Privacy Policy

Last updated: 17 April 2026

Panchang Platform (“we”, “us”) operates vedpanchang.com and the VedPanchang mobile apps. This policy explains what data we collect, why we collect it, and what we do with it. Our guiding principle: collect as little as possible, never sell user data, and never serve advertising. We use aggregate analytics (detailed below) to understand which pages are useful and which load slowly.

What we collect

Account basics: email, display name, and optionally a profile image from your Google account when you sign in via Google OAuth.
Preferences: your preferred language, home city, panchang school (purnimanta / amanta), ayanamsha, and notification toggles.
Bookmarks and saved cities: only when you explicitly save them.
Push subscriptions: the browser or mobile push token you register when you enable notifications.
Trial history hash: a one-way SHA-256 hash of your normalised email (and optionally a mobile device installation ID) used to prevent a single person from creating many accounts to extend the 30-day free trial. We never store your plaintext email in this table.
Payment metadata: when you upgrade to Premium, we store only the external subscription ID from Razorpay / Stripe / Apple / Google. Card numbers, UPI IDs, bank details, and expiry dates never touch our servers.
Server logs: standard web-server access logs (URL, timestamp, HTTP status, user agent) retained for 30 days to investigate errors and abuse. No IP-based profiling.

What we do NOT collect

Your birth chart, birth time, or place-of-birth details. We don’t build kundalis.
Your contacts, photos, calendar, or any OS-level data other than the push token you explicitly grant.
Advertising IDs or cross-site retargeting profiles.
Payment card data, bank account details, or UPI IDs.

How we use the data

To run the product: show panchang for your city, deliver the notifications you opted in to, sync your bookmarks across devices.
To verify entitlements: check whether a signed-in user is on a premium trial or an active subscription, and which device a subscription is bound to so premium features activate on the right phone / browser / tablet.
To prevent abuse: enforce one free trial per email / device, and reasonable rate limits on API endpoints.
To improve reliability: aggregate crash logs and performance metrics, with no user identity attached.

Third parties

The only third parties that receive any of your data are the ones we directly rely on to deliver the service:

Railway (hosting and database) — stores the data above inside the Panchang Platform account.
Razorpay, Stripe, Apple, Google Play — when you upgrade to paid. They store your payment credentials directly; we only receive the subscription status back.
Expo, Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM), Web Push providers (Mozilla / Google / Microsoft) — to deliver notifications to your devices.
Resend — to send the small number of transactional emails we support (magic-link sign-in, optional trial reminders).
Plausible (when enabled) — aggregate cookieless page-view counts. No personal identifiers leave your device.
Google Analytics 4 (when enabled) — aggregate page-view, device, and referrer metrics via gtag.js. GA drops the _ga and _ga_* cookies and may process the data on US servers. We use GA for product analytics only; we do not enable Google Signals, Google Ads linkage, or demographic / interest reports.

We do not share your data with advertisers or data brokers.

Cookies and analytics

Strictly-necessary cookies (session, CSRF, device fingerprint for entitlement checks) are always set — these are required for the site to function. When Google Analytics is enabled, it additionally sets _ga / _ga_* cookies that are classified as non-essential. Users in the EU, UK, and other consent-required jurisdictions will see a consent banner before GA loads. You can opt out at any time from the banner or your browser cookie settings.

Your rights

You can export or delete your account data at any time. Sign in, open Settings → Account, and use the export or delete buttons. Deletion is immediate and cascades to all related records (bookmarks, push subscriptions, saved cities, subscription history, trial history). There is no soft-delete recovery — once you delete, it’s gone.

India DPDP Act & GDPR

Under India’s Digital Personal Data Protection Act, 2023 and the EU GDPR, you have the right to: access your data, correct it, withdraw consent (by disabling or deleting your account), and lodge a complaint with your regulator. Contact privacy@vedpanchang.com for any data request and we will respond within 30 days.

Children

The service is intended for users aged 13 and above. We do not knowingly collect data from children under 13. If you believe a child’s data has been collected, email us and we will remove it.

Changes

If we change this policy we will update the “Last updated” date at the top and, for material changes, surface a notice in-app. The current version is always visible at vedpanchang.com/legal/privacy.

Contact

Questions, concerns, or data requests: privacy@vedpanchang.com

Last updated: 17 April 2026

What we collect

Account basics: email, display name, and optionally a profile image from your Google account when you sign in via Google OAuth.

Preferences: your preferred language, home city, panchang school (purnimanta / amanta), ayanamsha, and notification toggles.

Bookmarks and saved cities: only when you explicitly save them.

Push subscriptions: the browser or mobile push token you register when you enable notifications.

Trial history hash: a one-way SHA-256 hash of your normalised email (and optionally a mobile device installation ID) used to prevent a single person from creating many accounts to extend the 30-day free trial. We never store your plaintext email in this table.

Payment metadata: when you upgrade to Premium, we store only the external subscription ID from Razorpay / Stripe / Apple / Google. Card numbers, UPI IDs, bank details, and expiry dates never touch our servers.

Server logs: standard web-server access logs (URL, timestamp, HTTP status, user agent) retained for 30 days to investigate errors and abuse. No IP-based profiling.

How we use the data

To run the product: show panchang for your city, deliver the notifications you opted in to, sync your bookmarks across devices.

To verify entitlements: check whether a signed-in user is on a premium trial or an active subscription, and which device a subscription is bound to so premium features activate on the right phone / browser / tablet.

To prevent abuse: enforce one free trial per email / device, and reasonable rate limits on API endpoints.

To improve reliability: aggregate crash logs and performance metrics, with no user identity attached.

Third parties

The only third parties that receive any of your data are the ones we directly rely on to deliver the service:

Railway (hosting and database) — stores the data above inside the Panchang Platform account.

Razorpay, Stripe, Apple, Google Play — when you upgrade to paid. They store your payment credentials directly; we only receive the subscription status back.

Expo, Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM), Web Push providers (Mozilla / Google / Microsoft) — to deliver notifications to your devices.

Resend — to send the small number of transactional emails we support (magic-link sign-in, optional trial reminders).

Plausible (when enabled) — aggregate cookieless page-view counts. No personal identifiers leave your device.

Google Analytics 4 (when enabled) — aggregate page-view, device, and referrer metrics via gtag.js. GA drops the _ga and _ga_* cookies and may process the data on US servers. We use GA for product analytics only; we do not enable Google Signals, Google Ads linkage, or demographic / interest reports.

We do not share your data with advertisers or data brokers.

Cookies and analytics

Your rights

India DPDP Act & GDPR