✦ Privacy · गोपनीयता ✦

Privacy Policy

How AstroReeti protects your birth data and personal information — DPDP Act 2023 compliant, transparent, and written in plain language.

EffectiveMay 2, 2025

Last updatedMay 2, 2025

Version1.0.3

CompanyIntellara Technologies Private Limited

Product: AstroReeti — Mobile Application & Web Application Company: Intellara Technologies Private Limited Effective Date: May 2, 2025 Last Updated: May 2, 2025 Version: 1.0.3 Privacy Contact: [email protected] | +917411609955 | https://www.astroreeti.com/privacy

Your privacy matters to us. This Privacy Policy explains in plain language
what Personal Data we collect, why we collect it, how we use and protect it,
with whom we share it, and what rights you have over it — wherever you are in
the world.

1. INTRODUCTION AND SCOPE

Intellara Technologies Private Limited ("Company," "We," "Us," "Our") is committed to protecting the privacy, confidentiality, and security of your Personal Data. We operate AstroReeti, a Vedic astrology platform available globally through our mobile application (iOS and Android) and web application.

1.1 Scope of This Policy

This Privacy Policy applies to:

All Personal Data collected through the AstroReeti mobile application;
All Personal Data collected through the AstroReeti web application at www.astroreeti.com;
All interactions with our AI assistant, Reeti Chat;
All support, billing, and marketing communications with Users;
All data collected via cookies, analytics, and other tracking technologies on our digital properties.

This Policy does not apply to:

Third-party websites, applications, or services linked from the Platform (they have their own privacy policies);
Data processed by Apple or Google in connection with in-app purchases;
Employee or contractor data.

1.2 Our Commitment

We collect only the data we need, process it transparently, protect it with industry-standard security, and respect your rights under applicable law in your jurisdiction.

1.3 Global Compliance Framework

This Policy is designed to comply — as applicable — with:

Regulation	Jurisdiction
Digital Personal Data Protection Act, 2023 (DPDP Act)	India
Information Technology Act, 2000 & Rules	India
General Data Protection Regulation (GDPR — EU) 2016/679	European Union / EEA
UK General Data Protection Regulation (UK GDPR)	United Kingdom
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)	California, USA
Children's Online Privacy Protection Act (COPPA)	United States
Personal Information Protection and Electronic Documents Act (PIPEDA)	Canada
Lei Geral de Proteção de Dados (LGPD)	Brazil
Protection of Personal Information Act (POPIA)	South Africa
Personal Data Protection Act (PDPA)	Singapore / Thailand
Privacy Act 1988 (as amended)	Australia
ePrivacy Directive / Cookie Law	EU / EEA

2. DATA CONTROLLER / DATA FIDUCIARY IDENTITY

2.1 Primary Controller / Fiduciary

For the purposes of applicable global data protection law, the entity responsible for your Personal Data is:

Intellara Technologies Private Limited CIN: [To be updated upon registration] Registered Office: [Full Registered Address], Bengaluru, Karnataka, India Privacy Contact: [email protected] | Phone: +917411609955

Under GDPR: The Company is the Data Controller.
Under DPDP Act (India): The Company is the Data Fiduciary.
Under CCPA/CPRA: The Company is the Business.
Under LGPD: The Company is the Controlador.
Under PIPEDA: The Company is the Organization responsible for Personal Information.

2.2 EU/UK Representative

[Name of EU/UK GDPR Representative — to be appointed per Article 27 GDPR if Company has no EU establishment] Address: [EU/UK Representative Address] Email: [email protected]

(Required where the Company processes data of EU/UK residents without an establishment in the EU/UK and is not exempt from the representative requirement.)

2.3 Data Protection Officer (DPO)

If required by applicable law (e.g., GDPR Article 37): DPO Name: [Name, if appointed] DPO Email: [email protected]

3. PERSONAL DATA WE COLLECT

3.1 Data You Provide Directly

When you create an Account, use features, or contact us, you provide:

Category	Examples
Identity Data	Full name, gender, date of birth, time of birth, place of birth
Contact Data	Email address, mobile phone number, country of residence
Account Credentials	Username, password (stored in cryptographically hashed form — never in plaintext)
Communication Data	Support messages, feedback, survey responses, queries to Reeti Chat
Profile Preferences	Notification preferences, language settings, saved readings, bookmarked content
Compatibility Data	Names and birth details of individuals you add for compatibility (Milan Vichar) analysis, with their consent

3.2 Astrological Data (Special / Sensitive Category)

Birth date, time, and place are central to generating your Vedic birth chart. We treat these as sensitive personal data requiring heightened protection:

Lagna (ascendant) and planetary positions
Navamsa chart data
Dasha period calculations
Transit and progression data
Yoga and Dosha assessments
Compatibility scores and synastry data

This data is processed solely to deliver the astrological services you request. See Section 15 for specific protections.

3.3 Payment and Billing Data

Category	Details
Billing Information	Name, billing address, email
Payment Method	Card details (processed and tokenised by Payment Processor only — we never store raw card numbers)
Transaction Records	Subscription plan, amount, currency, date, payment status, transaction ID

**We never store your raw credit/debit card numbers, CVV codes, or bank
account details.** These are handled exclusively by PCI-DSS compliant Payment
Processors (Stripe, Razorpay, Apple, Google).

3.4 Data Collected Automatically

When you use the Platform, we automatically collect:

Category	Examples
Device Data	Device type, model, operating system and version, unique device identifiers (IDFA/GAID where applicable and consented), app version, screen resolution
Usage / Behavioural Data	Features accessed, pages viewed, content interacted with, session start/end times, click patterns, in-app navigation
Log / Technical Data	IP address, browser type and version, referral URL, error logs, crash reports, timestamps
Approximate Location	Country and city-level location inferred from IP address, used for timezone determination and planetary transit calculations
Precise Location	Only collected if you grant explicit GPS permission; used for birth place selection assistance only
Network Data	Internet service provider, connection type

3.5 Reeti Chat Data

All queries you send to Reeti Chat and all AI-generated responses are stored as described in Section 13. This includes the full conversational content of your Reeti Chat sessions.

3.6 Data from Third-Party Authentication Providers

If you register or sign in using Google, Apple Sign-In, or Facebook Login, we receive certain profile data from those providers as permitted by your settings on their platforms:

Google: name, email, profile picture, Google account ID
Apple: name (optional), email (may be relayed/anonymised by Apple)
Facebook: name, email, Facebook user ID

We do not receive or store your social media passwords.

3.7 Data from Analytics and Advertising Partners

We use analytics tools (such as Firebase Analytics, Mixpanel, or similar) that collect aggregated and pseudonymised usage data. We do not sell your data to advertisers. If we use any advertising services, your data is processed only in accordance with your consent.

4. PURPOSES OF PROCESSING AND LEGAL BASES

The table below sets out each purpose for which we process Personal Data, along with the applicable legal basis under major global frameworks.

Purpose	GDPR Basis (Art. 6)	DPDP Act Basis	CCPA Category	LGPD Basis
Account creation and authentication	Contractual necessity (6(1)(b))	Consent / Contract	Identifiers	Contract (Art. 7(V))
Delivering astrological services and charts	Contractual necessity (6(1)(b))	Consent	Sensitive (birth data)	Contract
Operating Reeti Chat	Contractual necessity (6(1)(b))	Consent	Commercial info	Contract
Payment processing and billing	Contractual necessity (6(1)(b))	Contract	Financial info	Contract
Subscription management and renewal	Contractual necessity (6(1)(b))	Contract	Identifiers	Contract
Customer support	Legitimate interest (6(1)(f))	Consent / Contract	Identifiers	Legitimate interest
Security, fraud prevention, abuse detection	Legitimate interest (6(1)(f))	Legitimate purpose	Identifiers / Usage	Legitimate interest
Platform analytics and product improvement	Legitimate interest (6(1)(f))	Legitimate purpose	Usage data	Legitimate interest
AI model improvement (anonymised)	Legitimate interest / Consent	Consent	Inferences	Legitimate interest
Legal compliance (tax, regulations)	Legal obligation (6(1)(c))	Legal obligation	All categories	Legal obligation
Responding to law enforcement requests	Legal obligation (6(1)(c))	Legal obligation	All categories	Legal obligation
Marketing and promotional emails	Consent (6(1)(a))	Consent	Identifiers	Consent
Personalised content recommendations	Consent (6(1)(a))	Consent	Inferences	Consent
Research and aggregated analytics	Legitimate interest (6(1)(f))	Legitimate purpose	Statistical	Research (Art. 7(IV))

Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You can withdraw consent via your Account settings or by contacting [email protected]. Withdrawal may limit your ability to use certain Platform features.

5. HOW WE USE YOUR DATA

We use your Personal Data to:

Operate the Platform: Create and manage your Account, generate your birth chart, deliver astrological reports, and make Platform features available to you.
Run Reeti Chat: Process your queries to generate AI-powered astrological responses.
Process Payments: Initiate, process, and verify Subscription charges; prevent billing errors.
Personalise Your Experience: Remember your preferences, suggest relevant content, and tailor the Platform to your usage patterns.
Ensure Security: Detect and prevent fraud, unauthorised access, abuse, and violations of this Agreement.
Improve the Platform: Analyse usage patterns (in aggregate) to fix bugs, develop new features, and improve the User experience.
Communicate with You: Send service notifications, billing confirmations, security alerts, and (with consent) marketing content.
Comply with Law: Fulfil our legal and regulatory obligations in all jurisdictions where we operate.
Resolve Disputes: Investigate complaints, enforce our Terms, and resolve disputes.

6.1 We Do Not Sell Your Personal Data

Intellara Technologies Private Limited does not sell, rent, barter, or trade your Personal Data to any third party for their independent marketing or commercial purposes. This commitment applies globally, including under CCPA/CPRA (California), LGPD (Brazil), GDPR (EU/UK), and the DPDP Act (India).

6.2 Service Providers (Processors / Sub-Processors)

We share Personal Data with carefully vetted third-party service providers who process data on our behalf under strict contractual data processing agreements. These include:

Category of Provider	Purpose	Data Shared
Cloud Infrastructure	Hosting, storage, compute	Account data, astrological data, logs
Payment Processors (Stripe, Razorpay, Apple, Google)	Billing and transaction processing	Billing info, transaction data
AI / LLM Technology Providers	Powering Reeti Chat	Conversation content (anonymised/pseudonymised where possible)
Analytics Providers	Usage analytics, crash reporting	Pseudonymised usage/device data
Email / Push Notification Services	Service and marketing communications	Email, device tokens
Customer Support Platforms	Support ticket management	Name, email, support history
Identity / Authentication Providers	Social login	Name, email, social account ID
Security / Fraud Prevention	Fraud detection, bot prevention	IP, device data, usage patterns

All processors are contractually required to:

Process data only for specified, authorised purposes;
Implement appropriate technical and organisational security measures;
Notify the Company of any data breach;
Delete or return data upon termination of the service relationship;
Comply with applicable data protection law.

6.3 Legal Disclosures

We may disclose Personal Data where:

Required by applicable law, regulation, or court order;
Requested by a government authority, law enforcement agency, or regulator with lawful authority;
Necessary to protect the rights, property, safety, or security of the Company, our Users, or the public;
Required to investigate fraud or enforce our Terms.

We will, where legally permissible, notify you of any such disclosure request.

6.4 Business Transfers

In the event of a merger, acquisition, amalgamation, restructuring, or sale of all or substantially all of the Company's assets, your Personal Data may be transferred to the acquiring entity, provided that:

The acquiring entity agrees to be bound by protections equivalent to this Privacy Policy;
You are notified of the transfer and the new entity's privacy policy in advance.

If the acquiring entity's privacy practices differ materially, you will be given the opportunity to request deletion of your Account before the transfer takes effect.

6.5 Compatibility Feature (Milan Vichar)

If you use the compatibility matching feature:

Certain profile information (name, astrological summary) is shared only with the specific user you choose to connect with, and only with your explicit, opt-in consent.
You may revoke shared access at any time via Account settings.
Recipients of your compatibility data are bound by this Privacy Policy.
The Company does not use compatibility data for advertising or third-party sharing.

6.6 Aggregated and Anonymised Data

We may share aggregated, anonymised, or de-identified data (which cannot reasonably be used to identify you) with research institutions, industry bodies, or for publication, without restriction.

7. INTERNATIONAL DATA TRANSFERS

7.1 Where Your Data Goes

The Company is based in India. Personal Data may be transferred to, stored in, and processed in countries other than your own, including India and countries where our service providers operate (which may include the United States, the European Union, Singapore, and other locations).

7.2 Safeguards for Transfers

For transfers of Personal Data from the EU/EEA/UK, we rely on one or more of the following transfer mechanisms:

Mechanism	Applicability
EU Standard Contractual Clauses (SCCs — Commission Decision 2021/914)	Transfers from EU/EEA
UK International Data Transfer Agreement (IDTA)	Transfers from UK
Adequacy decisions	Where applicable
Binding Corporate Rules (if applicable in future)	Group-level transfers

For transfers from other jurisdictions, we implement equivalent contractual safeguards and comply with applicable local requirements (e.g., LGPD Chapter V for Brazil, DPDP Act s.16 for India once applicable rules are notified, PDPA requirements for Singapore/Thailand).

7.3 India Cross-Border Transfers

The Company will comply with all restrictions and requirements on cross-border personal data transfers notified by the Government of India under the DPDP Act, 2023 and its associated rules as they come into force.

8. DATA RETENTION

We retain Personal Data only for as long as necessary for the purposes set out in this Policy, or as required by applicable law. The table below sets out our standard retention periods:

Data Category	Retention Period	Basis for Retention
Account and profile data	Duration of active account + 3 years post-deletion	Legal compliance and dispute resolution
Astrological data (birth charts, readings)	Duration of active account + 3 years post-deletion	Service delivery and legal compliance
Reeti Chat conversation logs	90 days in identifiable form; thereafter anonymised indefinitely	Safety monitoring, service improvement
Payment and billing records	8 years from transaction date	Statutory accounting, tax, and audit requirements
Log and technical data (IP, error logs)	12 months	Security and fraud investigation
Support communications	3 years from last interaction	Dispute resolution, service quality
Marketing consent records	Until withdrawn + 3 years	Demonstrating lawful basis for marketing
Anonymised/aggregated analytics	Indefinitely	Product development (no personal data)
Data subject rights request records	5 years	Compliance documentation

8.1 Deletion and Anonymisation

Upon expiry of the applicable retention period, Personal Data is either:

Securely deleted (irreversible deletion using industry-standard methods); or
Anonymised (processed so that you cannot be identified from the data, directly or indirectly).

Deletion of your Account initiates the deletion process, subject to applicable retention obligations. Data subject to ongoing legal proceedings, regulatory requirements, or dispute resolution will be retained until the matter is resolved.

9. YOUR RIGHTS AS A DATA SUBJECT

Your rights vary depending on your jurisdiction. The table below summarises your rights under major applicable laws:

Right	GDPR (EU/UK)	DPDP Act (India)	CCPA/CPRA (California)	LGPD (Brazil)	PIPEDA (Canada)
Access / Know	✅ Art. 15	✅ S. 11	✅	✅ Art. 18	✅
Correction / Rectification	✅ Art. 16	✅ S. 12	✅ (CPRA)	✅ Art. 18	✅
Erasure / Deletion / "Right to be Forgotten"	✅ Art. 17	✅ S. 12	✅	✅ Art. 18	✅
Restriction of Processing	✅ Art. 18	❌	❌	✅ Art. 18	Partial
Data Portability	✅ Art. 20	❌ (pending rules)	✅ (CPRA)	✅ Art. 18	❌
Objection to Processing	✅ Art. 21	Partial	✅ (opt-out of sale)	✅ Art. 18	✅
Withdraw Consent	✅ Art. 7(3)	✅ S. 6	N/A	✅ Art. 8	✅
Automated Decision Objection	✅ Art. 22	Pending rules	✅ (CPRA)	✅ Art. 20	Partial
Nominate representative	❌	✅ S. 14	❌	❌	❌
Lodge complaint with supervisory authority	✅ Art. 77	✅ Data Protection Board	✅ California AG	✅ ANPD	✅ OPC

9.1 How to Exercise Your Rights

Submit a data rights request to: [email protected]

Include in your request:

Your full name and Account email address;
A clear description of the right you wish to exercise;
Any relevant details about the data concerned;
Proof of identity (to prevent fraudulent requests — we will request the minimum necessary verification).

Response Times:

Jurisdiction	Response Deadline
India (DPDP Act)	30 days
EU/UK (GDPR)	30 days (extendable to 90 days for complex requests)
California (CCPA)	45 days (extendable to 90 days)
Brazil (LGPD)	15 days
Canada (PIPEDA)	30 days
Other	30 days

9.2 Limitations on Rights

Certain rights may be limited where:

Exercising the right would affect the rights of third parties;
Retention is required by applicable law;
The data is necessary for the establishment, exercise, or defence of legal claims;
Applicable law otherwise provides for exemptions.

We will clearly communicate any limitations and the reason for them.

9.3 Complaints to Supervisory Authorities

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority:

Jurisdiction	Supervisory Authority
India	Data Protection Board of India (once constituted)
EU	Your national Data Protection Authority (DPA)
UK	Information Commissioner's Office (ICO) — ico.org.uk
California	California Privacy Protection Agency (CPPA)
Brazil	Autoridade Nacional de Proteção de Dados (ANPD)
Canada	Office of the Privacy Commissioner (OPC)
Australia	Office of the Australian Information Commissioner (OAIC)

10. SECURITY OF YOUR PERSONAL DATA

10.1 Technical Measures

We implement the following security controls:

Measure	Details
Encryption in Transit	TLS 1.2 / 1.3 for all data transmitted between your device and our servers
Encryption at Rest	AES-256 or equivalent for databases and storage containing sensitive Personal Data
Password Security	All passwords stored using bcrypt, scrypt, or Argon2 hashing — never in plaintext
Authentication	Multi-factor authentication (MFA) available to Users; enforced for all admin accounts
Access Controls	Role-based access control (RBAC) limiting employee access to Personal Data on a need-to-know basis
API Security	Authentication tokens, rate limiting, and input validation on all APIs
Vulnerability Management	Regular vulnerability scanning and periodic penetration testing
Dependency Security	Automated scanning of third-party libraries for known vulnerabilities
Infrastructure Security	Deployed on cloud infrastructure with SOC 2 / ISO 27001 certified providers

10.2 Organisational Measures

Employee training on data protection and security best practices;
Strict data access policies and security incident response procedures;
Confidentiality obligations for all staff and contractors with access to Personal Data;
Vendor security assessments before engaging new data processors;
Regular review and update of security policies.

10.3 Breach Notification

In the event of a Personal Data breach that poses a risk to your rights and freedoms, we will:

Notify the applicable regulatory authority within the required timeframe (e.g., 72 hours under GDPR; as required under applicable law for other jurisdictions);
Notify affected individuals without undue delay where the breach is likely to result in high risk to their rights;
Take immediate steps to contain and remediate the breach.

10.4 Limitation

Despite our security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You use the Platform at your own risk and should take your own precautions (e.g., using a strong, unique password and enabling MFA).

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 What We Use

Cookie Type	Purpose	Can You Opt Out?
Strictly Necessary	Session management, authentication, CSRF protection. The Platform cannot function without these.	No
Performance / Analytics	Understanding usage patterns, identifying errors, improving performance (e.g., Google Analytics, Firebase). Data collected in aggregate or pseudonymised form.	Yes
Functional	Remembering your preferences, language settings, saved reports, notification choices.	Yes (with reduced functionality)
Marketing / Targeting	Showing relevant advertisements or measuring campaign effectiveness. Used only with your explicit consent.	Yes (consent-based)

When you first visit the web application, we present a Cookie Consent Banner allowing you to accept, reject, or customise non-essential cookies. You can change your preferences at any time via the Cookie Preference Centre accessible in the website footer.

11.3 Mobile App Tracking

The mobile application uses:

Firebase Analytics / Crashlytics: For crash reporting and usage analytics (pseudonymised).
Advertising Identifiers (IDFA/GAID): Only accessed with your explicit permission, for app analytics and, where applicable, marketing measurement.

You can opt out of analytics tracking in the app settings and via your device's privacy settings (Limit Ad Tracking on iOS; Ad ID opt-out on Android).

11.4 Do Not Track

The Platform acknowledges "Do Not Track" (DNT) signals where technically feasible. However, as there is no universal standard for interpreting DNT signals, we apply our standard cookie preferences as described in this Section.

11.5 Third-Party Cookies

Some third-party service providers (analytics, advertising) may set their own cookies when you use our Platform. These are subject to those third parties' own cookie and privacy policies.

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

The Platform is not intended for children below the applicable minimum age:

Jurisdiction	Minimum Age
India	18 years
EU / EEA	16 years (or lower as permitted by Member State law, minimum 13)
UK	13 years
USA (COPPA)	13 years
Brazil	18 years (or with parental consent for 13–18)
All other jurisdictions	18 years or age of majority, whichever is higher

12.2 No Knowing Collection from Children

We do not knowingly collect Personal Data from individuals below the applicable minimum age without verifiable parental or guardian consent. If we discover that we have inadvertently collected data from a child without proper consent, we will delete it promptly.

Where a minor uses the Platform with parental consent, the parent or guardian:

Must complete the verification process specified in the Platform;
Assumes full responsibility for the minor's use of the Platform;
Agrees to this Privacy Policy and the Terms and Conditions on the minor's behalf.

12.4 Report Underage Use

If you believe a child has provided Personal Data to us without appropriate consent, please contact us immediately at [email protected]. We will take steps to delete such data.

13. REETI CHAT — AI DATA PROCESSING

13.1 Data Collected During Reeti Chat

When you interact with Reeti, we collect:

Conversation Content: The full text of your messages and Reeti's responses.
Session Metadata: Timestamps, session duration, feature area (e.g., which chart analysis was requested).
Device and Account Data: Associated with the conversation to link it to your Account for session continuity.

13.2 How Conversation Data Is Used

Use	Details
Service Delivery	Generating contextualised AI responses within your session
Safety Monitoring	Detecting harmful, abusive, or policy-violating content in real time
Quality Assurance	Human review of anonymised/pseudonymised conversations for quality and safety (limited team access under strict confidentiality)
AI Model Improvement	Anonymised or pseudonymised conversations may be used to improve AI systems. No identifiable data is used for AI training without your explicit consent.
Legal Compliance	Retaining logs where required by law

13.3 Data Retention for Reeti Chat

Identifiable conversation logs: Retained for 90 days in their original form.
Anonymised conversation data: May be retained indefinitely for model improvement and research.
Deleted conversations: Removed from active systems within 30 days of your deletion request.

Conversation data may be transmitted to our AI/LLM technology providers for inference processing. These providers act as data processors under contractual obligation and do not use your conversation data for their own independent purposes.

13.5 Sensitive Information Warning

⚠ Do not share the following with Reeti Chat:
- Government-issued ID numbers (Aadhaar, passport, SSN, etc.)
- Financial account numbers, PINs, or passwords
- Detailed medical or psychiatric history
- Information about third parties who have not consented to sharing
AI conversations are not privileged communications and should not contain
information you would treat as strictly confidential.

13.6 No Human Operator

Reeti is a fully automated AI system. Responses are not generated by human employees in real time. However, conversation logs may be reviewed by authorised staff for safety, quality, and legal compliance purposes.

14. PAYMENT DATA AND FINANCIAL INFORMATION

14.1 Payment Processing

All payment transactions are processed by PCI-DSS Level 1 compliant Payment Processors (Stripe, Razorpay, Apple, Google). We do not store raw card numbers, CVV codes, or full bank account details on our systems.

14.2 What We Store

We store:

Billing name and address
Email address for billing receipts
Subscription plan and status
Transaction IDs, amounts, dates, and currency
Tokenised payment method reference (provided by the Payment Processor)
Tax invoices and receipts

14.3 Chargeback and Dispute Data

If you initiate a payment dispute, we may process and share transaction data, usage records, and Agreement acceptance records with the Payment Processor, card network, and relevant financial institution to defend against the dispute.

14.4 Financial Data Retention

Transaction and billing records are retained for 8 years from the transaction date for statutory accounting, tax audit, and legal purposes.

15. ASTROLOGICAL AND SENSITIVE DATA

15.1 Why Astrological Data Is Sensitive

Your birth date, time, and place are used to construct your Vedic birth chart. In the context of the Platform, these are treated as sensitive personal data because:

They can reveal information about your life circumstances, personality, and health tendencies as interpreted astrologically;
They are unique identifiers that, in combination, could allow identification;
Users may consider this information deeply personal.

15.2 Protections Applied

Astrological data is processed only for the purpose of delivering the astrological services you explicitly request.
This data is not used for advertising targeting, sold to third parties, or shared beyond what is necessary to operate the Platform.
This data is encrypted at rest and in transit.
Access is restricted to necessary technical systems only.

15.3 Compatibility Data

When you use the Milan Vichar (compatibility) feature:

You may enter birth data for another person (e.g., a partner or family member).
You represent that you have obtained the explicit consent of that individual to input their data.
If you share your compatibility profile with another user via QR code or link, only the data elements you explicitly choose to share are disclosed.
The Company is not responsible for data entered about third parties without their consent.

16. THIRD-PARTY SERVICES AND LINKS

16.1 External Links

The Platform may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal data.

16.2 Third-Party Authentication

If you use Google, Apple, or other third-party sign-in, those providers' privacy policies apply to your data on their platforms. We receive only the minimum necessary data for authentication.

16.3 Embedded Third-Party Content

Certain features may embed third-party content (e.g., maps for birth place selection). Such embeddings may result in those third parties receiving your IP address. This is a standard technical consequence of such features.

17. MARKETING AND COMMUNICATIONS

17.1 Marketing Emails and Notifications

We will only send you marketing communications if you have:

(a) Explicitly opted in during registration or via your Account settings; or
(b) Previously subscribed to a paid plan and not opted out (where permitted by applicable law — e.g., "soft opt-in" under UK/EU rules).

17.2 Opt-Out

You may opt out of marketing communications at any time by:

Clicking the "Unsubscribe" link in any marketing email;
Updating your notification preferences in Account settings;
Contacting [email protected].

Opt-out requests for marketing are processed within 10 business days. Opting out of marketing does not affect service communications (account alerts, billing, security).

17.3 Push Notifications

The mobile app may send push notifications for service updates and (with consent) promotions. You can disable push notifications via your device settings or in-app preferences at any time.

18. AUTOMATED DECISION-MAKING AND PROFILING

18.1 Astrological Calculations

The Platform uses automated algorithms to calculate your birth chart, Dasha periods, transits, and other astrological metrics from your birth data. These are computational calculations, not consequential automated decisions in the regulatory sense.

18.2 No High-Stakes Automated Decisions

We do not use automated decision-making to make decisions that significantly affect your legal rights or financial circumstances (e.g., we do not use astrology to approve or deny loans, insurance, employment, or credit).

18.3 AI Personalisation

Reeti Chat uses AI to generate personalised responses. This constitutes automated content generation but not high-stakes automated decision-making. You retain full human oversight over any life decisions.

If, in future, we introduce any processing that constitutes high-risk automated decision-making as defined by GDPR Article 22, we will:

Notify Users explicitly;
Obtain explicit consent where required;
Implement appropriate safeguards and the right to human review.

19. JURISDICTION-SPECIFIC SUPPLEMENTS

19.1 India (DPDP Act, 2023 and IT Act, 2000)

Data Fiduciary: Intellara Technologies Private Limited Legal Framework: Digital Personal Data Protection Act, 2023; IT Act, 2000; IT (Reasonable Security Practices) Rules, 2011; IT (Intermediary Guidelines) Rules, 2021

Your Rights Under DPDP Act:

Right	Description
Access	Request a summary of your Personal Data and information about its processing
Correction	Request correction of inaccurate or outdated data
Erasure	Request deletion of your Personal Data (subject to legal retention obligations)
Withdraw Consent	Withdraw consent for consent-based processing at any time
Grievance	Lodge a grievance with the Grievance Officer within the Platform
Nominate	Nominate a person to exercise your rights in the event of death or incapacity
Complaint to Data Protection Board	Escalate unresolved grievances to the Data Protection Board of India

Grievance Officer (India):

Name: Neetu Sharma
Designation: Director, Intellara Technologies Private Limited
Email: [email protected]
Phone: +917411609955
Acknowledgement: Within 24 hours | Resolution: Within 15 business days

Legal Basis Summary (Art. 6 GDPR): See Section 4.

Special Category Data (Art. 9 GDPR): Birth time and place, used to infer potential health and personality-related astrological information, may qualify as special category data in certain interpretations. We process this data solely on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you provide at the time of entering birth details.

International Transfers: We rely on EU Standard Contractual Clauses (SCCs, Commission Implementing Decision 2021/914) for transfers from the EEA to our processors in third countries.

Your GDPR Rights: Access, Rectification, Erasure, Restriction, Portability, Objection, Withdraw Consent, and Complaint to your national DPA (Art. 77).

Data Protection Officer (DPO): [DPO Name, if applicable] — [email protected]

EU Representative (Art. 27 GDPR): [Name and Address] — [email protected]

Right to Lodge a Complaint: You may lodge a complaint with your national supervisory authority. A list is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

The Company processes Personal Data of UK residents in compliance with UK GDPR and the Data Protection Act 2018.

UK Representative (if applicable): [Name and UK Address] ICO Registration Number: [To be obtained] Complaints: You may lodge a complaint with the ICO at: https://ico.org.uk/make-a-complaint/

19.4 California, United States (CCPA / CPRA)

Privacy Notice for California Residents

This section supplements the Privacy Policy for California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of Personal Information Collected:

CCPA Category	Examples	Collected?
Identifiers	Name, email, IP address, device ID	✅
Personal Records	Name, financial information	✅
Protected Characteristics	Birth date, gender	✅
Commercial Information	Purchase history, subscription	✅
Internet Activity	Usage data, browser history on Platform	✅
Geolocation	Approximate location from IP	✅
Inferences	Astrological profile, preferences	✅
Sensitive Personal Information	Precise geolocation (if granted), account login credentials	✅ (with consent)

Your California Rights:

Right to Know: What personal information we collect, use, disclose, or sell.
Right to Delete: Request deletion of your personal information.
Right to Correct: Request correction of inaccurate personal information (CPRA).
Right to Opt-Out: We do not sell or share personal information for cross-context behavioural advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
Right to Limit Use of Sensitive Personal Information (CPRA): You may request we limit use of sensitive personal information to what is necessary to perform the service.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Submitting CCPA Requests: Email [email protected] with "California Privacy Request" in the subject line. Authorised Agent: California residents may designate an authorised agent to submit requests. Verification: We will verify your identity before processing requests. Shine the Light: California residents may request information about disclosures of personal information to third parties for direct marketing purposes.

19.5 Brazil (LGPD — Lei Geral de Proteção de Dados)

Controlador: Intellara Technologies Private Limited Legal Bases: See Section 4 (LGPD column). Your LGPD Rights (Art. 18): Confirmation, access, correction, anonymisation/blocking/deletion, portability, information about sharing, information about refusal of consent, revocation of consent, review of automated decisions, and complaint to the ANPD. International Transfers: Covered by contractual safeguards (LGPD Art. 33). DPO (Encarregado): [Name / Contact — required for LGPD compliance] ANPD: You may contact the Autoridade Nacional de Proteção de Dados at www.gov.br/anpd

19.6 Canada (PIPEDA and Quebec Law 25)

Organization: Intellara Technologies Private Limited Privacy Officer: [email protected] Principle-Based Compliance: We adhere to PIPEDA's 10 fair information principles: Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use, Disclosure and Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance. Quebec Residents: Quebec's Act respecting the protection of personal information in the private sector (Law 25) provides additional rights. You may request access, correction, and deletion of your personal information and withdraw consent. OPC Complaint: You may file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca

19.7 Australia (Privacy Act 1988)

APP Entity: Intellara Technologies Private Limited Australian Privacy Principles (APPs): We comply with the APPs under the Privacy Act 1988 (Cth). Cross-Border Transfers: We take reasonable steps to ensure overseas recipients handle data consistently with the APPs. OAIC Complaints: You may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au

19.8 South Africa (POPIA)

Responsible Party: Intellara Technologies Private Limited Information Officer: [Name] | [email protected] Lawful Grounds: We process Special Personal Information (including biographic data) under POPIA Section 27 conditions, primarily with explicit consent. POPIA Rights: Right to access, correction, deletion, objection to processing, and complaint to the Information Regulator. Information Regulator: www.justice.gov.za/inforeg

19.9 Singapore and Southeast Asia (PDPA)

Organisation: Intellara Technologies Private Limited Data Protection Officer (Singapore): [Name] | [email protected] PDPC: You may lodge a complaint with the Personal Data Protection Commission at www.pdpc.gov.sg We process personal data of Singapore residents in accordance with the Personal Data Protection Act 2012 (as amended), including obligations relating to data breach notification, data portability, and data intermediary contracts.

20. CHANGES TO THIS PRIVACY POLICY

20.1 How We Notify You

We may update this Privacy Policy from time to time. When material changes are made, we will:

Email notification: Sent to your registered email address at least 15 days before the change takes effect (30 days for EU/UK users where required);
In-app notification: A prominent notice in the Platform;
Updated "Last Updated" date at the top of this Policy.

For non-material clarifications, we update the Policy without prior notice but update the date.

Where a change requires fresh consent under applicable law (e.g., a new purpose for processing, use of previously collected data for AI training), we will obtain your explicit consent before proceeding.

20.3 Your Right to Object

If you do not accept a material change to this Policy, you may delete your Account within the notice period. After account deletion, you will receive a pro-rata refund for any unused paid Subscription period.

21. GRIEVANCE REDRESSAL AND CONTACT

21.1 How to Contact Us

Contact	Details
Email	[email protected]
Phone	+917411609955
Website	https://www.astroreeti.com/privacy

21.2 Grievance Officer (India — IT Rules 2021)

In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:

Name: Neetu Sharma
Designation: Director, Intellara Technologies Private Limited
Email: [email protected]
Phone: +917411609955
Address: 648/A, 4th Floor, Binnamangala Stage 1, Indiranagar, Bengaluru, Karnataka-560038
Acknowledgement: Within 24 hours of receipt
Resolution: Within 15 business days of receipt

21.3 Response Timeframes

Jurisdiction	Response Timeframe
India	30 days (DPDP Act)
EU/UK	30 days (GDPR, extendable to 90 days)
California	45 days (CCPA, extendable to 90 days)
Brazil	15 days (LGPD)
Canada	30 days (PIPEDA)
All others	30 days

⚖ DISCLAIMER: This Privacy Policy is a legal document designed to protect
your rights and the Company's compliance obligations. If you have questions
about your privacy rights, please consult a qualified legal or privacy
professional in your jurisdiction. This document does not constitute legal
advice.

Questions about this document?

Contact our privacy team at [email protected] or call +917411609955.

TABLE OF CONTENTS