Privacy Policy | Lagna360

At a Glance

This summary is provided for convenience and is not a substitute for the full policy below.

Account-level data: just your email — used as your unique login identifier. We do not require or store your name.
Charts you create: you enter birth date, time, and place values along with a label of your choosing. The label may be your own name, someone else's, a public figure, or anything fictional — we do not verify and we do not attempt to attribute whose data a chart describes. The Service treats every chart as your private content.
Other data: the chats and reports you create inside the product, and standard technical data (device, browser, IP address, usage events).
Why we collect it: to compute charts, generate AI-powered Vedic astrology insights, run subscriptions, prevent abuse, and improve the product. We do not sell your personal information.
Where it lives: on AWS infrastructure in the United States, with payments handled by Stripe (Merchant of Record). Other sub-processors are listed below.
Cookie and marketing consent: granular and revocable, managed via our cookie banner and account settings. A separate, unbundled consent surface for processing your birth data will be introduced shortly; until then, processing is grounded in your acceptance of our Terms of Service together with the explicit consent described below.
Your control: from the Personal Data and Privacy button on your account page you can see what we hold, export it, and delete your account. If you need anything beyond what these controls cover, see "How to Reach Us" below.
EU and UK users: formal data subject rights requests (such as access, erasure, or objection) must be initiated through our appointed representative, Prighter — see the "Representative" section below.

What We Don't Do

We do not sell your personal information.
We do not build behavioral profiles of you for advertising or scoring purposes.
We do not enrich your data by pulling information about you from outside sources, data brokers, or social platforms. The only data we hold about you is what you entered yourself.
Astrological interpretations are computed on demand from your inputs — not stored separately, and never used to build a profile, persona, or scoring model.

Important Notice for Existing Users

If you created your Lagna360 account before May 9, 2026, the version of this Privacy Policy in effect at the time of your signup governed our processing of your information until that date. From May 9, 2026 onward, your continued use of the Services is governed by this updated Privacy Policy, which provides additional clarity about how we treat astrological data under privacy regulations (in particular, the special category data provisions of the UK GDPR and the EU GDPR).

We are introducing an updated acknowledgment mechanism at signup for all new accounts. Existing users will be invited to review and reaffirm their acknowledgment at next login. If you do not log in within 90 days of May 9, 2026, your continued use of the Services will be deemed to be governed by this updated Privacy Policy; we will not suspend or restrict your account on this basis. You may review what data we hold about you, change your settings, or delete your account at any time via app.lagna360.com.

Who We Are

This Privacy Policy is provided by Lagna360 Labs Inc., operating as Lagna360 from Ontario, Canada ("Company", "we", "us", or "our"). It explains how information about you is collected, used, and disclosed when you use and access our Vedic astrology web platform — the marketing site at lagna360.com (the "Site") and the signed-in account experience at app.lagna360.com — together with all related tools and services (collectively, the "Services"). Lagna360 is delivered as a web application; we do not publish a native desktop or mobile app.

Lagna360 Labs Inc.
100 King Street West, Suite 5700
Toronto, ON M5X 1C7, Canada

We may change this Privacy Policy from time to time. If we make material changes, we will notify you by revising the date at the top of the policy and, where appropriate, by additional notice (such as a banner on our homepage or an email notification). We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices.

The address above is our registered office, published to identify the legal controller of your personal data as required by privacy law. It is not a contact channel — see "How to Reach Us" below for how to get in touch with us.

How to Reach Us

Notice for EU and UK users: If you are located in the European Union or United Kingdom, privacy and data subject rights requests must be initiated through our appointed representative, Prighter. See the "Representative" section below for details.

We keep this simple. The fastest and most secure way to exercise your rights — see what we hold, export it, correct it, change your consent, or delete your account — is the Personal Data and Privacy button on your account page, located directly below the Danger Zone (which contains the Delete Account control). Because you are already authenticated, we do not require additional identity verification; requests submitted from this page are typically processed within 24 hours.

From the Personal Data and Privacy page, you can:

See the personal data we hold about you, broken down by category (account, birth data, charts, chat history, generated reports, events, marketing preferences);
Read what each category is used for and which legal basis applies;
Export your data in a structured, machine-readable format — JSON for chart and chat data, CSV for events;
Correct account information and birth data;
Withdraw cookie and marketing consent independently of your account.

Account deletion (which permanently removes all your personal data) is available from the Danger Zone immediately above the Personal Data and Privacy button.

We aim to make these controls cover the requests most users need, but they may not cover every edge case or jurisdiction-specific right. For anything not handled there — including escalations, complaints, restriction or objection requests, requests on behalf of someone else (for example, a deceased user), or requests where you cannot access your account — write to us at the support address: support [at] lagna360.com. We may ask you to verify your identity before processing email requests, since we cannot rely on session authentication. We respond within the timeframes set out in the regional notices below — generally without undue delay and within 30 days, with a 45-day window for California requests.

We do not accept privacy requests, support inquiries, or other correspondence by physical mail. Letters posted to our registered office are not monitored or routed to our privacy team.

Information We Collect

Information you provide to us. At the account level, we collect only your email address, which serves as your unique identifier. We sign you in either via Google Sign-In or by sending a one-time code to your email; we do not collect or store passwords. When you sign in with Google, we discard the name and other profile fields Google returns and retain only your email and the Google subject identifier. When you contact support or send us an email, we receive whatever information you choose to include.

Chart inputs and special category data. The charts you create inside the Service contain birth date, birth time, and birth location values that you enter, along with a label of your choosing. We do not verify these values, and we do not attempt to attribute whose data a chart describes — they may be your own, someone else's, a public figure's, or fictional. To the extent any chart relates to a real living individual, and because Vedic astrological output may reveal information about philosophical or spiritual beliefs, that chart's inputs are treated as "special category" personal data under Article 9 of the UK General Data Protection Regulation (UK GDPR) and equivalent provisions of the EU GDPR. The legal bases on which we process this data are set out in the "Legal Bases for Processing" section below. We use chart inputs solely to generate charts and provide astrological insights; we do not use them for any other purpose. We apply additional safeguards to protect this data, including encryption at rest and in transit, role-based access controls, and architectural separation between identifying data and analytics records.

Information we collect automatically. When you access or use the Services, we may automatically collect:

Log information: how you interact with the Services, browser type and language, access times, pages viewed, time spent, your IP address, and the page you visited before navigating to the Services.
Device information: hardware model, operating system and version, unique device identifiers, and mobile network information.
Cookies and similar technologies: see the "Cookies and Tracking Technologies" section below for full detail.

How We Use Information

We use the information we collect to:

Provide, maintain, analyze, test, and improve the Services and our technology;
Deliver the Services you request — including chart computation, AI-generated interpretations, subscriptions, and one-time reports — and process related transactions, confirmations, and invoices;
Send technical notices, updates, security alerts, and administrative messages;
Respond to your comments, questions, and requests, and provide customer service;
Where permitted, send you marketing communications about products, services, offers, and events (you can opt out at any time);
Monitor and analyze usage, performance, and product activity;
Detect, investigate, and prevent fraud, abuse, and other illegal activity;
Personalize the Services and conduct research and development;
Carry out the purposes for which the information was specifically collected.

Note on the use of Chart information. We treat the information contained in the charts you create using the Services ("Charts") as Confidential Information, with use limited in accordance with the confidentiality obligations set forth in our Terms of Service. Chart generation itself is fully deterministic — performed by Swiss Ephemeris astronomical software — and does not involve artificial intelligence. AI inference (AWS Bedrock) is used only in our AI chat feature, where it processes the questions and chat content you submit. AI inference is performed within Lagna360's AWS environment under contractual terms that prohibit the model provider from using your data to train foundation models or sharing it with third parties. Processing does not involve human access to your Charts unless (1) you provide your consent (for example, to enable customer support); or (2) we are required to do so by law.

Legal Bases for Processing

We process your personal data on a small number of well-established legal bases. The categories below describe what we rely on and when. Where applicable, we have noted the corresponding provisions of the UK and EU General Data Protection Regulations (GDPR) for users in those jurisdictions; users in California, India, Canada, and elsewhere have analogous rights and protections under their local privacy laws, described in the regional notices later in this policy.

General Bases

Performance of a contract: to process your Charts, generate interpretations, deliver subscriptions and one-time reports, and provide the Services you have requested. The Service cannot function without this processing. (Corresponds to Article 6(1)(b) GDPR for EU/UK users.)
Legitimate interests: to send operational communications, secure our Services against fraud and abuse (including via bot prevention), measure advertising effectiveness on an aggregated basis, analyze usage patterns to improve the Services, and respond to your support correspondence. You may object to processing based on legitimate interests at any time. (Corresponds to Article 6(1)(f) GDPR for EU/UK users.)
Compliance with legal obligations: to meet regulatory obligations such as financial recordkeeping and breach notification. (Corresponds to Article 6(1)(c) GDPR for EU/UK users.)
Consent (cookies, advertising, marketing): we ask for this consent only for non-essential cookies, cross-context behavioral advertising, and marketing communications — nothing else. You may withdraw it at any time via our cookie banner or marketing settings, and doing so will not affect your access to the Service. This is not the same consent we rely on to process your chart inputs. That separate consent is described in "Special Category Data" immediately below; it is intrinsic to the Service and can only be withdrawn by deleting your account, because we cannot generate charts without processing the values you enter. (Corresponds to Article 6(1)(a) GDPR for EU/UK users.)

Special Category Data

Because Vedic astrological output may reveal information about philosophical or spiritual beliefs, the birth data values you enter, the Charts generated from them, and your chat content can constitute sensitive or special category personal data — to the extent any such chart relates to a real living individual. We process this data on the basis of your explicit consent. Until our unbundled consent surface is introduced shortly, this consent is captured as part of your acceptance of our Terms of Service; existing users will be asked to confirm it on the dedicated surface when it ships. (For EU/UK users, this constitutes special category data under Article 9 of the UK GDPR / EU GDPR, processed on the basis of explicit consent under Article 9(2)(a).)

This acknowledgment is intrinsic to using the Service: we cannot generate charts or astrological insights without processing this data. You may withdraw this acknowledgment at any time by deleting your account, which will result in deletion of all Chart data, chat history, and generated reports tied to your account, in accordance with the "Data Retention" section below.

Cookie and Marketing Consent

Your consent to non-essential cookies, cross-context behavioral advertising, and marketing communications can be granted, customized, or withdrawn at any time via our cookie banner (re-openable from the "Cookie Preferences" link in the footer) and your account marketing settings — without affecting your access to the Service.

A separate, unbundled consent surface for processing your birth data will be introduced shortly. Until it ships, processing of birth data is grounded in your acceptance of our Terms of Service together with the explicit consent described in "Special Category Data" above; existing users will be asked to confirm their consent through the dedicated surface when it is introduced.

Automated Processing and Artificial Intelligence

Our Services involve two distinct kinds of automated processing, and it is useful to distinguish them clearly:

Deterministic computation. Chart generation — including planetary positions, divisional charts, dasha periods, and all astronomical calculations — is performed by deterministic software (Swiss Ephemeris). The output is mathematically determined by the inputs you provide; the same inputs always produce the same output. This processing does not involve artificial intelligence and is not "automated decision-making" within the meaning of Article 22 of the UK GDPR or EU GDPR.

AI inference. Artificial intelligence is used only in our AI chat feature, where you submit questions and receive AI-generated responses. AI inference runs on AWS Bedrock under contractual terms that prohibit the model provider from using your data to train foundation models, prohibit sharing your data with the underlying model provider, and limit retention of your prompts and responses to the request lifecycle.

Neither of these processes makes decisions that have legal or similarly significant effects on you, and the content they produce is informational and entertainment in nature. If you have concerns about an interpretation or AI response, contact us as described in "How to Reach Us" — we will review your concern, examine the inputs and outputs of the process, and respond.

Cookies and Tracking Technologies

Cookies are small data files stored on your device. We use cookies and similar technologies (including web beacons and server-side event tracking) to operate the Services, understand usage, and — with your consent — measure advertising effectiveness.

Categories of cookies and trackers we use:

Strictly necessary (always on): required for the Services to function — session management, security features, and user authentication. These cannot be disabled.
Analytics: Google Analytics 4 (GA4), used to understand aggregate usage. Set only with your consent.
Advertising and marketing: Meta Pixel (Facebook/Instagram) and Google Ads, used to measure advertising effectiveness and deliver relevant advertisements. Set only with your consent. We use server-side event tracking for some advertising platforms, sending hashed or anonymized identifiers and conversion events directly from our servers.
Bot prevention: Google reCAPTCHA, used on signin, signup, and other sensitive endpoints to detect and block automated abuse. reCAPTCHA collects device and application data and sends it to Google for analysis. Use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

Cookie banner — granular control. Our cookie banner offers three options:

Essential only — sets only strictly-necessary cookies; no analytics or advertising;
Accept all — enables all categories;
Customize — independently toggle analytics and advertising categories.

For users in the UK and EEA, no non-essential cookies are set until you make an affirmative selection. You may re-open the banner and change your selection at any time using the "Cookie Preferences" link in the footer of every page. We honor Global Privacy Control (GPC) signals as a valid request to opt out of the sale or sharing of personal information for cross-context behavioral advertising.

Other ways to manage preferences:

Your browser settings;
Platform-specific opt-outs available through Google's Ad Settings, Meta's Ad Preferences, and industry opt-out programs (Digital Advertising Alliance and European Interactive Digital Advertising Alliance).

Sharing of Information

As a general rule, we limit the circumstances in which we disclose your information to third parties. We share information only as described in this policy, to run our business, provide and improve the Services, and comply with legal requirements. There is no human access to your Charts except as explicitly described above, and any sharing is subject to the confidentiality obligations set forth in our Terms of Service.

Sub-processors and service providers. We engage the following providers, each bound by a written Data Processing Agreement (DPA) requiring confidentiality, security, and processing only on our documented instructions:

Amazon Web Services (AWS): primary cloud infrastructure, operating in US data center regions. Hosts our application, databases, AI inference (AWS Bedrock), authentication (AWS Cognito), email delivery (AWS SES), and content delivery (AWS CloudFront). Processing is governed by AWS's GDPR Data Processing Addendum, which incorporates the EU Standard Contractual Clauses for cross-border transfers.
Stripe: payment processing and Merchant of Record for all subscription billing and one-time purchases, operating on US infrastructure. Stripe collects and holds your payment method information and transaction history; Lagna360 does not receive or store payment card details.
Google: Google Analytics 4 (website analytics), Google reCAPTCHA (bot prevention), Google Maps Platform APIs (server-side geocoding and time zone lookups for chart computation, called from our servers without exposing your end-user identity to Google), and Google Sign-In (when used for authentication). Operates on US infrastructure.
Meta: Meta Pixel and Conversions API for advertising measurement, operating on US infrastructure. Meta receives page view and conversion events; we hash personally identifying fields where applicable.
Zoho: email infrastructure for our support inbox, used for support correspondence and operational communications. Operates on US infrastructure.

Other circumstances in which we may share information:

In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by law;
If we believe your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property, and safety of us or others;
In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition (provided that your Charts will remain subject to the confidentiality obligations);
With your consent or at your direction.

We may also share aggregated or de-identified information that does not directly identify you.

International Data Transfers

Lagna360 is incorporated in Ontario, Canada. Your personal data is processed and stored in the United States via our cloud infrastructure providers, primarily Amazon Web Services (AWS) operating in US data center regions. Our other material sub-processors (Stripe, Meta, Google, Zoho) also operate primarily on US infrastructure. If you are located outside Canada or the United States, your information will be transferred internationally to the United States.

To make these international transfers lawful, we rely on the certifications and contractual safeguards our sub-processors have established. Each of our material sub-processors — AWS, Stripe, Google, Meta, and Zoho — is contracted under an industry-standard Data Processing Agreement that covers the transfer mechanisms required by the privacy laws applicable to you. These include, where relevant, the EU and UK Standard Contractual Clauses, the EU-US Data Privacy Framework certifications (AWS, Stripe, Google), and equivalent safeguards under PIPEDA, the DPDP Act, and other regional laws.

We do not maintain our own transfer agreements with individual data subjects; the protections you benefit from flow through these sub-processor Data Processing Agreements.

Data Retention

We retain your personal information for as long as necessary to maintain your account and provide the Services, comply with legal obligations, and resolve disputes and enforce agreements.

Specific retention periods:

Account, chart, and chat data: retained for the duration of your account; deleted from primary storage within 24 hours of account deletion. Backup copies are overwritten by normal backup rotation within 35 days; during that window, backups are access-restricted, used solely for disaster recovery, and not used to re-personalize analytics or marketing.
Generated reports (PDF): same as above.
Operational analytics records: stored separately from your identifying data, keyed only by an internal opaque token. After your account is deleted and the token-to-identity mapping is destroyed, these records persist as pseudonymized analytics data used for aggregate cohort analysis. Where feasible, we further generalize fields (for example, IP-derived geolocation to country, timestamps to date) to reduce re-identification risk.
Website analytics (Google Analytics): user-level data retained for 2 months.
Marketing preferences: until you opt out.
Payment records (held by Stripe): 7 years (financial regulatory requirement; outside Lagna360's control).
Support correspondence (held by Zoho): 3 years from last message in thread.
Operational and security logs: 30 days for application logs; 7 years for audit logs (with personal data minimized).

We maintain a detailed Data Retention Policy as part of our internal compliance documentation.

Security

We take reasonable and appropriate measures to protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. Measures include encryption of sensitive data at rest and in transit, role-based access controls, network isolation, audit logging, and regular security assessments. No system is perfectly secure; if you have reason to believe your interaction with us is no longer secure, please contact us immediately as described in "How to Reach Us".

Your Rights and Choices

You have meaningful control over your data. Many of these rights are available to all users; some are specific to particular jurisdictions and are detailed in the regional notices below. To exercise any of these rights, see "How to Reach Us" above — the Personal Data and Privacy page in your account is the primary, fastest, and most secure channel.

Account information and birth data. You may update or correct your account information and birth data at any time from the Personal Data and Privacy page in your account.

Data export and portability. You may export a copy of your personal data in a structured, commonly-used, machine-readable format — typically JSON for chart and chat data and CSV for events — directly from the Personal Data and Privacy page.

Account deletion. You may delete your account at any time from the Danger Zone on your account page, immediately above the Personal Data and Privacy button. To prevent confusion about ongoing subscription charges, our self-service flow asks you to first cancel any active subscription via the Stripe Customer Portal; once your current billing period ends, you can delete your account from your settings. Account deletion permanently removes your account profile, Charts, chat history, and generated reports from our systems.

Erasure timing. Self-service deletion is typically processed within 24 hours. If you cannot complete self-service deletion (for example, because you cannot access your account or your request requires manual handling), contact us as described in "How to Reach Us". We will process the request without undue delay and in any event within 30 days, including coordinating subscription cancellation on your behalf where relevant.

What persists after deletion. Stripe retains transaction records as required by financial regulations. Meta and Google retain advertising and analytics data per their own retention schedules. We retain pseudonymized analytics records (with no link back to your identity after deletion is complete) for longitudinal product analysis. Cached and backup copies are overwritten by normal rotation within 35 days, after which all traces are removed from our systems.

Cookie preferences. Manage non-essential cookies via the cookie banner (re-openable from the "Cookie Preferences" link in the footer), your browser settings, or the platform-specific opt-outs listed in the "Cookies and Tracking Technologies" section. We honor Global Privacy Control (GPC) signals.

Marketing communications. You may opt out of marketing emails at any time using the unsubscribe link in any marketing message or from the Personal Data and Privacy page in your account. If you opt out, we may still send non-marketing communications, such as account, billing, security, and service notices.

Children's Privacy

Our Services are intended for a general adult audience. We do not knowingly collect personal information from:

Children under 13 years of age in the United States;
Children under 16 years of age in jurisdictions where that is the applicable threshold (including parts of the European Union);
Children under 18 years of age in India, where the Digital Personal Data Protection Act, 2023 defines a "child" as anyone under 18.

How we apply this in practice. We do not perform active age verification. Doing so would require us to collect additional personal information — such as government-issued ID, credit card details, or biometric age estimation — which would run counter to the data-minimization posture of this policy and to the requirements of the same laws cited above. Instead, we rely on the age eligibility requirement in our Terms of Service and on prompt reactive deletion when an under-age account is brought to our attention. The account-level data we do collect (an email address) is not sufficient on its own to determine a user's age.

If you are a parent or guardian and believe a child under the applicable threshold has created an account or provided information through the Service, contact us as described in "How to Reach Us" and we will delete the account and associated data promptly. If you are a minor under the age of majority in your jurisdiction, please obtain parental or guardian consent before using our Services.

▶Notice to Users in Canada

Lagna360 Labs Inc. is incorporated in Ontario, Canada. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, provincial privacy laws including Quebec's Act respecting the protection of personal information in the private sector (commonly known as Law 25).

Your rights under Canadian privacy law include:

Access: request access to the personal information we hold about you;
Correction: request correction of inaccurate personal information;
Withdrawal of consent: withdraw consent for processing where consent is the legal basis (subject to legal or contractual restrictions);
Portability (Quebec): request transfer of computerized personal information in a structured, commonly-used technological format;
Complaint: file a complaint with the Office of the Privacy Commissioner of Canada or, for Quebec residents, the Commission d'accès à l'information du Québec.

Privacy Officer. In accordance with PIPEDA and Quebec Law 25, we have designated a Privacy Officer responsible for compliance with applicable Canadian privacy law. To reach the Privacy Officer, see "How to Reach Us" above.

Cross-border transfer notice. As described in the "International Data Transfers" section, your personal information is transferred to and processed in the United States by our cloud and service providers. Personal information transferred outside Canada may be accessible to foreign government, regulatory, and law enforcement authorities under the laws of the receiving jurisdiction.

Breach notification. Where a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada in accordance with PIPEDA, and the relevant Quebec authority where applicable.

▶Notice to Users in California

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to know: the categories of personal information we collect, the sources, the business purposes, the categories of third parties with whom we share information, and the specific pieces of personal information we hold about you.
Right to delete: request deletion of your personal information, subject to certain legal exceptions.
Right to correct: request correction of inaccurate personal information.
Right to opt out: opt out of the sale of personal information (we do not sell personal information for monetary consideration) and the sharing of personal information for cross-context behavioral advertising.
Right to limit use of sensitive personal information: birth date, time, and location used for chart generation are used only to provide the Services you requested.
Right to non-discrimination: we will not discriminate against you for exercising these rights.

Categories of personal information collected:

Identifiers (name, email, IP address);
Personal information (birth date, birth time, birth location);
Internet or other electronic network activity (browsing history, interactions with the Services);
Geolocation data (derived from IP address);
Inferences (astrological interpretations).

Sale and sharing. We do not sell your personal information for monetary consideration. Under CCPA/CPRA, our use of advertising pixels (Meta Pixel, Google Ads) constitutes "sharing" of personal information for cross-context behavioral advertising. You can opt out at any time by:

Adjusting your cookie consent preferences via our cookie banner;
Sending a Global Privacy Control (GPC) signal — we recognize and honor GPC signals as a valid opt-out request;
Following the platform-specific opt-out instructions in the "Cookies and Tracking Technologies" section;
Contacting us as described in "How to Reach Us" with the subject "CCPA Opt-Out — Do Not Share My Information."

We will honor opt-out requests within 15 business days as required by CCPA/CPRA, and respond to verifiable access, deletion, and correction requests within 45 days.

▶Notice to Users in the United Kingdom and EEA

GDPR Certification: Art 27 representation by Prighter

UK-GDPR Certification: Art 27 representation by Prighter

If you are in the United Kingdom ("UK") or the European Economic Area ("EEA"), you have rights and protections under the UK GDPR and EU GDPR. The legal bases on which we process your personal data are described in the "Legal Bases for Processing" section above. Your personal data is transferred to and processed in the United States by our cloud infrastructure providers (primarily AWS), as described in the "International Data Transfers" section, under the UK International Data Transfer Addendum and the EU Standard Contractual Clauses.

Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

European Union (EU)
United Kingdom (UK)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/17215931255

Your Rights

Access: obtain confirmation of whether we process your personal data and, if so, a copy of that data.
Rectification: have inaccurate personal data corrected.
Erasure ("right to be forgotten"): have your personal data deleted in the circumstances set out in Article 17.
Restriction: restrict processing in the circumstances set out in Article 18.
Portability: receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller (Article 20).
Objection: object to processing based on legitimate interests, including direct marketing (Article 21).
Withdraw consent: withdraw any consent previously given, including for non-essential cookies and marketing, without affecting the lawfulness of processing prior to withdrawal.
Lodge a complaint: UK residents may complain to the UK Information Commissioner's Office (ICO). EEA residents may complain to their local Data Protection Authority; contact details are available through the European Data Protection Board.

We will respond to verifiable requests without undue delay and in any event within one month, with the possibility of a two-month extension where requests are complex or numerous (in which case we will notify you within the first month).

Marketing to UK and EEA Users

We send marketing emails to UK and EEA users only with prior opt-in consent, except where we rely on the "soft opt-in" permitted under UK PECR and the ePrivacy Directive — that is, where you are an existing customer who provided your email in the context of a purchase, the marketing relates to similar products and services, and you were given an opportunity to opt out at the time of collection and in every subsequent message. You may opt out at any time using the unsubscribe link in any marketing email or via your account settings.

▶Notice to Users in India

If you are in India, the Digital Personal Data Protection Act, 2023 (DPDP Act) provides you with rights regarding your personal data.

Your rights under the DPDP Act:

Right to access information about your personal data;
Right to correction and erasure of personal data;
Right to grievance redressal;
Right to nominate another person to exercise rights on your behalf.

Consent. Under Section 6 of the DPDP Act, we process your personal data primarily on the basis of your consent, which you provide at signup as a free, specific, informed, unconditional, and unambiguous indication of your agreement to the processing described in this policy. You may withdraw your consent at any time by deleting your account; the consequence of withdrawal is that we can no longer provide the Services to you, since the Services cannot function without processing your birth data. We may also process your personal data for the limited "legitimate uses" permitted under Section 7 of the DPDP Act, such as compliance with a court order or other legal obligation, prevention and investigation of fraud, and responding to medical emergencies.

Data Fiduciary. Lagna360 Labs Inc. (operating as Lagna360) acts as a Data Fiduciary under the DPDP Act.

Children. Under the DPDP Act, a "child" is any individual under the age of 18. We do not knowingly process personal data of children, and our Services are not directed to users under 18 in India. Where we process such data inadvertently, we will delete it promptly upon notice. We do not engage in tracking, behavioural monitoring, or targeted advertising specifically directed at children.

Grievance Officer. To reach the Grievance Officer, see "How to Reach Us" above. We will respond to grievances within 30 days.

Data Breach Notification

In the event of a personal data breach that affects your information, we will:

Notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms (or equivalent local-law standard);
Notify the relevant supervisory authorities as required by law (within 72 hours under the UK GDPR/EU GDPR, and in accordance with PIPEDA, Quebec Law 25, the DPDP Act, and applicable US state laws);
Provide information about the nature of the breach, the categories of data involved, the likely consequences, and the steps you can take to protect yourself.

Questions or Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, see "How to Reach Us" above. We aim to respond to all inquiries within 30 days. If you are in the UK or EEA and have a concern we are unable to resolve, you have the right to lodge a complaint with the UK ICO or your local Data Protection Authority.