# Privacy Policy **Last updated:** 19 April 2026 **Effective date:** 31 March 2026 --- ## 1. Introduction Bond ("we", "us", "our", "the Service") is a Vedic astrology application operated by **Akshay Dhiman**, an individual operating under the laws of India. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and stored, the safeguards we apply, and the rights you have over your data. We process personal data as a **Data Fiduciary** under India's **Digital Personal Data Protection Act, 2023 (DPDP Act)** and, where applicable, in a manner consistent with the **General Data Protection Regulation (GDPR)** for users in the European Economic Area. By using Bond you consent to the practices described in this policy. --- ## 2. Data Fiduciary / Controller | | | |---|---| | **Name** | Akshay Dhiman | | **Role** | Data Fiduciary (DPDP Act) / Data Controller (GDPR) | | **Email** | legal@bharat.bond | | **Address** | 288, Bank Enclave, Laxmi Nagar, Delhi, India 110031 | For any questions or data-rights requests, contact **legal@bharat.bond**. --- ## 3. Data We Collect ### 3.1 Account Data (Google Sign-In) | Data | Purpose | |---|---| | Email address | Account identification and communication | | Display name | Personalisation | | Profile picture URL | Personalisation | | Email verification status | Account security | | Google OAuth tokens | Session authentication — stored by our auth system, encrypted at rest | We do not collect or store passwords. Authentication is exclusively via Google OAuth 2.0. ### 3.2 Birth and Location Data (onboarding) This data is **sensitive personal data** used solely to generate your astrological birth chart. | Data | Purpose | |---|---| | Date of birth | Natal chart calculation | | Time of birth | Natal chart calculation | | Birth location name | Contextual display | | Geographic coordinates (latitude, longitude) | Precise chart computation | | Timezone offset | Chart accuracy | | Birth time accuracy indicator | Qualifying interpretation fidelity | ### 3.3 Derived Astrological Data Computed from your birth data and stored alongside your profile: - Full natal chart (planetary positions, houses, aspects) - Vimshottari Dasha timeline - Panchanga (Hindu calendar elements for your birth location) - Ashtakavarga scores - Divisional charts (D9 Navamsha, D10 Dashamsha) - Astrological summary (Moon sign, Ascendant, Nakshatra, current Mahadasha) ### 3.4 AI Interaction Data | Data | Purpose | |---|---| | Questions submitted via the "Ask" feature | Generating AI-powered astrological answers | | AI-generated answers | Stored in your question history | | Feedback (helpful / not helpful) | Improving answer quality | | AI-generated article content | Cached for performance | ### 3.5 Relationship Data — Third-Party Birth Data (Bonds) When you create a "Bond" (relationship compatibility analysis), you provide the birth data of another person. You are solely responsible for obtaining that person's consent. See Section 11 for details. ### 3.6 Session and Technical Data | Data | Purpose | |---|---| | IP address | Security and session validity | | User agent (device / browser string) | Security and session validity | | Session token | Authentication | --- ## 4. How We Use Your Data We use your data to: 1. Provide, operate, and maintain the Bond service 2. Generate personalised Vedic astrology content via AI 3. Submit your birth data to our chart-computation service to generate and store your natal chart 4. Answer astrological questions by passing your chart summary and current transit data to an AI model 5. Maintain your account, authenticate you, and enforce session security 6. Apply rate limits and prevent abuse 7. Comply with legal obligations **We do not sell your personal data. We do not use your data for advertising.** --- ## 5. Legal Basis for Processing **Under India's DPDP Act, 2023:** - Processing is based on your **free, informed, specific, and unambiguous consent** given when you create an account and complete onboarding. - You may withdraw consent at any time by deleting your account (see Section 10). **Under GDPR (for EEA users):** | Processing | Legal basis | |---|---| | Providing the service | Contract performance (Art. 6(1)(b)) | | AI personalisation using birth/chart data | Consent (Art. 6(1)(a)) | | Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) | --- ## 6. AI Processing Disclosure Bond uses AI language models to generate astrological content: - Your **astrological chart summary** (not raw birth coordinates) and question text are sent to an AI model to generate personalised responses. - We use **Cloudflare AI Gateway** to route requests to AI models. Your summary data may be processed by the underlying AI model provider selected by Cloudflare AI Gateway. - **We do not use your data to train AI models.** - AI-generated content is **not a substitute for professional advice** — whether medical, psychological, financial, or legal. --- ## 7. Third-Party Data Processors | Service | Purpose | Data shared | |---|---|---| | Google (OAuth 2.0) | Authentication | Name, email, profile picture | | Cloudflare D1 (SQLite) | Relational database | All stored account and application data | | Cloudflare KV | Content caching | AI-generated content fragments | | Cloudflare Workers | Application hosting | All API request data | | Cloudflare AI Gateway | AI model routing | Astrological summaries, question text | | Jyotish Ganit API | Vedic chart calculation | Birth date, time, and geographic coordinates | All data stored in Cloudflare infrastructure is **encrypted at rest** by Cloudflare. Cloudflare's privacy practices are governed by the [Cloudflare Privacy Policy](https://www.cloudflare.com/privacypolicy/). --- ## 8. Data Retention | Data category | Retention period | |---|---| | Account and authentication data | Retained while the account is active | | Birth profile and astrological chart data | Retained while the account is active | | AI-generated articles and content | Retained while the account is active; cached fragments expire per their TTL | | Questions and AI answers | Retained while the account is active | | Bond relationship and counterpart birth data | Retained while the account is active; deleted when the account is deleted | | Session data (IP, user agent, token) | 30 days from session creation | | OAuth tokens | Refreshed periodically; purged on account deletion | | Data following account deletion | All personal data purged within **30 days** | We retain data only as long as necessary to provide the Service or as required by law. --- ## 9. Data Security We implement the following technical and organisational safeguards: - **Encryption at rest** — all data in Cloudflare D1 and KV is encrypted at rest by Cloudflare's infrastructure. - **Encryption in transit** — all communication with our API occurs over HTTPS/TLS. - **Authentication** — sign-in is via Google OAuth 2.0 only; session tokens are signed with a strong server-side secret. - **Secure cookies** — session cookies carry the `Secure` flag in production. - **Origin restriction (CORS)** — API access is restricted to authorised origins. - **Rate limiting** — AI question requests are rate-limited per user per day. - **Access control** — all API endpoints (except public health and legal endpoints) require a valid authenticated session. No system is entirely secure. If you discover a security vulnerability, please report it to **legal@bharat.bond**. --- ## 10. Your Rights Under the **DPDP Act, 2023** (and where applicable, the **GDPR**): | Right | How to exercise | |---|---| | **Access** — obtain a copy of your personal data | Export data option within the app | | **Correction** — correct inaccurate data | Update your profile within the app | | **Erasure** — delete your account and all associated data | Delete account option within the app | | **Data portability** — receive your data in machine-readable form | Export data option within the app | | **Withdraw consent** | Delete your account | | **Grievance redressal** (DPDP Act) | Contact the Grievance Officer (Section 12) | We will action your request within **72 hours** of receipt. --- ## 11. Bonds Feature — Third-Party Personal Data When you create a Bond, you enter the birth data of another individual. By doing so you represent and warrant that: 1. You have obtained the explicit, informed consent of that person to process their birth data via Bond. 2. That person is 13 years of age or older. 3. You will delete the Bond (thereby deleting their data from our system) if they withdraw consent. We cannot independently verify this consent. If you receive a complaint from someone whose data you have entered without consent, you are solely responsible. You may contact **legal@bharat.bond** and we will remove the data upon verification. --- ## 12. Children's Privacy Bond is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we hold data from a child under 13, contact **legal@bharat.bond** and we will delete it promptly. --- ## 13. Cross-Border Data Transfers Your data is stored and processed on Cloudflare's global infrastructure, which may involve transfer to servers outside India. Such transfers are subject to adequate safeguards as provided by Cloudflare's standard contractual measures. --- ## 14. Changes to This Policy We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by email to your registered address. Continued use after the updated effective date constitutes acceptance. --- ## 15. Grievance Officer As required by the **DPDP Act, 2023**, our designated Grievance Officer is: | | | |---|---| | **Name** | Akshay Dhiman | | **Email** | legal@bharat.bond | | **Address** | 288, Bank Enclave, Laxmi Nagar, Delhi, India 110031 | | **Response time** | Within 72 hours of receipt of complaint | If your grievance is not resolved satisfactorily, you may lodge a complaint with the **Data Protection Board of India** once it is established under the DPDP Act. --- ## 16. Contact **Email:** legal@bharat.bond **Address:** 288, Bank Enclave, Laxmi Nagar, Delhi, India 110031