Privacy Policy
Decentralized Inc. is the data controller responsible for your personal information. We are incorporated in the United States and operate globally to serve users primarily in India and Non-Resident Indians (NRIs) worldwide.
1. Introduction
1.1 Our Commitment
Welcome to My Kundli AI. Decentralized Inc. ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use our AI-powered Vedic astrology services.
1.3 Scope
This Privacy Policy applies to:
- Our website at https://www.mykundliai.com
- Our mobile applications
- Our APIs and related services
- Any other platform where this Privacy Policy is posted
1.4 Legal Compliance
This policy complies with:
- United States: California Consumer Privacy Act (CCPA), applicable federal privacy laws
- India: Information Technology Act, 2000; Digital Personal Data Protection Act, 2023
- General: Industry-standard data protection practices
2. Information We Collect
2.1 Personal Information You Provide
We collect information you voluntarily provide:
| Category | Information | Purpose |
|---|---|---|
| Identity | Full name, gender | Account creation, personalization |
| Birth Data | Date of birth, time of birth, place of birth | Astrological calculations |
| Contact | Email address, phone number | Account access, communication |
| Location | Current location (with permission) | Accurate panchang, transits |
| Account | Login credentials, profile preferences | Account security, customization |
| Payment | Transaction details | Subscription processing |
Important: We do NOT store your credit card or bank account details. All payments are processed securely by Razorpay (India) or Stripe (International).
2.2 Sensitive Personal Data
Under applicable privacy laws, certain data is classified as sensitive:
- Birth Details: Considered personally sensitive in many cultures
- Financial Information: Payment-related data (processed by third parties)
- Health Queries: Any health-related questions shared during consultations
We apply enhanced security measures to protect this data.
2.3 Automatically Collected Information
When you use our Services, we automatically collect:
- Device Information: Browser type, operating system, device model
- IP Address: Used for approximate location and security
- Usage Data: Pages visited, features used, time spent, click patterns
- Cookies: Essential, functional, and analytics cookies (see Section 7)
- Log Data: Error logs, performance metrics
2.4 AI Interaction Data
When you use "Ask Jyotish" chat:
- Your questions and queries
- AI responses generated
- Chat history (retained for context, up to 20 messages)
This data helps us improve AI responses and maintain conversation context.
3. How We Use Your Information
3.1 Primary Purposes
| Purpose | Information Used | Legal Basis |
|---|---|---|
| Astrological Services | Birth data, location | Contract performance |
| Account Management | Identity, contact, credentials | Contract performance |
| Communication | Email, phone | Consent / Legitimate interest |
| Payment Processing | Transaction details | Contract performance |
| Service Improvement | Usage data, AI interactions | Legitimate interest |
| Security | IP, device info, logs | Legitimate interest |
| Legal Compliance | All categories | Legal obligation |
3.2 AI Processing
Your birth chart data and queries are processed by AI systems (Google Gemini, DeepSeek) to generate astrological interpretations. This processing:
- Uses automated algorithms
- Does not involve human review of individual queries
- May use anonymized data for model improvement
3.3 Marketing Communications
With your consent, we may send:
- Daily horoscope notifications
- Service updates and new features
- Promotional offers (limited frequency)
You can opt-out anytime via:
- Unsubscribe link in emails
- Account settings
- Contacting [email protected]
4. Data Storage and Security
4.1 Hosting Infrastructure
Your data is securely hosted on:
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Primary Hosting | Vercel Inc. | United States | Website hosting, edge delivery |
| Database | Firebase (Google Cloud) | United States | User data, charts, chat history |
| Authentication | Firebase Auth | United States | Secure login management |
| AI Processing | Google / DeepSeek | United States | Astrological interpretations |
| Analytics | Microsoft Clarity | United States | Usage analytics |
4.2 Security Measures
We implement industry-standard security practices:
- Encryption at Rest: AES-256 encryption for stored data
- Encryption in Transit: TLS 1.3 for all data transmissions
- Access Control: Role-based access, multi-factor authentication
- Regular Audits: Security assessments and vulnerability testing
- Secure Development: Code reviews, security testing
- Incident Response: Documented procedures for security incidents
4.3 Data Retention
| Data Type | Retention Period | Deletion |
|---|---|---|
| Account data | Active account + 2 years | On request or account deletion |
| Birth charts | Active account + 2 years | On request or account deletion |
| Chat history | 90 days | Automatic |
| Payment records | 7 years (legal requirement) | Anonymized after 7 years |
| Usage logs | 12 months | Automatic |
| Analytics data | 24 months | Anonymized |
4.4 Data Backup
- Regular automated backups
- Encrypted backup storage
- Geographic redundancy
- 30-day backup retention
5. Data Sharing and Disclosure
5.1 We Do Not Sell Your Data
Decentralized Inc. does NOT sell, rent, or trade your personal information to third parties for marketing purposes.
5.2 Service Providers
We share data only with trusted third parties who assist in operating our Services:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Vercel | Website hosting | Minimal operational data | United States |
| Google (Firebase) | Database, Auth | User data, charts | United States |
| Google (Gemini) | AI interpretations | Anonymized queries | United States |
| DeepSeek | AI processing | Anonymized queries | United States |
| Microsoft | Analytics | Usage patterns | United States |
| Razorpay | Payment processing | Payment details | India |
| Stripe | Payment processing | Payment details | United States |
All service providers are contractually bound to:
- Use data only for specified purposes
- Maintain confidentiality and security
- Comply with applicable data protection laws
5.3 Legal Disclosure
We may disclose your information when required by:
- Valid court order or subpoena
- Government authority with proper jurisdiction
- Law enforcement with legal authority
- To protect our rights, property, or safety
- To prevent fraud or illegal activity
5.4 Business Transfers
In case of merger, acquisition, or sale of assets:
- You will be notified in advance
- Your data will remain subject to this Privacy Policy
- You will have the option to delete your data
6. International Data Transfers
6.1 Cross-Border Processing
Your data is primarily processed and stored in the United States. As a US company serving global users, international data transfers are necessary.
6.2 Safeguards for Indian Users
For users in India, we ensure:
- Data transfers comply with Digital Personal Data Protection Act, 2023
- Adequate protection through standard contractual clauses
- Transparency about processing locations
- Your rights under Indian law are respected
6.3 Transfer Mechanisms
We use appropriate safeguards for international transfers:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Technical and organizational measures
7. Cookies and Tracking Technologies
7.1 Types of Cookies We Use
| Category | Purpose | Examples |
|---|---|---|
| Essential | Required for basic functionality | Authentication, security |
| Functional | Remember preferences | Language, theme settings |
| Analytics | Understand usage | Microsoft Clarity, Firebase Analytics |
7.2 Microsoft Clarity Analytics
We use Microsoft Clarity to:
- Capture behavioral metrics (heatmaps, session replays)
- Understand user journeys
- Improve website usability
- Identify and fix issues
Data captured includes:
- Click patterns and scrolling
- Page navigation paths
- Session duration
- Device and browser information
Microsoft Privacy Statement: https://privacy.microsoft.com/privacystatement
7.3 Managing Cookies
You can manage cookies through:
- Browser settings (block, delete)
- Our cookie consent banner
- Third-party opt-out tools
Note: Disabling essential cookies may prevent proper functionality.
8. Your Privacy Rights
8.1 Rights Under US Law (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know if personal information is sold or shared (we don't)
- Opt-out of sale (not applicable to us)
- Request deletion of personal information
- Non-discrimination for exercising rights
8.2 Rights Under Indian Law (DPDP Act, 2023)
Indian users have the right to:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request copy of your data | Email [email protected] |
| Correction | Request correction of inaccurate data | Account settings or email |
| Erasure | Request deletion of your data | Email [email protected] |
| Withdraw Consent | Withdraw consent for processing | Account settings |
| Grievance | Lodge complaints | [email protected] |
| Nomination | Nominate someone to exercise rights | Email with nomination details |
8.3 General Rights (All Users)
All users can:
- Access their personal data
- Update account information
- Delete their account and data
- Opt-out of marketing communications
- Request data portability
8.4 Exercising Your Rights
To exercise any right:
- Email [email protected]
- Include "Privacy Request" in subject
- Provide account email for verification
- Specify the right you're exercising
Response Time: Within 30 days (may extend for complex requests)
8.5 Verification
We may need to verify your identity before processing requests to protect your privacy.
9. Children's Privacy
9.1 Age Limit
Our Services are NOT intended for individuals under 18 years of age.
9.2 No Knowingly Collection
We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information:
Contact us immediately at: [email protected]
We will promptly delete the information upon verification.
9.3 Guardian Consent
Accounts created for minors must be managed by a legal guardian who consents to these terms on their behalf.
10. Data Security Incident Response
10.1 Our Commitment
In the unlikely event of a data security breach:
- Immediate Action: Contain and investigate the incident
- Assessment: Determine scope and impact
- Notification: Notify affected users within 72 hours
- Remediation: Implement measures to prevent recurrence
- Reporting: Comply with legal reporting requirements
10.2 User Notification
You will be notified of any breach affecting your personal data via:
- Email to your registered address
- Notice on our website
- In-app notification (if applicable)
11. Third-Party Links and Services
11.1 External Links
Our Services may contain links to:
- Educational resources
- Partner websites
- Social media platforms
We are not responsible for:
- Their privacy practices
- Their content or security
- Data you share with them
11.2 Review Their Policies
Always review the privacy policy of any third-party site before sharing personal information.
12. Updates to This Privacy Policy
12.1 Changes
We may update this Privacy Policy to reflect:
- Changes in our practices
- New legal requirements
- Service enhancements
12.2 Notification
- Material changes: Email notification + website notice
- Minor changes: Posted on this page with updated date
- Significant changes: 30 days advance notice when possible
12.3 Review
We encourage you to review this policy periodically. Continued use after changes constitutes acceptance.
13. Contact Us
13.1 Privacy Inquiries
For questions about this Privacy Policy or our data practices:
Email: [email protected]
Subject Line: "Privacy Inquiry"
13.2 Grievance Officer (India)
For Indian users with privacy concerns:
If unsatisfied, you may escalate to: Data Protection Board of India (established under DPDP Act, 2023)
13.3 General Support
Email: [email protected]
Website: https://www.mykundliai.com
13.4 Mailing Address
Decentralized Inc.
[Registered Address]
Delaware, United States
14. Key Privacy Commitments
Our Promise to You
- Transparency: We clearly explain what data we collect and why
- Security: We use industry-leading security measures
- Control: You have rights over your personal data
- No Selling: We never sell your data to third parties
- Compliance: We follow applicable privacy laws
- Minimal Collection: We only collect what's necessary
- Safe Hosting: Your data is hosted on secure, reliable infrastructure
Infrastructure Security
Your data is hosted on:
- Vercel - Enterprise-grade hosting with global CDN
- Google Cloud (Firebase) - SOC 2 compliant, ISO 27001 certified
- US-based servers - Subject to strict US privacy and security standards
15. Acknowledgment
By using My Kundli AI, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal information as described herein.
Last Updated: January 30, 2025