Privacy Policy

• Your birth data (date, time, place) is the only sensitive information we collect. It is encrypted on our servers and is never shared with anyone outside the app.
• Your birth data never leaves your device or our servers for analytics, advertising, or any third-party use.
• You can delete your account and every chart we hold for you at any time, from inside the app, in one tap. The deletion completes within 24 hours.
• We do not sell, share, or resell your data. We do not run ad networks. We do not use your data to train any artificial-intelligence model.
• We do not knowingly collect data from anyone under 13. The app is rated 13+ on both stores.

We organise the data we collect by category, in plain language. The Apple App Store "Privacy Nutrition Label" categories and the Google Play "Data Safety" categories are mapped against this list in §11 below.

2.1 Data you give us directly

• Phone number — used as your sign-in identifier (OTP-based login). Stored hashed where used as an account key. We do not send marketing SMS.
• Birth data — date, time, and place of birth, plus an optional display name and relationship label per chart. This is the foundation of every reading the app produces. It is stored encrypted using modern, authenticated encryption; the encryption key is held in our secure key-management system and is never exposed to the app or to analytics.
• Preferences — your chosen language (one of eight Indian languages), your chart-style preference (North or South Indian), your ayanamsha preference (Lahiri default; Raman or KP if you change it), your notification opt-ins.

2.2 Data we generate about your usage

• Aggregate, non-identifying analytics events — which screens you open, which features you use, anonymous error counts. These are recorded against a random installation identifier. No birth data, no phone number, no name appears in any analytics event. Personal-data scrubbing is enforced both at the analytics layer and by an automated check that prevents any new code from accidentally including birth-related fields.
• Crash reports — diagnostic information and device model when the app crashes. Personal data is removed before transmission. Used only to fix bugs.

2.3 Data your device provides automatically

• Device location (only if you grant it) — used solely for the daily Panchanga widget so the sunrise/sunset and Rahu Kalam windows are accurate to your actual location. We do not store location history. We compute Panchanga, then discard the coordinates after the request completes.
• Device language + timezone — used to default the app's language and to convert birth time correctly. Standard mobile-OS metadata.
• Push-notification token (only if you opt in) — used to deliver dasha-change and daily-Panchanga notifications. Tied to your installation, not to your phone number.

• To produce your readings. Your birth data is fed into the astronomical engine to produce your charts, dashas, transits, and so on.
• To deliver notifications you opted into. Push tokens go to Apple Push Notification service or Firebase Cloud Messaging — see §6.
• To improve the app. Aggregate, non-identifying analytics events tell us which features users find valuable and which crash. These are de-identified at the SDK boundary.
• To support you. If you write to info@sailright.tech, we use the email contents to respond and resolve your issue.
• To meet legal obligations. If a valid court order under Indian law requires disclosure, we will comply — but we will minimise disclosure to what the order specifically requires, and we will notify you unless legally prohibited from doing so.

What we do not do: we do not use your data for advertising, do not sell or rent it to third parties, do not run ad networks inside the app, do not train any machine-learning model on your birth data, and do not share it with any other commercial party.

Under the Indian Digital Personal Data Protection Act 2023, we rely on the following legal bases:

• Consent — for collecting your birth data, for sending push notifications, for accessing your device location. Consent is captured at the point each data-flow begins, and you can withdraw it at any time inside the app.
• Performance of a contract — for the data we need to deliver the service you signed up for (your readings).
• Legitimate interest — for aggregate, non-identifying analytics that improve the app for everyone.

If you are an EU/UK user, the same bases apply under GDPR. We do not currently serve EU/UK users as a primary market, but the protections below apply globally.

AstroRight operates from data centres located in India (Mumbai region). Your birth data is stored encrypted at rest using modern, authenticated encryption. All connections between your device and our servers are encrypted in transit.

Backups are encrypted with the same protections as the live data and retained for 30 days. After 30 days, backups are cryptographically erased.

We minimise the number of outside services your data ever touches. Every service listed below is contractually bound by a Data Processing Agreement that prohibits using your data for anything other than providing service to AstroRight.

What you will not find inside AstroRight: no advertising code, no marketing-attribution trackers, no social-media tracking pixels. The app contains zero third-party advertising or tracking code of any kind.

Your account and birth data — retained as long as your account exists. The moment you delete your account from inside the app, the deletion cascade begins. Live records are removed within 24 hours; encrypted backups are cryptographically erased within 30 days. After that, no copy of your data exists in our systems.

Aggregate analytics — retained for 24 months in non-identifying form, then aggregated and the row-level events are discarded.

Support emails — retained for 24 months for follow-up reference, then deleted.

You have the following rights at all times. Each is exercisable from inside the app or by emailing info@sailright.tech; we will action requests within 30 days (typically within 24 hours).

• Right to access. You can export every chart and every preference we hold for you, in machine-readable JSON, from Settings → Privacy → Export my data.
• Right to correction. You can edit any birth data you've entered, at any time. Re-computation runs automatically.
• Right to erasure. Settings → Account → Delete account — one tap. Erasure completes within 24 hours, backups within 30 days.
• Right to withdraw consent. You can revoke push-notification consent, location-access consent, and analytics-opt-in independently in Settings.
• Right to portability. The export above is your portability mechanism. The format is documented and stable.
• Right to object. Email info@sailright.tech with your objection. We will respond within 30 days.
• Right to lodge a complaint. India: Data Protection Board of India under the DPDP Act. EU/UK: your local Data Protection Authority.

AstroRight is rated 13+ on both Apple App Store and Google Play. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently received data about a child under 13, please email info@sailright.tech and we will delete the relevant records within 7 days.

For users between 13 and 18, the parental-consent provisions of the DPDP Act apply. The app surfaces the disclaimer on first launch; we recommend a parent or guardian review the app and this policy before a minor uses it.

We follow the principles of defence in depth. Specifically:

• Your birth data is stored encrypted using modern, authenticated cryptography.
• All connections between the app and our servers are encrypted in transit.
• Sign-in tokens are stored in your phone's secure storage area (Apple Keychain on iOS, the equivalent secure store on Android).
• Inside our servers, only the live application can read or write your data — no broader access is granted.
• We commission an independent security review every quarter; a summary of each review is published in this document's revision log.
• Incident response: any confirmed data breach is disclosed to affected users within 72 hours of confirmation, in accordance with the DPDP Act §8(6).

No system is perfectly secure. If you discover a vulnerability, please email security@astroright.app — we will respond within 48 hours and credit you in our security acknowledgements page if you'd like.

The two stores require us to disclose data practices in standardised forms. The disclosures below match the longer-form text above.

11.1 Apple App Store — Privacy Nutrition Label

• Data Used to Track You: None.
• Data Linked to You: Phone number (for sign-in only); Other User Content (your birth data, encrypted); Diagnostics (crash reports, no PII).
• Data Not Linked to You: Aggregate usage data (which screens are opened, anonymised), Diagnostics (crash logs).

11.2 Google Play — Data Safety

• Data collected: Personal info (name — optional, phone number — sign-in only); App activity (in-app actions, anonymised); Diagnostics (crash logs); Approximate location (only with your permission, only for Panchanga).
• Data shared with third parties: Only what's necessary for service operation — anonymous push tokens to Apple's and Google's push systems, anonymised crash diagnostics to our error-monitoring provider. Nothing shared for advertising, marketing, or sale.
• Encryption in transit: Yes — all data is encrypted between your device and our servers.
• Data deletion: Yes — Settings → Account → Delete account (one-tap, 24-hour completion).
• Independent security review: Quarterly.

If we update this policy in a material way (changing what data we collect, who we share it with, or how long we keep it), we will:

• Update the effective date at the top of this page.
• Show an in-app notice on next launch summarising the change.
• If the change affects existing users' data in a way that requires renewed consent under the DPDP Act, prompt for that consent before proceeding.

The full revision history is appended below.

For any privacy question, the fastest path is to email info@sailright.tech.

For regulatory complaints: the Data Protection Board of India (when constituted under the DPDP Act).

Operator: SailRight Tech, a registered company in India. Postal address available on request via the privacy email above.