Privacy Policy

This Privacy Policy explains what personal data Ujyara collects from you, why we collect it, how long we keep it, who else may process it, and the rights you have under Indian law. We use plain English so you can read this in one sitting. If you have questions, write to us at grievance@ujyara.com.

1. Who we are and what this policy covers

In short: Ujyara is run by Gurpraj Systems, currently operating as a sole proprietorship, based in Punjab. This Privacy Policy applies to everything we do under the Ujyara brand — on the messaging interface today, on our website and web application as those launch, and on any future channel.

1.1 The business behind Ujyara

"Ujyara" is the name of our service. The legal entity that runs Ujyara is Gurpraj Systems, currently operating as a sole proprietorship owned and operated by Rajinder Singh. As Ujyara grows, the legal form of Gurpraj Systems may evolve (for example, by adding partners or converting to a company) — any such change will be notified to you under Section 13.

In data-protection terms, Gurpraj Systems is the "Data Fiduciary" — the organisation that decides why your personal data is collected and how it is used.

1.2 Our address and registration

Our registered office is at:

Khasra No 84//51/2 (5-1), Ward No-9, Near Radha Krishan Mandir, Kirpal Colony, Kurali, District SAS Nagar (Mohali), Punjab — 140103, India

We are registered with the Government of India as follows: - GSTIN: 03CESPS8908D1Z4 - Udyam Registration Number: UDYAM-PB-20-0123284

1.3 What this policy covers

This Privacy Policy covers all Ujyara services, regardless of which channel you use to interact with us. That includes our messaging-platform interface (currently delivered through WhatsApp and Telegram at launch), our website and web application at ujyara.com when launched, our progressive web app (PWA), and any future channels.

Your account, your reports, and your subscription state are stored centrally on Ujyara's own servers — not on any individual messaging platform. Deleting your WhatsApp account, or moving away from the messaging platform, does not by itself delete your Ujyara data. To delete your Ujyara data, please contact us directly (see Section 9).

This policy does not cover the privacy practices of third parties — for example, the messaging platform itself, or your bank — even when you reach Ujyara through them. Those parties have their own privacy policies, which we encourage you to read.

2. About Ujyara — relevant facts for privacy

In short: Ujyara is an AI-powered Vedic astrology and numerology service for Indian users only. There are no human astrologers behind any reading. Knowing this helps you understand what data we do — and do not — collect.

2.1 What Ujyara is

Ujyara is an AI-powered Vedic astrology and numerology service. We offer personalised astrological guidance — including birth chart (kundali) generation and interpretation, horoscope updates, Match Making compatibility analysis, numerological insights, traditional remedies, auspicious timing (muhurat) suggestions, and personal guidance — through a messaging interface and a web application.

Every reading you receive is generated by advanced artificial intelligence drawing on classical Vedic texts. No human astrologer reviews any reading. This shapes what data we need from you — we do not, for example, ever pass your information to any astrologer.

2.2 India-only service

Ujyara is offered only to users with valid Indian mobile numbers (those starting with the country code +91) and Indian-issued payment methods. Payments are accepted in Indian Rupees (INR) only. Ujyara is designed for use from within India. If you happen to use Ujyara from outside India while holding an Indian mobile number, you do so subject to the NRI clause in our Terms of Service Section 3.6.

If you happen to use Ujyara from outside India while holding an Indian mobile number, you do so at your own discretion and acknowledge that the service is governed by Indian law alone.

3. What personal data we collect

In short: We collect the minimum information needed to give you good astrological and numerological guidance and to issue a tax invoice when you pay us. We never ask for Aadhaar, PAN, residential address, or photos. We do not see your card or bank details.

3.1 Data we collect from you (the primary account holder)

When you create and use a Ujyara account, we may collect:

• Phone number. Your Indian mobile number (+91 only). This is your permanent account identifier.
• Full legal name. Required at signup. Stored in our locked-down identity database for invoice generation, dispute resolution, and tax compliance. Your full legal name is also required as the input for numerological calculations (such as your Namank), since numerology is computed from the letters of your name. For chart-based features (kundali, horoscope, Match Making, muhurat, remedies), you may choose how you are addressed in the app — see Section 5.2 of the Terms of Service.
• Display short name. Optional. A display short name made up of 1 to 15 alphabetic characters you can choose if you prefer not to be addressed by your full legal name in greetings and chart-based reports.
• Email address. Captured at the time of your first payment, with one-time-password verification. Used for tax invoices, PDF reports (when that feature ships), data exports, refund correspondence, and account-recovery messages.
• Birth details. Your date of birth, time of birth, and place of birth — voluntary, but required for chart-based readings. Numerology readings require date of birth (time and place of birth are not used).
• Gender and marital status. Voluntary. Used to phrase reports appropriately and (for compatibility readings) to apply the right interpretive framework.
• Computed astrological and numerological data. Charts, planetary positions, dasha periods, Mulank, Bhagyank, Namank, and similar derived data, computed from your inputs by our calculation engine.
• Subscription and payment records. Plan tier, transaction identifiers, and amounts. We never see your card number, CVV, expiry, UPI VPA, or bank account number — these are handled entirely by our authorised payment gateway.
• Usage information. Counters such as how many free items you have used, language preference, notification preferences, and session state.
• Generated reports. The full text of reports you have generated is retained so that you can re-read them through "My Reports".
• Birth Time Rectification (BTR) conversation. If you use our BTR feature, the back-and-forth conversation in which you describe past life events is retained for seven days after the report is generated, and is then automatically deleted. After that, only the final report text, the rectified time, and a small internal score (a number we use to track how confident the calculation engine is in the rectified time, for our own quality monitoring) are kept. The internal score is never sold, shared, or shown to any third party.

3.2 Data we collect from you about other people

Ujyara lets you generate readings for family members, partners (for Match Making), and others. The data we accept depends on the feature, because different features need different inputs:

• For chart-based features (kundali for a family member, muhurat for someone else, remedies for someone else): we accept either a first name or a short reference of up to five alphabetic characters, plus the date, time and place of birth needed for the calculation. The birth details are auto-deleted within 24 hours of the report being generated; the name or short reference and the resulting report text are retained.

• For Match Making compatibility (Menu 3): this feature analyses both individuals against each other under traditional Ashtakoota Guna Milan, which requires both names. We accept the first name (or full name, if you provide it) of both individuals along with their birth details. The birth details of both individuals are auto-deleted within 24 hours of the report being generated; the name and resulting report text are retained.

• For Numerology features (Menu 5): numerology is computed from the letters of a person's name, so this feature genuinely requires the name. Where you generate a numerology reading for someone other than yourself, we accept the name and the date of birth you provide. After the report is generated, both name and date of birth for that other person are retained alongside the report (so you can re-view it under "My Reports") but are not used for any other purpose. If you want this data deleted earlier, you can ask under Section 9.

In all cases, you agree that you will not enter another person's contact details (phone number or email) into Ujyara, and that where required by law you have informed those people that their birth details are being processed by an AI service.

3.3 What we do NOT collect

We deliberately keep our data appetite narrow. We do not collect:

• Aadhaar number, PAN, or any government-issued identity document
• Your residential address (only the place of birth, for chart generation, as set out in Section 3.1)
• Photographs, videos, or stored voice recordings. Voice messages note: Ujyara does not currently accept voice messages. If you send a voice message, the bot will reply asking you to type your question instead. The voice file itself is not stored or processed by us; the messaging platform handles it under its own privacy policy.
• Your contact list, address book, or any other contacts of yours
• Your browsing history or activity outside Ujyara
• Card numbers, CVV, expiry dates, UPI VPAs, or bank account numbers (these are handled directly by our authorised payment gateway)
• Health data, biometric data, or any other category of "sensitive personal data" beyond what is described in Section 3.1

If a feature in future requires data we do not currently collect, we will update this Privacy Policy and ask for your renewed consent before that feature is enabled for you (see Section 13).

4. Why we collect this data

In short: Five purposes, in plain language. Service delivery. Identity for invoices and disputes. Anti-abuse. Communications, with marketing kept separate. Tax and legal compliance.

4.1 To provide the service you have asked for

The most obvious purpose: to compute your chart, run Match Making logic, generate numerology readings, deliver remedies, suggest auspicious timings, answer pre-drafted personal-guidance questions, and send you the daily horoscope or alerts that come with your plan.

4.2 To verify your identity and issue tax invoices

We capture your full legal name and email so that we can:

• Issue a GST-compliant tax invoice for every paid transaction, as required by Indian tax law
• Resolve a dispute, refund, or chargeback if one arises
• Respond to a verified data-subject request (such as a request to delete or export your data)

Your full legal name and email never leave our locked-down identity database except for these specific purposes.

4.3 To prevent abuse of free offerings

To stop the same person from repeatedly creating and deleting accounts to claim free first-ever items, we retain a minimal anti-abuse record described in Section 6.4.

4.4 To send you communications related to the service

Communications relating to your subscription or to the service you are using fall into three groups:

(a) Service-related communications tied to a paid feature — for example, a daily horoscope delivered as part of a Daily Horoscope subscription, transit alerts, festival alerts, or dasha-change alerts that you have specifically subscribed to. These run until your subscription ends or you cancel using the cancellation flow described in the Refund Policy. STOP does not end a paid subscription on its own — you cancel a subscription using the cancellation flow.

(b) Service-related communications you can switch off any time — for example, the free weekly horoscope or one-off informational nudges. You can stop these by replying STOP to that message; the rest of your service is unaffected.

(c) Promotional or marketing messages — about new features, special offers, or discount campaigns. We will ask you separately for opt-in consent before the first such message is sent. You may say no, and the rest of your service is unaffected. STOP always works on these, instantly.

4.5 To meet our legal and tax obligations

We are required by Indian law to retain certain records — primarily payment and GST records — for defined periods. We also retain consent records as evidence of your agreement to these terms. Section 6 explains how long.

5. How we obtain and record your consent

In short: We ask for your consent in plain language. Your consent is the legal basis for processing your personal data. You can withdraw it at any time.

5.1 The legal basis

Our processing of your personal data is based on your free, specific, informed, and unambiguous consent. We do not rely on "implied" consent or pre-ticked boxes. Where the Digital Personal Data Protection Act, 2023 (DPDPA) provisions on consent are in force, we operate within them; where they are not yet in force, we apply the same standard voluntarily under the Information Technology Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011 (see Section 16).

5.2 The AGREE flow

When you first interact with Ujyara, we show you a short welcome message that includes links to all five documents that govern your use of the service:

• the Terms of Service,
• this Privacy Policy,
• the Refund Policy,
• the Astrology Disclaimer, and
• the Data Deletion Policy.

Below those links, we present a four-point declaration which you accept by replying "AGREE":

1. I am 18 years or older.
2. I have read and accept the Terms of Service and the Refund Policy (which is incorporated by reference into the Terms of Service).
3. I understand that Ujyara provides traditional astrological guidance and is not a substitute for professional medical, legal, financial, or psychological advice, as set out in the Astrology Disclaimer.
4. I consent to the processing of my personal data as described in this Privacy Policy, and acknowledge the Data Deletion Policy describing how I can request deletion of my data.

On the messaging interface, your reply "AGREE" is your binding acceptance of all four points. On the web application and PWA, the same four-point declaration appears as four separate checkboxes and a button, and you must tick each one before continuing. Without this confirmation, we do not begin processing your personal data, and you cannot use the paid features of Ujyara.

5.3 Service vs marketing — kept separate

Service-related communications (covered in Section 4.4) flow from your acceptance of the Terms of Service and your subscription tier. They do not require a separate consent step.

Promotional and marketing messages always require a separate, explicit opt-in. We will ask once, in plain words, before sending the first such message.

5.4 How to withdraw your consent

You may withdraw your consent to processing at any time by writing to grievance@ujyara.com. Withdrawal takes effect going forward and does not affect the lawfulness of processing carried out before withdrawal, nor does it entitle you to a refund of fees paid for service already performed (see the Refund Policy). After you withdraw consent, we will stop sending you service messages, and your data will follow the deletion timeline in Section 6.

5.5 How we record evidence of your consent

We keep a tamper-resistant record of your AGREE confirmation in our locked-down identity database, including the timestamp, your phone number, and the version of these documents you accepted. This record is required so that we can demonstrate, if asked, that we obtained valid consent.

6. How long we keep your data

In short: Different categories of data have different retention periods. Birth details about other people get deleted within a day. Inactive accounts auto-delete after about two years. Payment records are kept for six years to meet GST law.

6.1 Retention table

[†] For users who have not registered an email address, the 30-day grace-period notification is sent to the registered Indian mobile number via WhatsApp, and to the user via Telegram if the user is connected to Ujyara on Telegram. If neither channel is reachable, deletion proceeds at the end of the 30-day grace period.

6.2 BTR transcripts — explicit disclosure

Birth Time Rectification involves you sharing past life events (such as marriage, education milestones, health events) so that the system can fine-tune your birth time. We retain that conversation until the end of day 7 after your report is generated, and then automatically delete it. This is one day after the BTR refund window in the Refund Policy closes (which ends at the end of day 6) — a deliberate one-day buffer so that any timely refund request can be reviewed against the conversation before deletion. After deletion, only the final report text, the rectified time, and a small internal confidence score remain.

6.3 Inactive accounts

If you have not interacted with Ujyara for 24 months, we will send you a reminder on the contact channels we have for you. If you do not return within the 30 days that follow, your personal data will be auto-deleted from our active databases (subject to the legal-retention exceptions noted in this section).

6.4 The anti-abuse counter

To prevent abuse of free first-ever offerings (such as your first kundali or your first numerology reading), we retain a minimal anti-abuse record after account deletion. This record consists of a one-way cryptographic hash of your phone number, salted with a separate secret salt that is stored independently of the hash, paired with a counter showing how many free first-ever offerings have been used.

We treat this record as personal data with a minimised footprint. The original phone number cannot be recovered from the salted hash, and the hashed record is not linked, and cannot be linked, to any other data we hold about you. The only way the hashed record reconnects to a person is if that exact phone number is used to attempt a fresh signup — at which point we recompute the hash on the incoming phone number and compare. We retain this minimal record for the limited and disclosed purpose of preventing abuse of free first-ever offerings, for a maximum period of 3 years from your original first signup, after which it is auto-deleted. Erasure of this record on user request will defeat the anti-abuse purpose; we may decline such requests, communicating the reason to you, where the request would frustrate this purpose during the 3-year retention window.

If you create a new account using the same phone number within 3 years, free first-ever offerings will not refresh. We may also use other operational signals, at our discretion, to detect and refuse refreshed free offerings to repeat users; the specific signals are not disclosed.

6.5 Payment records and consent records

These are retained for 6 years because Indian tax law and audit-defence practice require it. After the retention period, they are erased.

6.6 Re-joining after deletion

If you delete your account and later create a new account with the same phone number, you are treated as a new user for personal-data purposes — your earlier reports do not return. The anti-abuse counter described in Section 6.4 does, however, continue.

7. Where your data lives and how it is protected

In short: Your data lives on servers located in India. We use a two-database design so that even a serious unauthorised-access incident affecting one database does not by itself expose the data held in the other. Encryption, access controls, and audit logs back this up.

7.1 Hosted in India

Ujyara's databases are hosted on servers located in Bangalore, India, operated by our cloud-hosting provider. This is a deliberate choice — Indian hosting reduces cross-border-transfer risk and aligns with the spirit of DPDPA.

7.2 Two-database architecture

Our architecture separates identity-and-billing data from service data, with strict access controls between them. In practice, this is implemented as two separate databases on separate servers:

• The service database — stores your phone number, display short name, birth details, computed chart, dasha periods, gender and marital status, subscription state, usage counters, report text, language preferences, notification preferences, numerology inputs (name and date of birth of other people for whom you have generated numerology readings), and the brief nicknames or short references you provide for other people in chart-based features.
• The identity-and-billing database — stores your phone number, full legal name, email address, payment records, AGREE consent records, BTR conversation transcripts (during their 7-day retention window), the anti-abuse counter row, and any chargeback or dispute history.

These two databases share only your phone number as a common key. This architectural separation is intended to limit the scope of any single security incident: an unauthorised-access event affecting one database would not by itself expose the data held in the other.

7.3 Security safeguards

We use technical and organisational safeguards proportionate to the nature of the processing, the volume of personal data, and the harm that could result from a breach, including the following:

• Encryption of data in transit (TLS 1.3 minimum) and encryption of data at rest
• Access controls so that only those who need to see data can see it, with logged accesses
• Regular automated backups, encrypted, with a 30-day rolling retention
• Periodic security review of the application and the underlying servers
• A documented breach-response plan (described in Section 11)

No system is perfectly secure. If a breach occurs that affects you, we will provide notification as set out in Section 11.

7.4 Card and bank details — never stored by us

When you pay us, you enter your card, UPI, net-banking, or bank-account details directly into our authorised payment gateway's secure interface. Those details never touch our servers. We see only the resulting transaction identifier and the amount.

8. Other organisations who help us deliver Ujyara

In short: We use a small number of carefully chosen vendors to run Ujyara. We send each of them only the minimum information they need. We do not sell your data, we do not run third-party advertising on you, and we have contracted with our AI vendor on terms that prohibit using your data to train models.

8.1 Categories of subprocessor

We rely on the following categories of service provider:

• An AI service provider, which receives the inputs needed for your specific reading and generates the corresponding interpretation. We send the minimum data necessary.
• A payment gateway, which processes your subscription payments and one-time purchases.
• A messaging platform, through which the service is currently delivered.
• A cloud-hosting provider, which runs our servers in India.
• A DNS provider, which routes traffic to our website.
• An email infrastructure provider, which delivers our transactional emails.

The current providers in each category are listed in the footnote subsection at the end of this Privacy Policy.

8.2 Cross-border data transfer

Some processing — most notably the AI-generated interpretation step — takes place on servers located outside India. The data sent for that step is limited to what the AI provider needs to generate your reading; it does not include your email or your payment information. Our use of the AI service provider is governed by its published commercial terms, which do not permit retention of your inputs and outputs beyond a short trust-and-safety review window and do not permit use of your data to train AI models.

Cross-border transfer of personal data is permitted under Section 16 of the DPDPA, 2023 read with the DPDP Rules, except to countries notified by the Central Government as restricted, and except where sectoral law imposes localisation. As of the Effective Date, no destination used by Ujyara is on a notified restricted list. We monitor notifications and will update this Privacy Policy and seek renewed consent before continuing transfers if the position changes.

If a destination country to which we transfer your personal data is notified by the Central Government as restricted after you have given consent, we will suspend further transfers to that destination, notify you within 30 days of the notification taking effect, and seek your specific renewed consent before resuming any transfer to that destination.

8.3 What we send to the AI service provider — and what we do not

8.4 The payment gateway

For payments, you interact directly with our authorised payment gateway. That gateway has its own privacy policy and its own security certifications. When you make a payment, you consent to the gateway processing the data needed to complete the transaction, comply with anti-fraud and KYC rules, and meet legally required disclosures to Indian authorities.

8.5 Hard commitments

We make the following commitments in this Privacy Policy:

• No sale of personal data. We do not sell your personal data to anyone, for any reason.
• No third-party advertising at present. We do not currently run any third-party advertising inside Ujyara services. We will not introduce third-party advertising without 30 days' prior notice and your renewed consent under Section 13.
• AI training and retention safeguards. Our use of the AI service provider is governed by its published commercial terms, which do not permit retention of your inputs and outputs beyond a short trust-and-safety review window and do not permit use of your data to train AI models. We monitor our subprocessors' published terms; if those terms change in a way that would conflict with this commitment, we will notify you under Section 13 before continuing to use that subprocessor.
• Minimum data sharing. We share only what each subprocessor genuinely needs, and only for the purpose for which it is needed.

8.6 Subprocessor changes

We may, from time to time, change the specific provider in any of the categories listed in Section 8.1 — for example, switching from one cloud-hosting provider to another. So long as the new provider belongs to the same category and processes the same kind of data in the same kind of way, we treat this as a non-material change and update the footnote subsection accordingly. Adding a brand-new category of subprocessor (for example, a new kind of analytics provider) is a material change and is notified to you in advance under Section 13.

9. Your rights

In short: You can see what we have, ask us to fix mistakes, ask us to delete things, take your data with you, or escalate to the regulator.

You have the following rights as a Data Principal under DPDPA 2023 (and, until those provisions are fully in force, equivalent rights as a matter of contract under this Privacy Policy):

9.1 Right to access

You can ask us for a summary of the personal data we hold about you and the parties with whom we have shared it. We will respond within 30 days.

9.2 Right to correction

If something we hold about you is wrong, incomplete, or out of date, you can ask us to correct it. Most details (such as your display short name, language preference, or birth details) can be corrected directly inside Ujyara; for the rest, write to grievance@ujyara.com.

9.3 Right to erasure

You can ask us to delete your personal data. We will do so within 30 days, subject to the legal-retention obligations described in Section 6 (most notably the 6-year payment-records mandate under the GST Act). Where data must be retained by law, we will explain why.

Repeated erasure requests followed by re-creation of accounts on the same registered identifiers may be treated as anti-abuse signals and may, at our discretion, prevent re-availment of free first-ever offerings (see Section 6.4).

9.4 Right to withdraw consent

See Section 5.4. Withdrawal works going forward and does not undo prior lawful processing or entitle you to a refund of fees paid for service already performed.

9.5 Right to nominate

You may nominate up to two individuals to exercise your rights under DPDPA in the event of your death or legal incapacity. To register a nomination, write to grievance@ujyara.com from the email address registered with your account, including the nominee's full name, relationship to you, and contact details. We will confirm the nomination in writing to you and (with your consent) to the nominee. You may revoke or amend a nomination at any time by writing to grievance@ujyara.com.

9.6 Voluntary data export

Although the DPDPA does not currently confer a stand-alone portability right, we will, on written request from your registered email, provide you with a machine-readable copy of your profile, your reports, your payment history and your consent records within 30 days.

We provide this voluntary data export at no cost up to twice per calendar year per user. Further requests in the same calendar year may be subject to a reasonable handling fee, which we will tell you about in advance.

9.7 How to exercise these rights

You can reach us through any of the following channels:

• By email to grievance@ujyara.com — please send from the email address linked to your account. For paid users, this is the primary channel.
• In-app on the messaging interface by sending the command /grievance (Telegram) or by replying with the keyword GRIEVANCE (WhatsApp) on your active Ujyara session — the bot will capture your message and forward it to our grievance team along with your registered phone number.
• In-app on the web application or PWA through the "Raise a grievance" link in the account menu, once those channels launch.

For free users where no email is on file, the in-app channel above is the recommended route. We will verify your identity through a one-time code sent to your registered Indian mobile number where the request involves access, correction, or erasure of personal data. Either way, we will acknowledge within 48 hours, give you a substantive response within the timelines set out in Section 14.3, and aim to resolve within 30 days.

9.8 Right to escalate to the Data Protection Board of India

If we do not resolve your grievance to your satisfaction, you have the right to make a complaint to the Data Protection Board of India, established under DPDPA. Under Section 13(3) of the DPDPA, you must first exhaust this Privacy Policy's grievance channel before approaching the Board.

10. Children's data

In short: Ujyara is for adults aged 18 or older. Adults may use their own account to generate readings for family members, including children. Minors must not create accounts directly.

Account ownership requires age 18 or above. Ujyara accounts may only be created and operated by adults aged 18 years or older. Adults may use their own account to generate astrological content (such as kundalis) for any family member, including minor children — this is a normal use case for parents. However, accounts must not be created by, or on behalf of, minors directly accessing the service.

We rely in good faith on your declaration that you are 18 or older. If we have reason to believe the registered account holder (as opposed to a family member whose details have been entered for chart purposes) is in fact under 18 — for example, from inputs in personal-guidance queries — we may suspend the account pending verification by such means as are permitted under applicable law.

If a minor accesses Ujyara independently: If we learn that a person under 18 has independently created an account or made payments without their guardian's knowledge, we will: (a) suspend the account, (b) delete the minor's personal data, and (c) refund any payment to the original payment instrument. Such requests must be made by the guardian within 30 days of discovering the issue, with reasonable proof of guardianship.

Misuse of this provision: Refund or deletion claims under this clause will not be entertained where the registered account holder is in fact an adult and is the same person who used the account, regardless of how the request is framed.

No profiling or behavioural advertising. We do not perform behavioural tracking or behavioural advertising on any user of Ujyara, and in particular not on minors whose details may be entered for chart generation by their parent or guardian.

11. If a data breach occurs

In short: We will provide prompt notification to you and to the regulator, in line with the timelines set out in Indian data-protection rules.

If we discover a personal-data breach affecting your data, we will:

• Intimate each affected user without delay using the contact details registered with the account, with a description of the breach, its likely consequences, the steps we have taken to contain it, and specific measures you should take to protect your interests. For accounts where only a phone number is on file, this notification will be by WhatsApp message and/or Telegram message (depending on which channels you are connected on), and where significant, by a public notice on ujyara.com remaining visible for at least 30 days. Where the contact details on your account are out of date and we have made reasonable efforts to reach you on every channel registered with the account, our notification obligation is treated as fulfilled on the date of the last attempt.
• Provide preliminary intimation to the Data Protection Board of India without delay. We will follow up with the detailed information prescribed under the DPDP Rules — including the nature, extent, timing, and location of the breach, its likely consequences, mitigation measures taken, and contact information for further enquiries — within 72 hours of becoming aware (or such longer period as the Board may permit), in the form and manner required under the DPDP Rules.
• Investigate the cause, fix what needs fixing, and retain incident logs for audit.

We maintain a documented breach-response runbook so that this commitment is realistic and not a paper commitment.

12. Cookies, browser storage, and the web/PWA

In short: There are no cookies on the messaging interface. When the web app launches, we will use only essential cookies and (optionally) basic analytical cookies. No marketing or tracking cookies without your separate consent.

12.1 The messaging interface

When you use Ujyara through the messaging platform, no cookies or web storage are created by Ujyara — message delivery is handled by the messaging platform, which may store data on your device under its own privacy policy.

12.2 The web application and PWA

When the web application and PWA launch on ujyara.com, we will use:

• Essential cookies for authentication and session management — required for the service to function.
• Analytical cookies (optional) for basic service-improvement metrics. You will be able to opt out without losing access to the service.
• No marketing or tracking cookies without a separate, specific consent step.

A detailed Cookie Policy will be published at the time the web app launches. Until then, this section is the active disclosure.

12.3 Browser local storage

The web/PWA may store small amounts of non-personal data (preferences, language, session token) in your browser. Clearing your browser data will sign you out and clear local preferences.

12.4 Web push notifications

If you grant browser-notification permission, we may send you web push notifications related to your subscription (horoscope updates, transit alerts, dasha-change alerts). You can revoke this permission at any time in your browser settings.

12.5 Cross-channel continuity

Your Ujyara account, reports, and subscription state are accessible across all Ujyara channels — messaging, web, PWA, and any future channel — using your registered Indian phone number as the common identifier. Logging out of one device does not affect your sessions on others.

13. Changes to this Privacy Policy

In short: Material changes are notified at least 30 days before they take effect, and require you to AGREE again. Minor changes are notified to you on the channels we have for you.

13.1 Material changes

A "material change" is a change in how your personal data is processed. Examples include: adding a new category of data we collect, expanding the period for which we keep data, introducing a brand-new category of subprocessor, changing the country in which data is processed, introducing a new payment model, changing the legal basis for processing, or changing governing law or jurisdiction.

For material changes, we will notify you at least 30 days in advance, on the contact channels we have for you. Continued use of Ujyara after the new policy takes effect requires you to AGREE again. If you do not AGREE, you may stop using Ujyara and exercise your rights under Section 9.

A change in the named Grievance Officer is treated as a contact-detail update rather than a material change. We will notify you of any change in the named Grievance Officer within 7 days of the change, on the channels we have for you.

13.2 Minor changes

For minor changes — typos, clarifications, formatting, or updates that do not affect how your data is processed — we will notify you by a one-line announcement message on your registered messaging channel (and, where you have an email on file, by email). Continued use is taken as acceptance.

13.3 Subprocessor swaps within an existing category

A change of provider within an existing category (for example, switching cloud-hosting providers) is not a material change. The footnote subsection at the end of this Privacy Policy will be updated accordingly.

13.4 Effective Date

The "Effective Date" at the top of this Privacy Policy shows when the current version came into effect.

14. Grievance officer and how to reach us

In short: Rajinder Singh personally is the Grievance Officer. The email is grievance@ujyara.com. We follow two parallel timelines — one under the IT Rules, 2021 and one under DPDPA 2023.

14.1 Designated officer

The Grievance Officer is the person from time to time holding the office of Grievance Officer at Gurpraj Systems. The current incumbent is Rajinder Singh, founder of Gurpraj Systems and the proprietor of Ujyara, who is resident in India.

14.2 Contact

Email: grievance@ujyara.com

14.3 Service-level commitments

Different timelines apply to different kinds of grievance. We follow whichever is shortest in the circumstances of your grievance:

(i) For grievances under the Information Technology Act, 2000 and IT Rules, 2021 (such as complaints about unlawful content, harassment, or intermediary obligations):

(ii) For grievances under the Digital Personal Data Protection Act, 2023 (data-processing matters such as access, correction, erasure, withdrawal, nomination, portability):

We maintain a grievance register recording the date received, the nature of the grievance, the actions taken, and the date of resolution. This register is available to a regulator on request.

14.4 No separate Data Protection Officer at our scale

Under Section 10 of the DPDPA, the obligation to appoint a Data Protection Officer applies only to entities notified as Significant Data Fiduciaries. Gurpraj Systems has not been so notified. The Grievance Officer named in Section 14.1 is the contact point for all queries on personal-data processing. If Gurpraj Systems is in future notified as a Significant Data Fiduciary, we will appoint a Data Protection Officer and update this Privacy Policy.

14.5 Right to escalate

If we do not resolve your grievance, you may escalate to the Data Protection Board of India under Section 13(3) of the DPDPA.

15. Other contact details

For general queries, suggestions, partnership enquiries, or anything that is not a formal grievance, please write to:

support@ujyara.com

We typically read this inbox a few times each week. For anything time-sensitive, urgent, or formally raised under this Privacy Policy, please use grievance@ujyara.com instead — that inbox is monitored daily.

Postal address (registered office): Gurpraj Systems prop Rajinder Singh Khasra No 84//51/2 (5-1), Ward No-9, Near Radha Krishan Mandir, Kirpal Colony, Kurali, District SAS Nagar (Mohali), Punjab — 140103, India GSTIN: 03CESPS8908D1Z4

16. Languages and applicable law

16.1 Language

This Privacy Policy is published in English at launch. Hindi and Punjabi versions will follow within 60 days of launch. If there is any conflict between language versions, the English version prevails.

16.2 Governing law

This Privacy Policy is governed by the laws of the Republic of India. Specifically, our processing of your personal data is regulated by:

• The Digital Personal Data Protection Act, 2023 (Act 22 of 2023). Notified in phased form from 13 November 2025; the substantive operational provisions are expected to come into effect during 2026–2027 as further notified by the Central Government. Until those operational provisions are in force, the framework below continues to apply, and we voluntarily apply DPDPA-grade protections in this Privacy Policy.
• The Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as amended.
• The Consumer Protection Act, 2019, and the Consumer Protection (E-Commerce) Rules, 2020.
• The Goods and Services Tax Act, 2017 (for retention of payment records).

16.3 Jurisdiction

Subject to the consumer's statutory right under Section 11(2) of the Consumer Protection Act, 2019 to approach a Consumer Disputes Redressal Commission having jurisdiction at the consumer's place of residence or work, the parties otherwise submit to the non-exclusive jurisdiction of the competent civil courts at SAS Nagar (Mohali), Punjab, India.

Footnote — Current Subprocessors (as of 11 May 2026)

This footnote names the current providers in each category referenced in Section 8.1. We may update this footnote as a non-material change without separate notification.

Ujyara is a product of Gurpraj Systems (GSTIN 03CESPS8908D1Z4 / Udyam UDYAM-PB-20-0123284). For any queries, write to grievance@ujyara.com (urgent) or support@ujyara.com (general).