Privacy Policy
Last updated: 7 May 2026
1. Who We Are
KP Astrology Pro ("we", "us", "our") is a software-as-a-service platform that produces Krishnamurti Paddhati astrology readings. The service is operated as a sole-proprietorship by Arpit Gandhi, based in India. The data controller for the purposes of GDPR / DPDPA / CCPA is reachable at arpitgandhi1934@gmail.com. Day-to-day support: support@kpastrologypro.com.
This policy explains, in plain English, what personal data we collect about you when you use kpastrologypro.com, why we collect it, who we share it with, and the rights you have over it.
2. Data We Collect
We try to collect only what we need. The table below lists every category of personal data we hold, why we hold it, our legal basis under GDPR, and how long we keep it.
| Category | Examples | Purpose | Legal basis (GDPR) | Retention |
|---|---|---|---|---|
| Account data | Name, email, hashed password, plan, last login | Create and authenticate your account | Contract | For the life of the account; 30 days after deletion request |
| Profile / birth data | Profile name, date of birth, time of birth, latitude, longitude, city, timezone, gender, marital status | Compute your KP chart and generate readings | Contract; explicit consent for any "special category" inference | Until you delete the profile, or 30 days after account deletion |
| Payment data | Razorpay or PayPal order ID, payment ID, signature, plan, amount, currency, status — we never see card numbers or bank details | Process subscriptions and one-time purchases, prevent fraud | Contract; legal obligation (tax / accounting) | 8 years (Indian Income Tax Act / GST audit trail) |
| Content you create | Generated readings, feedback ratings, free-text outcome notes, support messages, contact-form submissions | Deliver the service, improve accuracy, respond to you | Contract; legitimate interest (improving rule reliability) | Until profile/account deletion |
| Technical data | IP address, country, city, user-agent, referrer, page visited, session cookie | Keep you logged in, prevent abuse, basic visitor counts | Legitimate interest (security, fraud prevention) | 90 days for visitor logs; session cookie expires on logout |
| Marketing / attribution | UTM parameters, referral codes, lead-form email + name + zodiac | Understand which channels work; send transactional and (if you opted in) promotional email | Consent (marketing); legitimate interest (transactional) | Until you unsubscribe or 24 months of inactivity, whichever is sooner |
3. How We Use Your Data
- Provide the service — generate KP charts, dasha and transit calculations, and AI-written readings (legal basis: contract).
- Deliver reports — send your generated readings as PDFs by email; in the case of Daily Delivery, on a recurring schedule (legal basis: contract).
- Process payments — verify subscription state, issue refunds, settle taxes (legal basis: contract; legal obligation).
- Customer support — respond to your tickets and queries (legal basis: contract; legitimate interest).
- Improve the platform — anonymised feedback ratings train our rule-reliability scoring; we never publish identifiable feedback (legal basis: legitimate interest).
- Marketing email — only if you tick the consent box at signup or via the lead-capture form. You can unsubscribe at any time (legal basis: consent).
4. Sharing With Third Parties
We do not sell your data. We share it only with the processors below, who are contractually bound to use it solely to provide their service to us.
- Razorpay (India) — processes INR card, UPI and netbanking payments. Receives your name, email, amount, and a payment reference.
- PayPal (global) — processes USD, GBP, EUR, AUD, CAD, SGD and AED payments. Receives your name, email, amount, and a payment reference.
- OpenAI, DeepSeek, and Google Gemini — generate the natural-language portion of your readings. We send the AI provider your KP chart numbers and the relevant prompt, which may include your profile name, date of birth, time and city. We do not send your email, password, or payment details. These providers state they do not train models on API inputs by default; please refer to their respective privacy policies.
- OpenStreetMap Nominatim — resolves the city name you type into a latitude/longitude. Only the place name is sent.
- Hostinger (EU / India region) — hosts the application and database, and relays our outgoing email via Hostinger SMTP.
- Sentry (optional, only if enabled) — receives stack traces and error metadata. Sensitive fields (passwords, tokens, card numbers, OTPs, cookies) are scrubbed before transmission.
- Google Analytics 4 (optional, only if you accept analytics cookies) — receives anonymised page-view and event data.
- Microsoft Clarity (optional, only if you accept analytics cookies) — records anonymised heatmaps and session replays. Form fields are masked by default.
We may also disclose data to comply with a binding court order, or to protect our rights, property, or the safety of our users.
5. International Transfers
Our servers are hosted in the EU/India region. The processors above (notably OpenAI, PayPal, Sentry, Google) may store or process data in the United States or other jurisdictions. Where data leaves your region, we rely on the European Commission's Standard Contractual Clauses or the equivalent safeguards offered by each processor.
6. Cookies & Tracking
We use three classes of cookies and similar technologies:
- Essential — session cookie (login state), CSRF token, cookie-consent flag. Cannot be disabled.
- Analytics — Google Analytics 4 and Microsoft Clarity. Only set after you click "Accept All" on the cookie banner.
- Marketing — currently none. If we add advertising or attribution pixels in future, they will require fresh consent.
You can revisit your choice at any time by clearing your browser's site data for kpastrologypro.com — the cookie banner will reappear on your next visit. See the Disclaimer page for our use of generated content.
7. Your Rights
If you are in the EU/EEA/UK (GDPR): you have the right to access your data, correct it, erase it, restrict or object to its processing, port it to another service, and withdraw any consent you have given. You also have the right to lodge a complaint with your local supervisory authority.
If you are in California (CCPA / CPRA): you have the right to know what we collect, to delete it, to correct it, and to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.
If you are in India (DPDPA 2023): you have the right to access, correct, complete, update and erase your personal data, the right to nominate, and the right to grievance redressal. Our designated grievance officer is reachable at arpitgandhi1934@gmail.com.
How to exercise these rights: the fastest route is your dashboard — visit /account to export your data or trigger an account deletion. You can also email support@kpastrologypro.com. We will respond within 30 days.
8. Children's Privacy
The service is not directed at children. We do not knowingly collect personal data from anyone under 16, or under 13 in the United States (COPPA). If you believe a child has created an account, contact us and we will delete it.
9. Data Retention
We retain account, profile, and content data for as long as your account is active. When you request deletion, we soft-delete immediately and purge from primary storage within 30 days. Payment records are retained for 8 years to satisfy Indian tax law. Visitor / IP logs are retained for 90 days. Backups are rotated on a 30-day cycle and then overwritten.
10. Security
We use bcrypt with cost factor 12 to hash passwords, serve all traffic over HTTPS (TLS 1.2+), set strict HTTP security headers via Helmet, and rate-limit authentication endpoints. The database file lives outside the web root on shared Hostinger infrastructure; we do not currently encrypt the database at rest. We are honest about that limitation rather than overstate it. No system is perfectly secure; please choose a strong, unique password.
11. Account Deletion
You can delete your account from /account. Deletion removes your profiles, readings, feedback, and contact details. We retain the minimum payment metadata required by tax law (order ID, amount, date) and anonymise it from your identity. Soft-deleted accounts are recoverable for 30 days by contacting support; after that, deletion is permanent.
12. Changes to This Policy
If we materially change this policy we will email registered users at least 14 days before the change takes effect, and post a notice on the platform. Trivial wording fixes are simply re-published with an updated "Last updated" date.
13. Contact
Privacy / DPO / Grievance Officer: arpitgandhi1934@gmail.com
General support: support@kpastrologypro.com
Operator: Arpit Gandhi (sole proprietor), India.
Effective date: 7 May 2026.