✨ FortunaShri

FortunaShri ("we", "our", "us", "the App") is a Vedic astrology application developed for educational and informational purposes. This Privacy Policy explains how we collect, use, store, protect, and handle your personal data when you use our mobile application or visit our website at fortunashri.com.

By creating an account or using FortunaShri, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: Full name, email address, mobile number (mandatory for account security and recovery purposes only)
• Birth chart data: Date of birth, time of birth, place of birth, geographic coordinates — voluntarily provided for astrological calculations
• Saved profiles: Numerology profiles, birth charts, and astrological data you choose to save to your account
• Communications: Any messages you send to our support email

1.2 Information Collected Automatically

• Device type, operating system, and app version
• App usage patterns and feature interactions (anonymised)
• Error logs for app stability improvements
• IP address (for security and fraud prevention only)

1.3 Information We Do NOT Collect

• We do NOT collect payment card details (handled entirely by Razorpay/Google Pay)
• We do NOT collect biometric data
• We do NOT collect your contacts, camera, microphone, or location in real time
• We do NOT use third-party advertising SDKs
• We do NOT sell your data to any third party — ever

2. How We Use Your Information

• To create and manage your FortunaShri account
• To perform Vedic astrological calculations (birth chart, numerology, panchang) using your birth data
• To save and retrieve your astrological profiles across devices
• To send account-related emails (verification, password reset, account deletion confirmation)
• To improve app performance and fix bugs using anonymised usage data
• To comply with legal obligations under Indian law
• To detect and prevent fraud, abuse, and security incidents

3. Legal Basis for Processing (DPDP Act 2023)

Under India's Digital Personal Data Protection Act, 2023, we process your data on the following lawful bases:

• Consent: You explicitly consent during account registration (checkbox confirmation)
• Contract: Processing necessary to provide the services you have requested
• Legitimate interests: Security, fraud prevention, and app improvement
• Legal obligation: Compliance with applicable Indian laws and court orders

4. Data Storage and Security

4.1 Where Your Data is Stored

Your data is stored on Supabase infrastructure located in the Singapore region (closest to India), which complies with SOC 2 Type II security standards. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.

4.2 Security Measures We Implement

• End-to-end encryption for all data in transit (HTTPS/TLS)
• AES-256 encryption for data at rest
• Row-Level Security (RLS) — users can only access their own data at the database level
• JWT-based authentication with automatic token refresh and rotation
• Email verification required before account activation
• Rate limiting: maximum 100 API requests per minute per verified user
• Brute-force protection on login (automatic lockout after failed attempts)
• Cloudflare DDoS protection on our servers
• Mobile number stored for security — never displayed publicly or shared

4.3 Security Incident Disclosure

5. Data Retention

• Account data is retained as long as your account is active
• If you delete your account, all personal data is permanently deleted within 30 days
• Anonymised, aggregated usage statistics may be retained indefinitely (cannot identify you)
• Legal compliance records may be retained for up to 7 years as required by Indian law
• Backup copies are purged within 90 days of account deletion

6. Your Rights Under DPDP Act 2023

As a data principal under India's DPDP Act 2023, you have the following rights:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Correction: Update or correct inaccurate personal data
• Right to Erasure: Delete your account and all associated data permanently
• Right to Grievance Redressal: Contact our Data Protection Officer for any privacy concerns
• Right to Nominate: Nominate a person to exercise your rights in case of death or incapacity
• Right to Withdraw Consent: Withdraw consent at any time (this will require account deletion)

All rights can be exercised directly within the App (My Profile → Account Settings) or by emailing fortunashri.app@gmail.com. We will respond within 30 days.

7. Data Sharing and Third Parties

We share your data with third parties ONLY in these limited circumstances:

• Supabase (Infrastructure): Our database and authentication provider — bound by their data processing agreement and SOC 2 compliance
• Swiss Ephemeris (Calculation Library): Open-source library running on our own servers — no data is transmitted externally
• Razorpay (Payments — future): Only payment transaction data; we never see your card details
• Legal compliance: If required by a valid Indian court order or government authority

We do NOT share data with advertisers, data brokers, analytics companies, or any other third parties.

8. Children's Privacy

FortunaShri is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at fortunashri.app@gmail.com and we will delete the account immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via:

• Email notification to your registered email address
• In-app notification on next login
• Updated "Last Updated" date at the top of this policy

Continued use of the App after notification constitutes acceptance of the updated policy. Previous versions of this policy are available on request.

10. Contact Us & Grievance Officer