CosmicCues (OPC) Private Limited ("Company," "we," "us," or "our") is committed to protecting your privacy and handling your data in an open and transparent manner. We operate CosmicCues, an AI-based online e-commerce platform providing Vedic astrological and spiritual information for entertainment purposes.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website(s), including https://cosmiccues.com (the "Website"), and the services provided through them (the "Services").

This Privacy Policy should be read in conjunction with our Terms of Service. By accessing or using our Services, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with its terms, please do not access the Website or use our Services.

This Privacy Policy is governed by and operates in accordance with the laws of India, primarily the Digital Personal Data Protection Act, 2023 (DPDPA), and is supplemented by the Information Technology Act, 2000, and its associated rules, including the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

1. Information We Collect

We collect information that you provide directly to us, that we generate in the course of providing our Services, and data collected automatically. Under the DPDPA, you are the "Data Principal," and we are the "Data Fiduciary."

Personal Data You Provide:

Billing Information: When you register, we collect your name, email address, mobile number, country, state, and address for invoicing and GST compliance.

Profile Information ("User Submitted Data"): To generate your AI Kundali Report, we collect the profile name, date of birth, time of birth, and place of birth.

Personal Data We Generate:

Kundali Data: Based on your User Submitted Data, we calculate specific Vedic astrology data, tables, and charts.

AI Kundali Reports: The analysis of your Kundali Data is done by reputed third party AI service providers, for doing so your Pseudonymized Kundali Data is sent abroad for report generation.  Given the nature of this information, we treat it with the highest degree of care.

Transaction Data: When you make a purchase, you are redirected to a third-party payment portal. We receive transaction confirmation details from the payment gateway, which may include your name, email, date of purchase, and amount paid. We do not directly collect or store your full credit/debit card numbers or other sensitive payment credentials.

Feedback Data: If you voluntarily provide feedback on our reports, we collect this information and further use it to fine tune our contracted AI models.

Usage and Technical Data: We may automatically collect non-personal information about your device and usage, such as your IP address, browser type, and operating system, through cookies and server logs to ensure the security and functionality of our Website.

2. How and Why We Use Your Information (Purpose of Processing)

We process your personal data only for lawful and specified purposes, primarily based on your consent and for certain legitimate uses as defined under the DPDPA.   

To Provide Our Services:

To calculate your Kundali Data from your User Submitted Data.

To generate your personalized AI Kundali Report using reputed third party AI service providers by sending your data abroad.

To deliver the PDF Report to your registered email address.

To process your payment through reputed third-party payment gateway.

To Communicate With You:

To send you transactional communications, such as order confirmations and delivery updates.

To Improve Our Services:

To train and fine-tune our AI models by analyzing pseudonymized Kundali Data and AI Kundali Reports. This is done only if you provide explicit, opt-in consent at the time of purchase.

To Comply with Legal Obligations:

To maintain financial and tax records as required by Indian law.

To respond to lawful requests from government agencies or court orders.

To Ensure Security:

To detect and prevent fraud, security incidents, and technical issues.

3. Consent

Your consent is the cornerstone of our data processing activities.

Obtaining Consent: We obtain your free, specific, informed, unconditional, and unambiguous consent through a clear affirmative action (such as ticking an unchecked box) before you submit your personal data. This action signifies your agreement to our Terms of Service, Disclaimer and this Privacy Policy.   

Withdrawing Consent: You have the right to withdraw your consent for training our/contracted AI models on your data at any time with ease using the dashboard. Also, you can deleting the relevant profile/report data from your user dashboard. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal, nor does it affect data we are legally required to retain.   

4. Data Sharing and Disclosure

We do not sell your personal data. We share your information only in the following circumstances and with trusted third parties who act as our "Data Processors."

Third-Party Service Providers: We engage third parties to perform functions on our behalf. This includes:

Payment Gateways: To process your transactions securely.

Cloud Hosting Providers: To store and process your data on secure servers.

AI/LLM Providers: We send pseudonymized Kundali Data for report generation to their servers which are located abroad.

Communication Services: To send you transactional emails and messages.

We use the services of reputed third party providers who are  compliant with the DPDPA.   

Legal Requirements: We may disclose your information if required by Indian law or in response to valid requests by public authorities.

Business Transfers: In the event of a merger or acquisition, your information may be transferred to the new entity, which will be bound to protect your data in a manner consistent with this Privacy Policy.

We use your pseudonymized data for training/fine tuning our/contracted AI models, if you have given consent for the same. 

Note, however, when you request a refund or raise a grievance related to a report then your billing data, linked profile data and the report in question are accessed and reviewed by our team members / contracted experts. 


5. Data Security

We are committed to protecting your data and have implemented reasonable security safeguards as mandated by the DPDPA and its associated rules. Our security measures include:   

Encryption: We use industry-standard SSL/TLS encryption for data in transit and strong encryption for personal data at rest on our servers.   

Pseudonymization: Data sent for report generation to third party service providers and that for AI finetuning is pseudonymized to reduce the risk of direct identification.

Access Controls: Access to your personal data is strictly limited to authorized personnel on a need-to-know basis.

While we take significant measures to secure your data, no method of electronic storage or transmission is 100% secure.

Data Breach Response: We have a documented plan to manage and respond to data security incidents. In the event of a personal data breach, we will notify the Data Protection Board of India and affected users as required by law.   


6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations.   

User-Controlled Data: 

As a mater of policy we do not back up your profile or report related data, so in an event of server or database crash, we would not be able to restore your profile or report related data for you. However, we would restore your billing user and invoice data.

Your  AI Kundali Report data is available on your dashboard for 30 days, or until you choose to delete it. After 30 days we will delete all your report related data anytime. However, in case of a refund request or an ongoing dispute we reserve the right to store and access and share your data till the time the dispute is not resolved. 

Your profile data can be updated or deleted by you anytime. However, all linked reports with that profile where that profile is the primary profile would also get deleted on deletion of that profile.

We will automatically delete all your profile-related data after 12 months of inactivity on your registered account. We define inactivity as not signing into your account for a continuous period of 12 months. To prevent data loss, we will send a warning email to your registered address approximately 7 days before the scheduled deletion. If you sign in to your account during this notice period, the deletion process will be cancelled, and your data will be retained.

Legally Mandated Retention: For legal and accounting purposes, we are required to retain certain records. Your billing and invoice data will be retained by us for a period of eight years.

Dispute Exception: In the event of an ongoing dispute, we will retain necessary data until the dispute is fully resolved.

7. Your Rights as a Data Principal

Under the DPDPA, you have the following rights regarding your personal data :   

Right to Access: You have the right to obtain a summary of the personal data we process about you.

Right to Correction and Erasure: You have the right to request the correction of inaccurate or incomplete data and the erasure of your personal data, subject to our legal retention obligations.

Right to Grievance Redressal: You have the right to have your grievances addressed in a timely manner.

You can exercise most of these rights directly through your user dashboard. For other requests, please contact our Grievance Officer.


8. Privacy of Others (Adults)

We allow you to create a maximum of six profiles for your family members or to assess the suitability of potential partners (e.g., marriage prospects, friendship, or business partnership prospects). If you create a profile for another adult, you must confirm that you have obtained their consent for processing their data. You should handle reports involving another profile with utmost care. Any leakage or misuse of such information on your part may make you liable for legal action. We do not permit any processing that is detrimental to the well-being of others or without their consent.  


9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly  and directly collect personal data from children. If you create a profile for a person under 18, you must warrant that you are their parent or legal guardian for the processing of their data, as required by the DPDPA. We do not permit any processing that is detrimental to the well-being of a child.   

 
10. Grievance Redressal

In compliance with the IT Rules, 2021, and the DPDPA, 2023, we have appointed a Grievance Officer to address your concerns regarding data privacy, content, or any violation of our terms.   

In case you want to register your grievance about unauthorized use of your data, difficulties in exercising your right to data erasure, or any concerns related to our data security practices, then you can contact our Grievance Officer as given under:

To register a grievance for such issues, not related to a particular report, you should first sign in, then go to dashboard, then "Contact Us", select the reason as "Grievance" and then you should mention your grievance in detail in the area provided.

Or yoy can email them at grievance.officer@cosmiccues.com (For grievances not related to a particular report)

Procedure: The Grievance Officer shall acknowledge your complaint within 24 hours and resolve it within 15 days from the date of receipt.   

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.