Privacy Policy

Last Updated: December 2, 2024 | Version 2.0

            Your Privacy Matters: Naksha is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our services.
        

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use our services, we collect:

Data Type	Purpose	Legal Basis (GDPR)
Email Address	Account identification, communication, marketing (with consent)	Contract performance, Consent (marketing)
Name	Personalization, account display	Contract performance
Profile Picture	Account display, personalization	Consent (optional)
Date of Birth	Astrological calculations	Contract performance
Time of Birth	Accurate chart calculations	Contract performance
Place of Birth	Geographic coordinates for charts	Contract performance

1.2 Automatically Collected Information

We automatically collect certain information when you access our Service:

Usage Data: Pages visited, features used, time spent
Device Information: Browser type, operating system, device identifiers
IP Address: For security, fraud prevention, and approximate location
Cookies and Similar Technologies: Authentication tokens, preferences

1.3 Third-Party Authentication Data

When you sign in with Google OAuth, we receive:

Google ID (unique identifier)
Email address
Name
Profile picture (if available)

We do not have access to your Google password.

1.4 AI Interpretation Logs

We store logs of AI-generated interpretations to:

Reduce API costs by caching responses for similar queries
Improve service quality
Debug issues

These logs are retained as long as your account is active or for 1 year, whichever is shorter.

2. How We Use Your Information

2.1 Service Provision

Purpose	Data Used	Legal Basis
Calculate birth charts (KP astrology)	Birth date, time, place	Contract performance
Generate AI interpretations	Chart data, planetary positions	Contract performance
Marriage compatibility analysis	Your birth data only (third-party data entered for calculations is not stored)	Contract performance
Save and retrieve charts	Account data, birth data	Contract performance

2.2 Account Management

Create and maintain your user account
Authenticate your identity
Manage subscription tiers and access levels
Track usage limits (e.g., interpretation query limits)

2.3 Communication

Service-related: Account notifications, policy changes, support responses (Legal basis: Contract performance, Legitimate interest)
Marketing: Promotional emails about new features (Legal basis: Consent - you can opt out at any time)

2.4 Service Improvement

Analyze usage patterns to improve features
Debug and fix technical issues
Develop new features based on user needs
Anonymized data may be used for service improvement (Legal basis: Legitimate interest)

2.5 Security and Fraud Prevention

Detect and prevent unauthorized access
Monitor for abuse or violations of terms
Enforce usage limits and fair use policies

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

3.1 Third-Party Service Providers

Service Provider	Purpose	Data Shared	Location
Google OAuth	Authentication	None (Google provides data to us)	United States
DeepSeek	AI-powered interpretations	Anonymized astrological calculation data only (planetary positions, house cusps, nakshatra placements). All personally identifiable information is stripped before transmission.	People's Republic of China
MongoDB Atlas	Database hosting	All account and birth data	United States
Amazon Web Services (AWS)	Application hosting	All data in transit/processing	United States
Stripe	Payment processing	Email, transaction details	United States
Microsoft Clarity	Analytics and usability tracking	Usage data (clicks, scrolling, page views), session recordings, device/browser information	United States

            AI Processing Information:

            When you request AI-powered interpretations, anonymized astrological calculations are processed by DeepSeek's servers, which are located in the People's Republic of China.

            What is sent to DeepSeek:
            Only mathematical calculations: Planetary positions (e.g., "Sun at 23° Aries"), house cusps, nakshatra placements, and similar astronomical values
What is NOT sent: Your name, email address, account information, birth date, birth time, birth place, or any other personally identifiable information
All personally identifiable information is permanently stripped on our US-based servers before any calculations are sent for AI processing

            Privacy impact:
            Since only anonymized numerical calculations are processed (with no identifying information), there is no privacy risk to your personal data
These calculations cannot be traced back to you or linked to any individual

3.2 Legal Requirements

We may disclose your information if required to:

Comply with legal obligations, court orders, or subpoenas
Protect our rights, property, or safety
Investigate fraud or security issues
Enforce our Terms of Service

3.3 Business Transfers

If Naksha is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you via email and/or prominent notice on our Service before your data becomes subject to a different privacy policy.

4. International Data Transfers

4.1 Personal Data Storage and Processing Locations

Your personal data (name, email, birth details, account information) is stored and processed exclusively in:

United States: All personal data storage (MongoDB Atlas on AWS), payment processing (Stripe), authentication (Google)

Anonymized calculations (non-personal data) may be processed in:

People's Republic of China: AI interpretation processing (DeepSeek) receives only anonymized astrological calculations such as planetary positions and house cusps. No personally identifiable information is transmitted.

4.2 Safeguards for EU/UK Users

For transfers from the EU/UK to the United States, we rely on:

Standard Contractual Clauses (SCCs) with our service providers
The EU-US Data Privacy Framework (where applicable)

            Note on Anonymized Data Processing: The anonymized astrological calculations sent to DeepSeek do not constitute personal data under GDPR Article 4(1) or CCPA definitions, as they cannot be used to identify any individual. Therefore, data protection regulations governing personal data transfers do not apply to this processing.
        

5. Data Storage and Security

5.1 Where We Store Your Data

Primary Database: MongoDB Atlas (United States - AWS us-east-1 region) - stores all account data and personally identifiable information
Application Servers: Amazon Web Services (United States)
AI Processing: DeepSeek (People's Republic of China) - receives only anonymized astrological calculation data for temporary processing; no personally identifiable information is sent or stored

5.2 Security Measures

We implement industry-standard security measures:

Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
Authentication: Secure JWT token-based authentication with HttpOnly cookies
Access Controls: Role-based access with admin privileges
Monitoring: Regular security monitoring and logging
Database Security: MongoDB authentication and network restrictions

5.3 Data Retention

Data Type	Retention Period
Account Data (email, name, profile)	Until you delete your account
Birth Charts and Saved Data	Until you delete them or close your account
AI Interpretation Logs	While account is active OR 1 year, whichever is shorter
Usage Logs	90 days for security and debugging
Payment Records	7 years (legal/tax requirement)
Database Backups	1 year

6. Your Privacy Rights

You have the following rights regarding your personal data:

6.1 Access and Portability

Right to Access: You can request a copy of all personal data we hold about you.

Right to Data Portability: You can export your birth charts and profile data in a machine-readable format through your account settings.

6.2 Correction and Deletion

Right to Rectification: You can update your profile information at any time through your account settings.

Right to Deletion: You can delete your account and all associated data at any time through your account settings. This action is irreversible.

6.3 Marketing Opt-Out

You can opt out of marketing emails at any time by:

Clicking the "unsubscribe" link in any marketing email
Updating your preferences in account settings

6.4 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

Right to lodge a complaint with your local data protection authority
Right to data portability in a structured, commonly used format
Right to know the legal basis for processing your data (see tables above)
Right not to be subject to automated decision-making - you may request human review of AI-generated interpretations

For EU users, the relevant supervisory authority depends on your country of residence.

6.5 UK GDPR Rights (UK Users)

If you are in the United Kingdom, you have similar rights under the UK GDPR. The relevant supervisory authority is the Information Commissioner's Office (ICO).

6.6 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed (we do NOT sell data)
Right to opt-out of the sale of personal information (not applicable - we don't sell data)
Right to deletion of personal information
Right to non-discrimination for exercising CCPA rights

6.7 How to Exercise Your Rights

To exercise any of these rights:

Self-Service: Most actions (access, update, delete) can be done in your account settings
Response Time: We will respond within 30 days (or sooner as required by law)

7. Cookies and Tracking Technologies

7.1 What We Use

Naksha uses the following technologies:

Cookie/Technology	Purpose	Type
Authentication Cookies	HttpOnly JWT tokens for secure session management	Essential
Preference Cookies	Remember your settings and preferences	Functional
Local Storage	Store non-sensitive data for faster page loads	Functional
Microsoft Clarity	Analytics and usability tracking (heatmaps, session recordings, usage patterns)	Analytics

Third-Party Analytics: We use Microsoft Clarity to analyze user behavior and improve app usability. Clarity may collect:

Usage data (clicks, scrolling, page views)
Session recordings (anonymized interactions with the interface)
Heatmaps showing highly-used areas of the app
Device and browser information

Clarity data is processed by Microsoft and subject to Microsoft's privacy policies. For more information, see Microsoft's Privacy Statement.

We do not use:

Advertising or tracking cookies for marketing purposes
Social media tracking pixels
Cross-site tracking

7.2 Cookie Control

You can control cookies through your browser settings. Note that disabling essential authentication cookies will prevent you from using the Service.

8. Children's Privacy

Naksha is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child under 18, please contact us immediately, and we will delete it promptly.

9. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification for significant changes
Displaying a notification on your next login

Your continued use of the Service after changes constitutes acceptance of the updated policy. If you do not agree, you should stop using the Service and may delete your account.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours of becoming aware of the breach
Provide details about the breach and what data was affected
Explain steps we're taking to address the breach
Advise on actions you can take to protect yourself
Report to relevant authorities as required by law (e.g., supervisory authorities under GDPR)

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Since we do not use tracking cookies or third-party analytics, our Service effectively honors DNT by default. We do not track users across third-party websites.

13. Specific Disclosures by Jurisdiction

13.1 For EU Users (GDPR)

Legal Bases for Processing: See tables in Sections 1 and 2
Personal Data Transfers: Your personal data is transferred to the United States under adequacy mechanisms (Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable). Anonymized astrological calculations processed by AI services do not constitute personal data under GDPR Article 4(1) and therefore are not subject to Chapter V transfer requirements.
Your Rights: See Section 6.4
Supervisory Authority: Your local EU data protection authority

13.2 For UK Users (UK GDPR)

Supervisory Authority: Information Commissioner's Office (ICO), ico.org.uk
Your Rights: Similar to GDPR rights (see Section 6.5)

13.3 For California Users (CCPA)

In the past 12 months, we have:

Categories Collected: Identifiers (email, name), demographic information (birth data), usage data
Sources: Directly from you, automatically collected, from Google OAuth
Business Purpose: Service provision, as described in Section 2
Third Parties Shared With: Service providers only (see Section 3.1)
Sold: We do NOT sell personal information
Disclosed for Business Purpose: To service providers listed in Section 3.1

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us through our website's contact form.

Response Time: Within 30 days