Privacy Policy

Last updated:

Jyotish Jagat (“we”, “us”, “our”) operates the website at jyotishjagat.comand the underlying Vedic-astrology services. This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over your data under the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

1. Who is the data fiduciary?

For the purposes of the DPDP Act, the data fiduciary is Jyotish Jagat, operating from Jaipur, Rajasthan, India. You can contact our grievance officer at info.jyotishjagat@gmail.com.

2. What we collect

We collect only what we need to deliver our service, and we tell you when we collect it.

2.1 Account information

  • Email address — used as your unique identifier and for sending one-time login codes.
  • Name (optional) — used to personalize your experience.
  • Language and currency preferences.
  • Authentication metadata: timestamps of logins, hashed session identifiers, and aggregate counters used for rate-limiting.

2.2 Birth profile data

  • Full name, date of birth, time of birth, place of birth.
  • Geocoded latitude/longitude of birth place, derived from the place name you enter, to compute your astrological chart accurately.

Birth profile data is only stored if you explicitly opt in by enabling “Save Profile” on the kundli generation form. Otherwise the data is used only for the requested calculation and discarded.

2.3 Order and payment data

  • The services or products you purchase, the amount, and the currency.
  • A reference ID issued by our payment gateway (Razorpay) — we never store your card number, CVV, UPI PIN, or full bank details.
  • Shipping address (only when you order a physical product from our shop).

2.4 Technical data

  • IP address, browser type, operating system, and approximate location (country/region).
  • Pages visited and timestamps, used to debug issues and improve the product.
  • Cookies — we use a single first-party cookie (jj_session) to remember that you are signed in. We do not use third-party advertising trackers.

3. How we use your data

  • To authenticate you and protect your account.
  • To compute and deliver your kundli, matchmaking report, AI-generated answers, and other services you request.
  • To process orders, issue invoices, and ship physical products.
  • To send transactional emails (login codes, order confirmations, report ready notifications).
  • To respond to your support requests.
  • To detect and prevent fraud and abuse.
  • To comply with applicable laws and lawful requests from authorities.

We do not sell, rent, or trade your personal data, and we do not use it for behavioural advertising.

4. Sharing with third parties

We share data only with processors necessary to operate the service, under contracts that limit how they can use it:

  • Razorpay Software Pvt. Ltd. — payment processing. They receive the order amount, currency, and contact details for the transaction.
  • Email service provider — transactional email delivery (your email address and the message body).
  • Anthropic / OpenAI — AI model providers used to generate interpretations. They receive only the kundli numerical data and the question text; they do not receive your name, email, or contact details.
  • Cloud hosting (VPS provider) — encrypted server storage.
  • Government authorities — only when required by a valid legal order.

5. Data retention

  • Account data — retained while your account exists, plus 90 days after deletion for fraud-prevention audits.
  • Birth profiles — retained until you delete them, or until you delete your account.
  • Order records — retained for 8 years to comply with Indian tax law (Income Tax Act, 1961).
  • Server logs — retained for 90 days, then auto-deleted.
  • One-time login codes — deleted from cache within 5 minutes (whether used or not).

6. Security

Reasonable technical and organisational measures are in place to protect your data:

  • TLS 1.2+ encryption for all data in transit.
  • Hashed JWT tokens for session management; short access-token lifetimes.
  • Rate-limiting and brute-force protection on authentication endpoints.
  • Database backups with restricted access.
  • Regular dependency updates and security review of changes.

No system is impenetrable. If we become aware of a breach affecting your data we will notify you and the Data Protection Board within the timelines required by the DPDP Act.

7. Your rights under the DPDP Act

You have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data, subject to legal retention obligations.
  • Withdraw consent — at any time, for processing that relies on your consent.
  • Grievance redressal — escalate any concern to our grievance officer.
  • Nominate — appoint someone to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email info.jyotishjagat@gmail.com with the subject line “DPDP Request”. We will respond within 30 days.

8. Children

Our services are not directed at children under 18. We do not knowingly collect data from children. If we discover that a child has created an account, we will delete the account and associated data.

9. International transfers

Some of our processors (notably the AI model providers) operate servers outside India. Where such transfers happen, we rely on the contractual commitments of those processors and the cross-border transfer rules issued under the DPDP Act.

10. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the homepage and (where you have an account) by email. The “Last updated” date at the top of this page always reflects the current version.

11. Contact

Email: info.jyotishjagat@gmail.com
Address: Jaipur, Rajasthan, India.