Summary: Taara collects your name, birth details (date, time, place), and email to generate personalised Vedic astrology reports. We do not sell your data to anyone. You can request deletion of your data at any time by emailing support@mytaare.com. This policy complies with India's Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000.
This Privacy Policy describes how Taara ("we", "our", or "us") collects, uses, stores, and protects your personal data when you use the website mytaare.com and any associated services (collectively, the "Platform"). By accessing or using the Platform, you agree to the practices described in this Policy.
This Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 (as amended), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).
Under the DPDPA 2023, Taara is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.
| Category | Specific Data Points | Purpose | Required? |
|---|---|---|---|
| Identity | Full name | Report personalisation, communications | Yes |
| Birth Data | Date of birth, time of birth, place of birth | Vedic chart calculation (core service) | Yes |
| Contact | Email address | Report delivery, order confirmation, daily guidance | Yes |
| Contact | Phone number | Session booking confirmation | Optional |
| Payment | Payment method type (card/UPI/netbanking) | Transaction records | Yes (for paid services) |
| Account | Google profile (name, email, photo URL) | Authentication via Google OAuth | Optional (if using Google sign-in) |
| Inquiry | Question / topic for session or "Ask Your Kundli" | Generating bespoke astrological guidance | Service-dependent |
Under the SPDI Rules, 2011, birth data (date of birth, time of birth, place of birth) may be classified as sensitive personal data in certain contexts. We treat this information with the highest level of care, encrypt it at rest and in transit, and use it exclusively to generate your astrological chart. We do not disclose this data to any third party except as set out in Section 6 of this Policy.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Generate Vedic astrology reports | Name, DOB, TOB, POB | Contract performance / Consent |
| Process and confirm payments | Name, email, payment token | Contract performance |
| Send daily guidance emails | Name, email, DOB, TOB, POB | Contract performance / Consent |
| Confirm session bookings | Name, email, phone, session date/time | Contract performance |
| Customer support and dispute resolution | Name, email, order details | Legitimate interest |
| Platform analytics and improvement | Usage data, device data (anonymised) | Legitimate interest |
| Fraud prevention and security | IP address, device fingerprint | Legal obligation / Legitimate interest |
| Legal compliance and record-keeping | Transaction records, communications | Legal obligation |
| Marketing (with consent) | Email, name | Consent (opt-in only) |
We do not use your birth details for any purpose other than generating your personalised astrological reading. We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following lawful grounds:
We use the following sub-processors who may access your data only to the extent required to provide their contracted service. Each processor is bound by data processing agreements and is required to handle your data securely.
| Service | Provider | Data Shared | Purpose | Privacy Policy |
|---|---|---|---|---|
| Authentication | Supabase Inc. (USA) | Email, name, OAuth token | User accounts & login | supabase.com/privacy → |
| Database & Storage | Supabase Inc. (USA) | All user data, reports | Data storage | supabase.com/privacy → |
| Payment Processing | Razorpay Software Pvt. Ltd. (India) | Name, email, amount | Secure payment gateway | razorpay.com → |
| Report Generation (AI) | OpenAI LP (USA) | Name, DOB, TOB, POB, chart data | Generate report content via GPT-4 | openai.com/privacy → |
| Transactional Email | Brevo (France) | Name, email | Report delivery, daily guidance | brevo.com → |
| Cloud Hosting | Railway (USA) | Server-side logs, application data | Backend infrastructure | railway.app → |
| Frontend Hosting | Vercel Inc. (USA) | Access logs, IP addresses | Website delivery | vercel.com → |
We note that OpenAI processes birth data in the United States. By using our services, you consent to this cross-border transfer as described in Section 11. OpenAI's API usage policy prohibits using API data for model training on non-opted-in data.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & profile data | Until account deletion or 3 years of inactivity | Account management |
| Order & payment records | 7 years from transaction date | GST / Income Tax compliance (India) |
| Generated reports (PDFs) | 2 years from generation | Re-download facility |
| Daily guidance subscription data | Duration of subscription + 1 year | Service delivery and dispute resolution |
| Support ticket communications | 3 years from resolution | Quality assurance and legal record |
| Free forecast leads | 1 year from last use | Rate limiting and analytics |
| Server access logs | 90 days | Security monitoring |
| Analytics data (anonymised) | Indefinite (no PII) | Platform improvement |
After the applicable retention period, your data is securely deleted or anonymised so that it can no longer be linked to you.
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:
While we maintain comprehensive security measures, no system connected to the internet is completely immune to security risks. In the event of a data breach affecting your rights, we will notify affected users and the appropriate regulatory authority in accordance with applicable law.
Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal (the individual whose data is being processed):
To exercise any of these rights, email support@mytaare.com with the subject line "Data Rights Request — [Your Full Name]" and we will respond within 30 days.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
| taara_token | Strictly Necessary | Authentication — keeps you logged in | 7 days |
| taara_user | Strictly Necessary | Stores your display name and email locally | Session |
| sb-* (Supabase) | Strictly Necessary | OAuth session management (Google sign-in) | 1 hour |
We do not use third-party advertising cookies, tracking pixels, or behavioural profiling technologies. We do not share cookie data with advertisers. Strictly necessary cookies cannot be disabled as they are essential for the Platform to function.
We use your browser's Local Storage to store your authentication token and user preferences. This data is stored on your device and is never automatically transmitted to any third party.
Some of our third-party processors (Supabase, OpenAI, Railway, Vercel, Brevo) are headquartered or operate servers outside India. By using our services and accepting this Policy, you expressly consent to the transfer of your personal data to these processors in countries including the United States of America and the European Union, where data protection laws may differ from those in India.
We take the following safeguards to protect cross-border transfers:
Our Platform is intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. Under Section 9 of the DPDPA 2023, we are required to obtain verifiable parental consent before processing any data of a child.
If you are a parent or guardian and believe that a minor has provided us with personal data without your consent, please contact us immediately at support@mytaare.com. We will promptly delete such data upon verification.
In accordance with the Information Technology Act, 2000, the SPDI Rules, 2011, and the DPDPA 2023, we have designated a Grievance Officer to address complaints and concerns about our data handling practices:
If your grievance is not resolved within 30 days, or if you are dissatisfied with the resolution, you may escalate your complaint to the Data Protection Board of India once it is constituted under the DPDPA 2023.
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree to the changes, you must discontinue use of our services and request deletion of your account.