, unconditional, and unambiguous indication of the Data Principal's wishes through a clear affirmative action.

3.1 Personally Identifiable Information (PII) — We collect the following categories of personal data:

3.2 Voice and Audio Data: With your explicit consent, we collect voice recordings when you use our voice chat feature. These recordings are:

• Encrypted during transmission and storage
• Retained only for the duration necessary for service delivery and quality assurance
• Automatically deleted after 90 days unless required for legal compliance or dispute resolution
• Never used for AI model training without explicit consent

3.3 Non-Personally Identifiable Information (Non-PII): We also collect aggregated usage statistics, anonymized browsing patterns, and demographic information not linked to identifiable individuals.

4.1 We process your personal data based on the following lawful grounds under DPDP Act Section 7:

4.2 Consent Requirements: Consent obtained is free (no coercion), specific (limited to clearly defined purposes), informed (you understand what data is collected and why), unambiguous (clear affirmative action required — no pre-ticked boxes), unconditional (not bundled with unrelated services), and withdrawable (you may withdraw consent anytime with the same ease as giving it).

5.1 Primary Purposes:

• Creating and managing your user account
• Providing personalized astrological consultations, horoscopes, and predictions
• Facilitating connections between you and registered astrologers
• Processing payments and maintaining transaction records
• Sending service-related communications (OTP, booking confirmations, reminders)
• Quality assurance and training (with anonymization where possible)

5.2 Secondary Purposes (with separate consent):

• Marketing communications, promotional offers, newsletters
• Personalized advertising based on your interests
• Participation in surveys, feedback collection, contests
• Product recommendations (gemstones, puja services)

5.3 Legal Compliance:

• Responding to legal requests from competent authorities
• Fraud prevention and security monitoring
• Compliance with tax and accounting obligations
• Data retention as required by applicable law

5.4 We DO NOT:

• Sell or rent your personal data to third parties for marketing
• Use your data for automated decision-making without human intervention
• Share your birth details or consultation content with unauthorized parties
• Use your voice data for AI training without explicit consent

6.1 Categories of Recipients:

6.2 Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred with prior notice and continued protection guarantees.

6.3 International Transfers: We primarily store data within India. Any transfer outside India occurs only to jurisdictions with adequate data protection standards or under approved transfer mechanisms (Standard Contractual Clauses).

7.1 Retention Periods:

7.2 Data Deletion:

• Upon account deletion request, we initiate deletion within 30 days
• Some data may be retained longer if required by law or for legitimate legal claims
• Backup systems may retain data for up to 90 days due to technical cycles
• You may request specific deletion under Section 12 of DPDP Act

7.3 Right to Erasure: You have the right to request deletion of your personal data when consent is withdrawn, data is no longer necessary for the purpose, you object to processing (where applicable), or data was unlawfully processed.

8.1 Right to Access (DPDP Act Section 11): You may request a summary of your personal data being processed, including categories of personal data, purposes of processing, recipients or categories of recipients, and data retention periods.

8.2 Right to Correction and Erasure (Section 12): You may request correction of inaccurate or misleading data, completion of incomplete data, updating of outdated data, and erasure of personal data (subject to legal retention requirements).

8.3 Right to Grievance Redressal (Section 13): You have the right to register complaints regarding our data processing practices.

8.4 Right to Nominate (Section 14): You may nominate any other individual who shall, in the event of your death or incapacity, exercise your rights as a Data Principal.

8.5 How to Exercise Rights:

• Email: support@myastrotech.com
• Portal: Access 'My Account' → 'Privacy' → 'Data Rights'
• Response Time: 30 days from receipt of request (may extend by 60 days for complex requests)
• Verification: Identity verification required to protect your data
• Fees: No charge for first request; nominal fee may apply for excessive requests

9.1 Consent Manager: We have appointed a MyAstroTech Consent Manager (internal function) to manage your consent preferences. Contact: support@myastrotech.com

9.2 Granular Consent Controls: You can manage consent for:

• Marketing communications (email, SMS, WhatsApp)
• Personalized advertising
• Analytics and cookies
• Location services
• Voice recording features

9.3 Withdrawal of Consent: You may withdraw consent at any time through Privacy Settings in your account, unsubscribe links in communications, or by contacting our Grievance Officer.

9.4 Effect of Withdrawal: Withdrawing consent may limit your ability to use certain Platform features, but will not affect the lawfulness of processing based on consent before withdrawal.

10.1 What Are Cookies: Cookies are small text files stored on your device that help us recognize you and remember your preferences.

10.2 Types of Cookies We Use:

10.3 Managing Cookies: You can control cookies through browser settings (block all or specific cookies), our Cookie Consent Banner (adjust preferences), or third-party opt-out tools (e.g. Google Analytics Opt-out).

10.4 Do Not Track: We respect browser 'Do Not Track' signals for analytics and advertising cookies.

10.5 Third-Party Cookies: Our payment gateways and analytics providers may set cookies subject to their respective privacy policies.

11.1 Technical Safeguards:

• Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit
• Access Controls: Role-based access; multi-factor authentication for staff
• Firewalls and Intrusion Detection: 24/7 security monitoring
• Regular Security Audits: Quarterly vulnerability assessments
• Data Masking: Phone numbers masked during astrologer calls (AstroTech Connect feature)

11.2 Organizational Measures:

• Data protection training for all employees
• Confidentiality agreements with astrologers and processors
• Incident response plan with 72-hour breach notification protocol
• Annual data protection impact assessments

11.3 Payment Security: We are PCI-DSS Level 1 compliant. All payment data is processed directly by certified payment gateways; we do not store complete card details.

12.1 In the event of a personal data breach, we will:

• Notify the Data Protection Board of India without delay (within prescribed timelines)
• Notify affected Data Principals promptly via registered communication channels
• Provide details of breach nature, extent, consequences, and mitigation steps

12.2 Breach Contact: support@myastrotech.com (24/7 monitoring)

13.1 Age Restriction: Our Platform is not intended for children under 18 years of age. We do not knowingly collect personal data from minors.

13.2 Parental Consent: If we discover that a minor has provided personal data, we will delete such data immediately upon verification. Parents/guardians may contact us at support@myastrotech.com to request deletion. For astrology consultations regarding minors, parental data is used; the child's data is processed only with verifiable parental consent.

13.3 Prohibited Activities: We do not track or monitor behavior of users known to be children, target advertising to children, or process children's data beyond the specific consultation purpose.

14.1 Our Platform may contain links to third-party websites (astrology blogs, gemstone suppliers, payment gateways).

14.2 We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any data.

14.3 Astrologer Interactions: Any personal information you voluntarily share with astrologers beyond the Platform (phone numbers, addresses) is at your own risk and not covered by this Privacy Policy.

15.1 Grievance Officer (DPDP Act Compliance):

• Email: support@myastrotech.com
• Address: HIG 133, 1st Floor, Phase 7, Sailashree Vihar, Bhubaneswar, Odisha - 751021
• Response Time: 30 days from complaint receipt

15.2 Data Protection Officer (if designated as Significant Data Fiduciary): Contact via support@myastrotech.com

15.3 Data Protection Board of India: You have the right to approach the Data Protection Board if your grievance is not resolved satisfactorily.

16.1 We may update this Privacy Policy to reflect changes in law, technology, or our business practices.

16.2 Notification: Material changes will be notified via email to registered users, prominent notice on our Platform, and an updated 'Last Updated' date at the top of this document.

16.3 Continued Use: Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

18.1 AI and Algorithmic Processing: MyAstroTech utilizes automated systems and artificial intelligence for the following purposes:

• Horoscope Generation: Automated calculation of planetary positions and astrological charts based on birth details provided
• Matching Algorithms: Suggesting astrologers based on your preferences, language, and consultation history
• Content Personalization: Recommending articles, videos, or services based on browsing behavior
• Fraud Detection: Automated monitoring for suspicious payment or account activities
• Quality Scoring: Algorithmic assessment of consultation quality for internal improvement

18.2 Human Involvement: All astrological advice, predictions, and personalized guidance are provided by human astrologers, not AI systems. Automated systems assist in matching and logistics only.

18.3 Your Rights: You may request human review of any automated decision that significantly affects your rights or interests by contacting support@myastrotech.com.

18.4 AI Training Opt-Out: We do not use your personal consultations, chat transcripts, or voice recordings to train AI models without your explicit, separate consent. You may opt-in to data contribution for service improvement at any time in your Privacy Settings.

19.1 Not a Medical Platform: MyAstroTech is not a healthcare provider. Our services do not constitute medical, psychiatric, psychological, or therapeutic advice.

19.2 Mental Health Crisis: If you are experiencing thoughts of self-harm, suicide, or severe mental health crisis:

• Immediately contact: Emergency services (108 in India) or AASRA Suicide Prevention Helpline: 91-22-27546669
• Do not rely on astrological consultations for crisis intervention
• We may share your information with emergency services if we believe you are at imminent risk of harm

19.3 Astrologer Limitations: Astrologers are prohibited from diagnosing medical or mental health conditions, prescribing medication or treatment, discouraging you from seeking professional medical care, or making claims about curing diseases through astrological remedies.

19.4 Your Responsibility: Always consult qualified healthcare professionals for medical concerns. Astrological guidance is for entertainment and personal insight purposes only.

20.1 Not Financial Advice: Astrological predictions regarding finances, investments, business decisions, or stock market movements are not professional financial advice.

20.2 No Liability: MyAstroTech and our astrologers are not liable for any financial losses resulting from decisions made based on astrological guidance. Consult certified financial advisors for investment decisions.

20.3 Gambling Prohibition: Our services must not be used for gambling, lottery predictions, or speculative financial schemes. Astrologers are prohibited from encouraging such activities.

21.1 Collection: With your consent, we collect precise GPS location to display pricing in your local currency, connect you with astrologers in compatible time zones, provide region-specific content and compliance, and enable location-based service recommendations.

21.2 Control: You may disable location services through your device settings or Platform permissions. Disabling may limit certain features.

21.3 Storage: Location history is retained for 90 days, then aggregated and anonymized for analytics.

22.1 Collection: If you use our face reading or palmistry photo upload features, photos are processed for analysis purposes only; facial recognition data is not stored as biometric templates; original photos are retained only with your explicit consent for profile display.

22.2 Deletion: Analysis results are stored; source photos are deleted within 30 days unless you choose to save them.

22.3 Security: Photo uploads are encrypted; access is restricted to authorized astrologers only for service delivery.

23.1 Primary Storage: All personal data of Indian users is primarily stored on servers located within India, in compliance with data localization requirements.

23.2 Permitted Transfers: Limited data may be transferred outside India to cloud service providers with adequate data protection (AWS Mumbai, Google Cloud Mumbai), payment processors with PCI-DSS global infrastructure, or analytics services with data anonymization.

23.3 Safeguards: All international transfers are protected by Standard Contractual Clauses (SCCs) approved under Indian law, adequacy decisions for recipient jurisdictions, encryption during transit, and Data Processing Agreements with processors.

23.4 Sensitive Personal Data: Financial data, government IDs (if collected), and health-related data disclosed during consultations receive enhanced protection and localized storage.

24.1 Anonymized Research: We may use aggregated, anonymized data for astrological research and trend analysis, academic partnerships (no individual identification possible), and publication of generalized insights.

24.2 Publication Standards: Before any research publication, we ensure data aggregation across a minimum of 1,000 users, removal of all direct and indirect identifiers, statistical techniques to prevent re-identification, and external privacy expert review.

24.3 Opt-Out: You may opt-out of research use in Privacy Settings, though this does not affect already anonymized datasets.

25.1 Chat and Call Monitoring: All chat conversations and voice calls between users and astrologers are recorded and stored for quality assurance, reviewed for policy compliance (fraud, abuse detection), used for dispute resolution and refund adjudication, and accessible to users for their own consultation history.

25.2 Monitoring Disclosure: Both users and astrologers are notified of recording at the start of each interaction. Continuation constitutes consent.

25.3 Access: Users may request transcripts of their own consultations. Third-party access requires legal process or explicit user authorization.

26.1 Consent Basis: Marketing communications are sent only with your explicit consent or under legitimate interest where law permits.

26.2 Channels: We may contact you via email (promotional newsletters, offers), SMS/WhatsApp (transactional and promotional with consent), push notifications (app-based, controlled by your device settings), and in-app messages.

26.3 Opt-Out: You may opt-out of marketing at any time by clicking 'Unsubscribe' in emails, replying 'STOP' to SMS, adjusting notification preferences in app settings, or contacting support@myastrotech.com.

26.4 DND Compliance: We respect the National Do Not Call (DND) registry. If your number is DND-registered, we send only transactional communications unless you explicitly opt-in to marketing.

27.1 Social Login: You may register/login using Google, Facebook, or Apple accounts. These services share your profile name and email (basic registration) and optionally your profile photo.

27.2 Data Sharing with Integrations: We integrate with:

• Razorpay/CCAvenue: Payment processing (financial data)
• AWS/Google Cloud: Hosting and storage (all encrypted data)
• Twilio/SendGrid: SMS and email delivery (contact info, message content)
• Google Analytics/Firebase: Usage analytics (anonymized device data)
• Freshdesk/Zendesk: Customer support (support query content)

27.3 Responsibility: Third-party services are governed by their own privacy policies. We encourage review before use.

28.1 When Required: We conduct DPIAs for:

• Large-scale processing of sensitive data
• Systematic monitoring of publicly accessible areas
• Use of new technologies (AI/ML for personalization)
• Processing that may result in high risk to data principals

28.2 Publication: Summary findings of DPIAs are published in our annual transparency report (where appropriate and non-security-sensitive).

29.1 Disclosure: We publish an annual report including:

• Number of data requests from government agencies
• Number of data breach incidents and remediation steps
• Summary of grievances received and resolved
• Third-party processor audit results
• Data retention compliance statistics

29.2 Availability: Published on www.myastrotech.com by June 30 each year for the preceding financial year.

30.1 Principles: We implement the following privacy-by-design principles:

• Data Minimization: Collect only necessary data for the specified purpose
• Purpose Limitation: Use data only for the collected purpose or compatible purposes
• Storage Limitation: Delete data when no longer necessary
• Default Privacy: Most restrictive privacy settings as default for new users
• Encryption by Default: All sensitive data encrypted at rest and in transit