Sankalpa Guru Technologies Private Limited · Pune, Maharashtra, India

Privacy Policy

Effective Date: 24 April 2026 Last Updated: 24 April 2026 Applicable Law: Digital Personal Data Protection Act, 2023 (DPDP Act) | Information Technology Act, 2000

1. Introduction

Sankalpa Guru Technologies Private Limited ("we," "us," "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Sankalpa Guru platform ("Platform").

This Policy complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

2. Data We Collect

2.1 Information You Provide

• Account Data: Name, email address, mobile number, profile photo.
• Birth & Astrological Data: Date of birth, time of birth, place of birth (collected for Jyotish/Kundali features). This constitutes Sensitive Personal Data under applicable law.
• Family Profile Data: Names and birth details of family members added to your profile.
• Payment Data: Transaction IDs, payment method type (card type, UPI ID). Full card numbers are never stored — processed by Razorpay/Stripe under PCI-DSS compliance.
• Communications: Support tickets, chat messages, feedback submissions.

2.2 Automatically Collected Data

• Device & Usage Data: IP address, browser type, operating system, pages visited, time spent, referring URLs.
• Location Data: Approximate location (city-level) for Panchang calculations. Precise GPS with explicit consent only.
• Cookies & Tracking: Session cookies (essential), preference cookies, analytics cookies (Google Analytics). See Section 7 for Cookie Policy.

2.3 Data from Third Parties

• Clerk Authentication: Login and identity verification data from Clerk.com.
• Razorpay/Stripe: Payment confirmation and transaction metadata.
• UIDAI/KYC Providers: Aadhaar verification status (not the Aadhaar number itself) from Karza/Signzy for Pandit verification.

3. Purpose of Processing (DPDP Act — Lawful Basis)

4. Sensitive Personal Data

Under the IT (SPDI) Rules 2011 and DPDP Act 2023, the following data we collect is classified as Sensitive Personal Data or Information (SPDI):

• Date of birth (when combined with birth time and place for astrological purposes)
• Financial account information (payment method details)
• Biometric data (Aadhaar verification status for Pandits)

We collect SPDI only with your explicit written consent and use it solely for the stated purpose.

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

• Pandit Partners: Your name, booking details, and service location are shared with the Pandit you book. Birth details are never shared with Pandits.
• Service Providers: Supabase (database hosting), Clerk (authentication), Razorpay/Stripe (payments), Anthropic (AI processing — queries only, no PII). All processors are bound by data processing agreements.
• Legal Requirements: If required by law, court order, or government authority.
• Business Transfer: In the event of a merger, acquisition, or sale of assets.

6. Data Retention

7. Cookie Policy

Essential Cookies (always active)

• Session management and authentication tokens
• Security and fraud prevention tokens

Functional Cookies (require consent)

• Language and region preferences
• Theme and display preferences

Analytics Cookies (require consent)

• Google Analytics (anonymised page-view data)
• Internal usage metrics

You may manage cookie preferences at any time via the Cookie Settings link in the footer.

8. Your Rights (DPDP Act 2023)

As a Data Principal under the DPDP Act 2023, you have the right to:

• Access: Obtain confirmation and a copy of your personal data we hold.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure (Right to be Forgotten): Request deletion of your personal data (subject to legal retention obligations).
• Grievance Redressal: Lodge a complaint with our Data Protection Officer.
• Nomination: Nominate a person to exercise rights on your behalf in the event of death or incapacity.

To exercise these rights, email: privacy@sankalpa.guru with subject "DPDP Data Rights Request."

9. Data Security

We implement the following security measures:

• AES-256 encryption at rest for sensitive data
• TLS 1.3 in transit
• Role-based access controls (RBAC) for internal staff
• Regular penetration testing and security audits
• Two-factor authentication for all staff accounts

10. Children's Privacy

The Platform is not directed to children under 18. We do not knowingly collect personal data from minors. If we discover we have inadvertently collected data from a minor, we will delete it immediately.

11. Data Protection Officer

Name: Rahul Pathare Email: dpo@sankalpa.guru Response Time: Within 30 days of receiving a request

12. Grievance Officer (IT Act 2000)

As required under the Information Technology (Intermediary Guidelines) Rules, 2021: Grievance Officer: Legal & Compliance Team Email: grievance@sankalpa.guru Response Time: Within 24 hours of acknowledgement, resolved within 15 days

13. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or prominent in-app notice at least 14 days before the change takes effect.

14. Contact

Email: privacy@sankalpa.guru Sankalpa Guru Technologies Private Limited, Pune, Maharashtra, India

This document is proprietary to Sankalpa Guru Technologies Private Limited. Unauthorised reproduction is prohibited.