Privacy Policy

1. Information We Collect

When you use E-Puja, we collect information that you provide directly to us, including:

Account Information: Phone number (used for WhatsApp-based authentication), name, and email address when provided.

Booking Information: Temple preferences, selected puja or darshan services, booking dates and times, special requests, and timezone.

Spiritual Data: Birth date, birth time, birth location (for Kundli/astrology services), family lineage data stored in the Generational Vault, and dosha analysis results. We treat this data with the utmost sensitivity and cultural respect.

Payment Information: Payment details are processed securely through our third-party payment processors. We do not store credit card numbers or bank account details on our servers.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, including: processing your bookings and subscriptions, generating astrological charts and readings, delivering live darshan streams, coordinating prasad delivery, sending booking confirmations and service updates via WhatsApp or email, and personalizing your spiritual experience based on your preferences.

3. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit. We implement industry-standard security measures including SSL/TLS encryption, access controls, and regular security audits. Your Generational Vault data (family lineage records) is encrypted with additional security layers given its deeply personal nature.

4. Data Sharing

We do not sell your personal information to third parties. We share data only with: our verified pandit and seva partner network (limited to the information needed to perform your booked service), payment processors to complete transactions, and delivery services for prasad shipment. We may also share anonymized, aggregated data for analytics purposes.

5. Your Rights

You have the right to: access the personal data we hold about you, request correction of inaccurate data, request deletion of your account and associated data, export your Generational Vault data, and opt out of marketing communications at any time.

6. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We use analytics tools to understand how our services are used so we can improve them. You can control cookie preferences through your browser settings.

7. Children's Privacy

E-Puja is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. Kundli data entered for minors (for astrological purposes) must be submitted by a parent or guardian.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of E-Puja after any changes constitutes acceptance of the updated policy.

9. DPDP Act 2023 Rights (India)

Under India's Digital Personal Data Protection Act, 2023, you have the right to: access a complete copy of your data (download via /api/user/export while signed in); correct inaccurate data via your profile settings; erase your account (soft-delete with a 30-day grace period via /api/user/account DELETE while signed in); withdraw consent at any time; nominate a person to exercise these rights on your behalf; and grievance redressal through the contact below.

10. Encryption & Sensitive Data

Sensitive personal data — including phone number, full address, exact birth time and birth place — is encrypted at the application layer using AES-256-GCM in addition to the database's default at-rest encryption. Encryption keys are stored separately from the database and rotated quarterly. Birth-time precision is treated as health-adjacent data.

11. Data Retention

We retain account data for the lifetime of your account. On account deletion, data is soft-deleted for 30 days (in case of accidental deletion) and then permanently purged. Booking transaction records are retained for 8 years to satisfy Indian tax / GST audit requirements (anonymised after the retention window).

12. Grievance Officer

In compliance with the Information Technology Act, 2000 and DPDP Act 2023, the Grievance Officer for e-Puja is:

Mansi, Founder & Grievance Officer
Email: grievance@epuja.in (or mansi.gal21@gmail.com)
Response within 30 days of complaint receipt.

13. Cross-Border Transfer

e-Puja is hosted on Vercel (USA) with the database in Supabase (AP-South-1, Mumbai). Some operational data may be processed in the United States by our hosting provider. By using e-Puja you consent to this transfer. We do not transfer data to jurisdictions notified by the Indian government as restricted.

14. Contact Us

For data-rights requests, security disclosures, or any privacy concern: support@epuja.in or visit our Contact page.