Privacy Policy
Last updated: [Date]
Adiveda (“we”, “us”, or “our”), operating the website adiveda.in (the “Site”), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, and the rights you have over your information.
This policy is designed to comply with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) of India, the General Data Protection Regulation (EU/UK GDPR), and the California Consumer Privacy Act as amended by the CPRA (collectively, “applicable data protection laws”).
If you do not agree with this policy, please do not use the Site.
1. Who we are
For the purpose of the DPDP Act, the GDPR, and similar laws, the data fiduciary / controller is:
Adiveda
[Your registered business address, India]
Email: contact@adiveda.in
If you are located in the European Economic Area or the United Kingdom and need to contact us about data protection matters, please use the same email address.
2. What information we collect
We collect personal data in three ways: information you give us, information we collect automatically, and information we receive from third parties.
a. Information you give us
- Consultation enquiries: When you book a consultation, write to us, or fill in any contact form, we collect the information you choose to give us — typically your name, email address, phone number, date / time / place of birth, and any context you share about your question. Astrological birth data is sensitive to you personally; we treat it as confidential and do not share it.
- Newsletter / journal subscriptions: Your name (optional) and email address.
- Comments and replies: If commenting is enabled, the name, email address, and message you post, plus your IP address and browser user-agent (used to detect spam).
b. Information collected automatically
When you visit the Site, our servers and analytics tools automatically log:
- Your IP address (partially anonymised where supported);
- Browser type, operating system, language and approximate device class;
- Pages you visit, the order you visit them in, time on page, scroll depth;
- Referring URL (the page you came from) and outbound clicks (including clicks on affiliate links — see our Affiliate Disclosure);
- Date and time of visit.
This information is collected through standard server logs, cookies, and similar technologies (see our Cookie Policy).
c. Information from third parties
We may receive limited information from:
- Payment processors (e.g. Razorpay, Stripe, PayPal) — typically a transaction ID and the success / failure status of a payment. We do not receive your full card number.
- Calendar and communication providers (e.g. Google Calendar, WhatsApp) when you book a consultation.
- Social media platforms if you interact with us through them.
3. Why we collect it (purposes of processing)
We use your personal data for the following purposes:
- To deliver our services — preparing and conducting your consultation, sending the written summary, answering your questions.
- To take payment — processing transactions through our payment partners.
- To communicate with you — replying to your messages, sending you the journal if you have subscribed, sending essential service updates.
- To improve the Site — understanding which articles are useful, where readers get stuck, how to design better pages.
- To keep the Site secure — detecting fraud, abuse, scraping, and attempted intrusions.
- To comply with the law — meeting tax, accounting, and other statutory obligations.
We do not use your personal data to make automated decisions that have a legal or significant effect on you, and we do not sell your personal data to anyone.
4. Legal basis for processing
Depending on the activity, our legal basis for processing your personal data is one of the following:
- Your consent — for marketing emails, optional cookies, and any “sensitive personal data” you choose to share (such as date and time of birth used for an astrological reading);
- Performance of a contract — to deliver a consultation or product you have ordered;
- Legitimate interests — basic analytics, site security, fraud prevention, and replying to enquiries you initiate;
- Legal obligation — tax, accounting, regulatory requests;
- Vital interests — extremely rarely, where someone’s life or safety is involved.
Under India’s DPDP Act, where consent is the basis, we will request specific, informed and unambiguous consent before processing your data and you may withdraw that consent at any time.
5. Who we share your data with
We share personal data only with the categories of recipients listed below, and only as needed:
- Service providers acting as data processors on our behalf — for example: web hosting, email delivery (transactional and newsletter), analytics, messaging platforms, payment processors, calendar providers, cloud storage providers. These providers are bound by contracts requiring them to protect your data and only use it for the purposes we specify.
- Government, regulators, and law-enforcement authorities when we are legally required to disclose, or to protect our legal rights.
- Professional advisors such as our lawyers, accountants, or auditors, under duties of confidentiality.
- Successors in the event of a merger, acquisition, or sale of all or part of our business.
We do not sell or rent your personal data to third parties for their own marketing purposes.
6. International transfers
Some of our service providers (for example, messaging platforms and certain analytics providers) may store data outside India, including in the United States and the European Union. When your data is transferred outside your country of residence, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, adequacy decisions where available, and equivalent measures recognised under the DPDP Act.
7. How long we keep your data
- Consultation records and birth data: retained for seven (7) years after your last consultation, so we can answer follow-up questions, send timely reminders for transits that affect you, and meet tax / accounting requirements; you may ask for earlier deletion at any time.
- Order and tax records: retained for the period required by applicable tax law (typically eight years in India).
- Newsletter subscribers: until you unsubscribe, after which we retain a minimal suppression record (just your hashed email) so we do not accidentally email you again.
- Web server logs: typically retained for ninety (90) days for security and debugging.
- Comments: kept indefinitely unless you ask us to remove them or we choose to clean them up.
When the retention period expires, we securely delete or anonymise the data.
8. Your rights
Subject to applicable law and to verification of your identity, you have the following rights over your personal data:
- Right of access — ask us for a copy of the personal data we hold about you.
- Right of correction — ask us to fix data that is inaccurate or incomplete.
- Right of erasure — ask us to delete your data (“right to be forgotten”). We may retain some data where the law requires us to.
- Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of past processing.
- Right to restrict / object to certain processing.
- Right to data portability — receive your data in a structured, commonly-used, machine-readable format.
- Right to nominate (DPDP Act, India) — nominate any other individual to exercise your rights in the event of your death or incapacity.
- Right to grievance redressal (DPDP Act, India) — see Section 12 below.
- Right to non-discrimination (California, USA) — we will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, write to contact@adiveda.in. We will respond within thirty (30) days, or sooner where required by law.
9. Security
We use appropriate technical and organisational measures to protect your data — encrypted connections (HTTPS / TLS), encrypted storage where possible, access controls, regular software updates, and the principle of least privilege. No system on the internet is perfectly secure; if a breach affecting your personal data ever occurs we will notify you and, where required, the relevant authority (the Data Protection Board of India, supervisory authorities in the EU, and so on) within the timeframes set by law.
10. Children’s privacy
The Site is intended for users who are at least eighteen (18) years old. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please write to us and we will delete it.
11. Changes to this policy
We may update this policy from time to time — for example, when we add a new feature, change a service provider, or in response to a change in law. The “Last updated” date at the top of this page tells you when it was last revised. Material changes will be highlighted on this page; where required by law, we will obtain fresh consent.
12. Grievance officer (India) & contact
In accordance with the Information Technology Act, 2000, the rules made thereunder, and the DPDP Act, 2023, the grievance officer for Adiveda is:
Name: [Your name]
Designation: Grievance Officer, Adiveda
Email: grievances@adiveda.in (or your usual contact email)
Address: [Your registered business address, India]
The Grievance Officer will acknowledge your complaint within forty-eight (48) hours and aim to resolve it within thirty (30) days.
If you are not satisfied, you may file a complaint with the Data Protection Board of India (once operational) or the data protection regulator in your country of residence.
For all other questions, please write to contact@adiveda.in.
