Privacy Policy
Narad - Your Spiritual Companion
Effective Date: [To be set at launch] Last Updated: [To be set at launch]
1. Introduction
Welcome to Narad. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Narad mobile application ("App") and related services available at asknarad.com ("Website").
Narad is developed and operated by Abhishek, an individual developer based in Hyderabad, Telangana, India ("we," "us," or "our"). We are committed to protecting your privacy and handling your personal data responsibly in compliance with the Digital Personal Data Protection Act, 2023 ("DPDPA"), the Information Technology Act, 2000 ("IT Act"), and other applicable Indian laws.
This policy applies to all users of Narad, whether located in India or abroad.
By using Narad, you consent to the collection and use of your information as described in this policy. If you do not agree with this policy, please do not use the App.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, and profile photo (via Google OAuth sign-in)
- Personal Details: Date of birth, birth time, and birth city (used for panchang personalization and astrology features)
- Religious and Spiritual Preferences: Observance level (Devout, Balanced, Exploring), sampraday (sect/tradition), and language preferences
- Location: City and state for location-based panchang, festival, and pandit availability
- Contact Information: Phone number (optional), saved addresses for offline pandit bookings and deliveries
- Booking Information: Puja preferences, scheduling details, and booking history
- Chat Messages: Your conversations with Narad AI and messages exchanged with pandits regarding bookings
- Payment Information: Payment details processed securely through Razorpay (see Section 5 for details)
2.2 Information Collected Automatically
- Device Information: Device model, operating system version, unique device identifiers, and app version
- Usage Data: Features used, screens visited, session duration, and interaction patterns
- Log Data: Error logs and performance data (we ensure no personally identifiable information is included in logs)
- Analytics Data: Aggregated usage statistics collected via Firebase Analytics
2.3 Information from Third Parties
- Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture as authorized by you
3. How We Use Your Information
We use your personal data only for the purposes listed below. Under the DPDPA, we will not process your data for any purpose beyond what is stated here without obtaining your fresh consent.
| Purpose | Data Used |
|---|---|
| Creating and managing your account | Name, email, profile photo |
| Personalizing your spiritual experience (panchang, festival calendar, content recommendations) | Location, sampraday, observance level, language |
| Providing AI-powered spiritual guidance | Chat messages, spiritual preferences, birth details |
| Facilitating pandit bookings | Name, contact info, addresses, booking preferences |
| Processing payments | Payment details (via Razorpay) |
| Generating birth charts and astrological insights | Date of birth, birth time, birth city |
| Sending notifications (festivals, booking updates, reminders) | Notification preferences, device tokens |
| Improving the App | Usage data, analytics, error logs |
| Customer support | Account info, booking history, chat logs |
| Legal compliance and fraud prevention | As required by law |
4. Sensitive Data
Under the DPDPA and Indian law, certain categories of personal data require heightened protection. Narad collects the following types of sensitive personal data:
4.1 Religious and Spiritual Data
- Your sampraday (sect/tradition) and observance level
- Puja booking history and spiritual practice patterns
- Queries and conversations with Narad AI on spiritual topics
- Content preferences related to deities, rituals, and practices
4.2 Astrological Data
- Date of birth, exact birth time, and birth location
- Generated birth charts (kundli) and planetary positions
- Astrological readings and predictions
How We Protect Sensitive Data
- All sensitive data is encrypted at rest and in transit using industry-standard encryption (AES-256 and TLS 1.2+)
- Sensitive data is never shared with third parties for advertising or marketing purposes
- Sensitive data is never used to discriminate against users in any way
- AI queries involving spiritual content are processed with strict data minimization -- only the minimum context necessary is sent to AI providers
- We obtain explicit consent before collecting any sensitive personal data
- You can request deletion of all sensitive data at any time (see Section 7)
5. Data Sharing
We do not sell your personal data. We share data with third-party service providers only to the extent necessary to operate the App. Each provider is contractually bound to protect your data.
| Third Party | What We Share | Purpose |
|---|---|---|
| Google (OAuth) | Authentication tokens | User sign-in and account verification |
| Supabase | All app data (encrypted) | Database hosting and backend infrastructure. Data is stored on Supabase servers in the Mumbai (ap-south-1) region |
| Google Gemini / OpenAI | Chat queries and minimal context | Powering Narad AI spiritual guidance. We send only the conversation context needed for a response -- no full user profiles |
| Razorpay | Name, email, phone, payment details | Payment processing for pandit bookings and store purchases. Razorpay is PCI-DSS compliant. We do not store your credit/debit card numbers, UPI IDs, or bank details on our servers. All payment data is handled directly by Razorpay |
| YouTube | None (client-side embedding) | Displaying puja guide videos and live temple darshan streams. YouTube's own privacy policy applies to embedded content |
| Firebase Analytics | Anonymized usage events | App analytics and performance monitoring |
We may also share your data if required by law, court order, or government authority under applicable Indian law.
6. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy or as required by law.
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Booking history | 3 years from the date of booking (as required for tax and legal compliance) |
| Payment records | 7 years (as required under Indian tax law) |
| Chat messages (AI) | 1 year, or until you delete them, whichever is earlier |
| Chat messages (Pandit) | 1 year after booking completion |
| Analytics data | Anonymized and retained indefinitely |
| Error logs | 90 days |
Account Deletion
When you request account deletion:
- Your profile, preferences, and spiritual data will be permanently deleted within 30 days
- Booking and payment records required for legal/tax compliance will be retained in anonymized form for the legally mandated period
- AI conversation history will be permanently deleted
- You can request deletion by emailing privacy@asknarad.com or using the "Delete Account" option in the App settings
7. Your Rights
Under the DPDPA 2023, you have the following rights as a "Data Principal":
Right to Access: You can request a summary of the personal data we hold about you and how it is being processed.
Right to Correction: You can request correction of inaccurate or incomplete personal data. You can also update most information directly in the App settings.
Right to Erasure (Deletion): You can request that we delete your personal data. We will comply within 30 days, subject to legal retention requirements.
Right to Grievance Redressal: You have the right to file a complaint with our Grievance Officer (see Section 14) and, if unsatisfied, with the Data Protection Board of India.
Right to Nominate: Under the DPDPA, you can nominate another person to exercise your data rights in case of your death or incapacity.
To exercise any of these rights, contact us at privacy@asknarad.com. We will verify your identity before processing any request and respond within 30 days.
8. Children's Privacy
As required by the DPDPA 2023, we treat users under the age of 18 as children.
- We do not knowingly collect personal data from anyone under 18 without verifiable parental or guardian consent.
- If you are under 18, your parent or legal guardian must review and consent to this Privacy Policy and create the account on your behalf.
- We do not serve targeted advertising to users identified as children.
- We do not engage in tracking or behavioral monitoring of children that could cause harm.
- If we become aware that we have collected data from a child without proper parental consent, we will delete that data promptly.
Parents or guardians can contact us at privacy@asknarad.com to review, modify, or delete their child's data.
9. Data Security
We take the security of your data seriously and implement the following measures:
- Encryption in Transit: All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: All personal and sensitive data stored in our database is encrypted using AES-256 encryption.
- Access Controls: Strict role-based access controls limit who can access user data.
- No PII in Logs: Our logging systems are configured to exclude personally identifiable information.
- Secure Authentication: We use industry-standard JWT-based authentication with secure session management.
- API Security: All APIs are rate-limited and protected against common attacks (SQL injection, XSS, CSRF).
- Payment Security: Payment processing is handled entirely by Razorpay, a PCI-DSS Level 1 compliant payment processor. We never have access to your full card details.
- Regular Reviews: We periodically review our security practices and update them as needed.
Despite these measures, no system is 100% secure. If we discover a data breach that poses a risk to your rights, we will notify the Data Protection Board of India within 72 hours and inform affected users as required by the DPDPA.
10. Cookies and Tracking
Narad is a mobile application and does not use browser cookies.
For analytics, we use Firebase Analytics to collect anonymized usage data such as feature usage, screen visits, and app performance metrics. This data does not identify you personally.
We do not use any cross-app tracking, advertising identifiers, or third-party tracking pixels.
If we introduce a web version of Narad in the future, this policy will be updated to address cookie usage at that time.
11. International Data Transfers
Narad's primary database is hosted on Supabase servers in Mumbai, India (ap-south-1 region). For users in India, your data stays within India.
However, some data processing may involve international transfers:
- AI Services (Google Gemini / OpenAI): Your chat queries are sent to AI providers whose servers may be located outside India. We minimize the data sent and do not include full user profiles in these requests.
- Firebase Analytics: Anonymized analytics data may be processed on Google servers outside India.
For users in the Hindu diaspora (outside India), your data is still stored on our Indian servers. By using Narad from outside India, you consent to the transfer and storage of your data in India.
We ensure that all international data transfers comply with the DPDPA's requirements, and we use appropriate contractual safeguards with our service providers.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
- We will notify you of material changes via an in-app notification or email at least 15 days before the changes take effect.
- The "Last Updated" date at the top of this policy will always reflect the most recent revision.
- Your continued use of Narad after the updated policy takes effect constitutes your acceptance of the changes.
- If you disagree with any changes, you may delete your account and stop using the App.
13. Contact Information
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, you can reach us at:
Email: privacy@asknarad.com Website: https://asknarad.com Address: Hyderabad, Telangana, India
We aim to respond to all inquiries within 72 hours and resolve data-related requests within 30 days.
14. Grievance Officer
In accordance with the Information Technology Act, 2000 and the DPDPA 2023, we have appointed a Grievance Officer to address your concerns:
Name: Abhishek Email: privacy@asknarad.com Address: Hyderabad, Telangana, India
The Grievance Officer will:
- Acknowledge your complaint within 24 hours
- Resolve your complaint within 15 days of receipt (as required under the IT Act) or 30 days (as per DPDPA provisions)
If you are not satisfied with the resolution, you may escalate your complaint to the Data Protection Board of India as established under the DPDPA 2023.
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.