Privacy Policy
Effective date: June 1, 2026 · thechariottalks.com
This Privacy Policy explains how The Chariot Talks ("we", "our", "us") collects, uses, shares, and protects your personal data when you visit thechariottalks.com or use our services. Please read it carefully. By using our website you agree to the practices described here.
1. Who We Are
The Chariot Talks is an online platform offering Vedic astrology tools (birth chart, kundali matching), daily horoscopes, numerology, tarot readings, astrology courses, and cinematic storytelling rooted in Sanatan Dharma. We operate at thechariottalks.com and can be reached at thechariottalks1@gmail.com.
We are the data controller for all personal data collected through this website. This policy applies to all users, including visitors, registered members, and customers.
2. Data We Collect
2.1 Account & Registration Data
When you create an account we collect:
- Full name
- Email address
- Password (stored as a one-way bcrypt hash — we cannot read it)
- Google profile (name, email, profile picture) if you sign in with Google
- Phone number, delivery address, city, state, and pincode (optional — only if you provide them)
2.2 Astrology & Tool Inputs
Our astrology tools require sensitive personal information to generate results:
- Birth Chart: full name, date of birth, time of birth, and city of birth.
- Kundali Matching: the above details for two individuals (groom and bride).
- Numerology: full name and date of birth (calculated entirely in your browser — not sent to our server).
- Daily Horoscope: zodiac sign only — no name or date of birth required.
Results from Birth Chart and Kundali Matching are saved to your account history so you can review them later. You can delete your tool history from your account dashboard at any time.
2.3 Order & Payment Data
When you purchase a course, tarot reading, tarot deck, or astrology pass, we collect your name, email, phone number, and (for physical deliveries) your full postal address. Payment is processed by Razorpay; we do not receive or store your card details. We do store the Razorpay Order ID, Payment ID, and payment status so we can confirm and service your purchase.
2.4 Contact Form Submissions
If you submit a story idea or collaboration request, we store your name, email, phone number (if provided), and message content.
2.5 Website Usage Data
We collect the following automatically when you browse the site:
- Page path visited and timestamp.
- Approximate geographic location derived from your IP address: country, city, and region (via Vercel infrastructure headers). Your raw IP address is not stored.
This data is used only for aggregated traffic analytics (e.g., which pages are popular, which countries our readers come from). It is not linked to your user account.
2.6 Cookies & Session Tokens
| Cookie | Purpose | Duration |
|---|---|---|
| chariot_session | Keeps you logged in. Contains your user ID, email, and name — encrypted with a server-side secret. HttpOnly, Secure, SameSite=Lax. | Session (cleared on logout) |
| oauth_state | CSRF protection during Google Sign-In. A random token verified at callback. | 10 minutes |
We do not use advertising cookies or third-party tracking pixels (e.g., Google Analytics, Meta Pixel).
3. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create and manage your account | Name, email, password | Contract |
| Deliver astrology tool results | Birth details, name | Contract / Consent |
| Save tool history to your account | Tool inputs and results | Consent (you use the tool) |
| Process and fulfil your orders | Name, email, phone, address, payment IDs | Contract |
| Send transactional emails (OTP, order confirmation) | Email address, name | Contract |
| Respond to contact form submissions | Name, email, message | Legitimate interest |
| Prevent fraud and abuse (rate limiting) | IP address (transient) | Legitimate interest |
| Improve the website (aggregated analytics) | Page path, approximate location | Legitimate interest |
| Comply with legal obligations | Any relevant data | Legal obligation |
We do not sell your personal data. We do not use your data for automated profiling that produces legal or similarly significant effects.
4. Third-Party Services & Data Sharing
We share data with the following service providers only to the extent necessary to deliver our services:
| Service | Role | Data Shared |
|---|---|---|
| Google OAuth | Authentication | Your email and name are returned to us by Google when you sign in with Google. We do not send data to Google independently. |
| Razorpay | Payment processing | Order amount and currency. Your card details go directly to Razorpay and are never seen by us. |
| Resend | Transactional email | Your email address and name to deliver OTP codes and order confirmations. |
| FreeAstrologyAPI (freeastrologyapi.com) | Planetary calculations | Your birth date, time, and geographic coordinates (latitude/longitude/timezone) to compute planetary positions. No name is sent. |
| Anthropic Claude API | Horoscope generation | Your selected zodiac sign and the current date. No personally identifying information. |
| MongoDB Atlas (AWS) | Database hosting | All data described in this policy is stored on MongoDB Atlas servers (typically in a region within India or Asia-Pacific). |
| Vercel | Website hosting & CDN | Your IP address passes through Vercel infrastructure. Vercel extracts approximate geolocation and provides it to our application as request headers. |
| Google Fonts | Typography | Your browser may contact Google Fonts CDN to load fonts. Google may log request metadata per its own privacy policy. |
We may also disclose your data if required by law, court order, or a lawful request from a government authority.
5. Data Retention
- Account data: retained for the lifetime of your account, plus 30 days after deletion to allow for recovery.
- Tool history (birth chart, kundali): retained until you delete it from your account or delete your account.
- Order records: retained for 7 years to comply with Indian accounting and tax regulations.
- Contact form submissions: retained for 2 years.
- Page-view analytics: retained for 12 months, then automatically purged.
- OTP codes: deleted immediately upon successful verification or after 10 minutes (whichever is earlier).
6. Your Rights
Under applicable privacy laws (including India's Digital Personal Data Protection Act 2023 and, where applicable, the EU General Data Protection Regulation), you have the following rights:
- Access: request a copy of the personal data we hold about you.
- Correction: ask us to correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): request deletion of your account and associated personal data, subject to retention obligations above.
- Restriction: ask us to stop processing your data in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Nominate: under the DPDP Act 2023, you may nominate another individual to exercise your rights on your behalf.
To exercise any of these rights, email us at thechariottalks1@gmail.com with the subject line "Privacy Request". We will respond within 30 days.
7. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us and we will delete it promptly.
8. Data Security
We implement industry-standard technical and organisational measures to protect your data, including:
- Passwords hashed with bcrypt (10 rounds) — never stored or transmitted in plain text.
- Session tokens signed with a server-side secret; HttpOnly and Secure flags prevent client-side access.
- HTTPS enforced across the entire site.
- API rate limiting to prevent brute-force and abuse.
- Razorpay HMAC-SHA256 signature verification on every payment before an order is confirmed.
No system is 100% secure. In the unlikely event of a data breach that affects your rights, we will notify you as required by applicable law.
9. International Transfers
Our database is hosted on MongoDB Atlas (AWS infrastructure). Some third-party providers (Resend, Vercel, Anthropic, Google) may process data outside India. Where such transfers occur, we rely on appropriate safeguards (standard contractual clauses or adequacy decisions) to ensure your data receives equivalent protection.
10. Links to Other Websites
Our site contains links to external websites (e.g., our YouTube channel). We are not responsible for the privacy practices of those sites. Please review their privacy policies independently.
11. Changes to This Policy
We may update this policy from time to time. The effective date at the top of this page will reflect the latest revision. Continued use of our services after a change constitutes acceptance of the updated policy. For material changes, we will notify you by email or by a prominent notice on the website.
12. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data: