Privacy

Antara (“we”, “us”) is operated as a sole-proprietor venture based in India. We are the data fiduciary for the personal data described below under the Digital Personal Data Protection Act, 2023 (“DPDP”).

You can reach us at support@antara.digital — the same address is the grievance officer mailbox required under DPDP §10. We answer within seventy-two hours on weekdays.

We collect the smallest amount of personal data the product needs to work. Specifically:

• Birth details — date, time, and place of birth. The astrological calculation engine cannot function without these. The place is used only to resolve a latitude, longitude, and time zone.
• Account identifiers— email address and (if you sign in with Google) your name and profile picture, supplied by Google's OAuth consent screen. We do not request any other Google scopes.
• Generated artefacts — the natal chart, dasha periods, and readings produced from your birth details. These are stored against your account so you can return to them.
• Payment artefacts — when you start a monthly or annual recurring subscription, Razorpay returns an order ID, payment ID, subscription ID (for recurring), and amount captured. We do not see, store, or have access to your card or UPI credentials; those stay with Razorpay.
• Notification preferences — if you opt in to daily-reading push notifications, your browser supplies an endpoint that we store so the push service can reach you. You can revoke this at any time.
• Operational telemetry — anonymous-or-pseudonymous events about which pages load, which features are used, and whether something errored. We do not collect IP-based geolocation beyond the country level, and we explicitly disable session replay.

We do not collect anything in the “sensitive personal data” categories — no health, biometric, financial (beyond payment IDs), caste, religion, or sexual-orientation data. The astrological reading is a literary artefact, not a health or financial recommendation.

Each piece of data has exactly one purpose. We do not combine, profile, or re-purpose anything beyond what is listed here.

• Birth details and generated artefacts produce your reading and let you return to it.
• Account identifiers authenticate you across sessions and devices.
• Payment artefacts prove that an unlock occurred. They are also the financial record required under Indian tax law.
• Notification preferences send the daily-reading push you asked for, and nothing else.
• Operational telemetry tells us when the site is broken, which features are loved, and which are ignored.
• Emails are sent to the address you signed in with: transactional (welcome, payment receipt, account closure), the daily reading every morning (IST), and a short note when your dasha chapter shifts. The daily and chapter-shift mails carry a one-click unsubscribe header, and you can toggle either category from your settings. There is no marketing email.

Antara is a small product built on a stack of specialised providers. Your data is processed by the following sub-processors, each only for the purpose listed:

• Supabase · primary database and authentication. Hosted in their Mumbai (ap-south-1) region. Your account, chart, readings, and subscription rows live here.
• Razorpay · payment processing. Card, UPI, and net-banking credentials stay with Razorpay; we only receive order and payment IDs. India-resident company.
• Google Gemini · generates the reading text from your dasha periods. Your birth details are not sent — only the planetary positions and active periods. Operated by Google LLC; Gemini's Developer API terms confirm that paid-tier content is not used to train their models.
• Resend · sends transactional email. Your email address transits Resend to reach your inbox.
• Upstash · Redis cache for rate-limiting and anonymous-session storage.
• PostHog · operational analytics. Configured US-region (the default cloud). We disable session replay and IP collection beyond country level.
• Sentry · error tracking. Stack traces and the URL on which an error occurred are captured; personal data in error contexts is scrubbed before send.
• Vercel· hosting and edge delivery. Standard request logs are retained per Vercel's default policy.
• Google · OAuth sign-in only. We request only your email, name, and profile picture.
• OpenStreetMap Nominatim · resolves the place-of-birth string you type into a latitude / longitude. The query is sent at the moment you type. We retain the resolved place text alongside the coordinates so the settings / export pages can show it back to you in human-readable form.
• Web Push services · Google FCM (for Chrome / Edge), Apple APNs (for iOS / Safari), and Mozilla autopush (for Firefox) deliver the daily push notification to your device. When you consent to notifications, your browser registers a push endpoint with the relevant service; we store that endpoint URL + the VAPID keys needed to encrypt the payload so only your device can decrypt it. We never send personal content through the push — only the daily heading and prompt text.

Some of these sub-processors are located outside India. DPDP §16 permits such transfer; we will publish a notice here if the Central Government issues restrictions to the contrary.

Account data — chart, readings, subscription, notification settings — is kept for as long as your account is open. When you close your account (Settings → “Close this archive”), everything in the public schema is deleted immediately. The Razorpay payment record stays on the Razorpay side — it is a permanent financial ledger that neither we nor you can erase.

Anonymous chart snapshots stored before sign-in expire from the Redis cache after ninety days. Operational telemetry carries no link back to your identity once your account is deleted; the underlying event rows in PostHog become orphaned and are removed per PostHog's retention policy (currently seven years for aggregate data, but tied to a random distinct ID with no personally identifying linkage).

Under the DPDP Act you have the right to:

• Access · receive a copy of the personal data we hold about you.
• Correct · fix any inaccurate or incomplete data. Birth details specifically can be re-entered from Settings; for anything else, write to the address below.
• Erase· close your archive. Settings → “Close this archive” deletes every public-schema row tied to your account, immediately.
• Grievance · raise a concern about how we handle your data. We respond within seventy-two hours on weekdays. If unresolved, you may escalate to the Data Protection Board of India.
• Nominate· DPDP §13 lets you nominate another person to exercise these rights in the event of your death or incapacity. Email us with the nominee's name and contact and we will note it on the record.

Antara uses three kinds of browser storage and no advertising cookies of any kind:

• Authentication cookies set by Supabase, required for sign-in to work.
• An anonymous-session cookie used to cache your chart before you sign in, so that signing in does not lose your work.
• Local storage of your chart so the page can render instantly on return visits. Clearing your browser's site data clears this.

Antara is not directed to children under eighteen years of age. We do not knowingly collect personal data from anyone under eighteen. If you believe a child has provided data to us, please write to the address below and we will delete it.

We follow standard industry practice: all traffic is over TLS, secrets are kept in a managed environment-variable store and never committed to code, the database is locked behind row-level security policies that prevent one user from reading another's data, and the service-role credentials that bypass these policies are restricted to server-side code that never touches the browser.

In the event of a personal-data breach that is likely to result in significant harm, we will notify you and the Data Protection Board of India as soon as practicable, per DPDP §8(6).

If we make a material change to this policy we will update the “Last updated” date at the top and, where the change affects your existing data, send you a one-time notice by email. Continued use after a change indicates acceptance of the updated policy.

For any question on this policy, to exercise any right listed in section VI, or to raise a grievance under DPDP §10, write to:

Grievance Officer · Antara
support@antara.digital