1. Introduction
AlignVastu (“we,” “us,” or “our”) operates the AlignVastu website and platform (collectively, the “Service”). AlignVastu provides digital Vastu Shastra consultation services to users primarily located in the United States.
This Privacy Policy describes the types of personal information we collect when you use our Service, how we use and protect that information, and your rights regarding your data. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with the practices described in this Privacy Policy, please do not use our Service.
2. Information We Collect
2.1 Information You Provide Directly
When you create an account, submit a consultation request, or otherwise interact with our Service, we may collect the following categories of personal information:
- Account Information: Your full name, email address, phone number, and account credentials (password stored in hashed form).
- Property Information: Your property address and any floor plan images or property-related documents you upload for consultation purposes.
- Payment Information: Payment details necessary to process transactions through our third-party payment processor, Stripe. We do not store your full credit card number, CVV, or other sensitive payment credentials on our servers.
- Communication Data: Any messages, feedback, or correspondence you send to us through the Service or via email.
2.2 Information Collected Automatically
When you access our Service, we may automatically collect certain technical information, including:
- Device and Browser Data: IP address, browser type and version, operating system, device type, and screen resolution.
- Usage Data: Pages visited, time spent on pages, referring URLs, and general navigation patterns.
- Authentication Tokens: Session-related data managed through JSON Web Tokens (JWT) for secure authentication purposes.
2.3 Information from Third Parties
We may receive limited information from our payment processor (Stripe) related to transaction status, such as confirmation of successful payments or failed transactions. We do not purchase or otherwise obtain personal information from data brokers or other third-party sources.
3. How We Use Your Information
We use the personal information we collect for the following purposes:
- Providing and Improving the Service: To create and manage your account, deliver Vastu Shastra consultation reports, process your payments, and improve our platform.
- Communication: To respond to your inquiries, send consultation updates, and deliver important service-related notifications.
- Security and Fraud Prevention: To protect our Service, users, and systems against unauthorized access, fraud, and other malicious activity.
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
- Internal Analytics and Operations: To understand how users interact with our Service so that we can improve functionality, performance, and user experience.
We do not sell your personal information to third parties. We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:
- Payment Processing: We share necessary transaction data with Stripe to process your payments. Stripe's handling of your data is governed by their own privacy policy.
- Service Providers: We may engage trusted third-party service providers who assist us in operating our Service (such as cloud hosting providers). These providers are contractually obligated to use your data only for the purposes we specify and in accordance with this Privacy Policy.
- Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests.
- Protection of Rights: We may disclose information when we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, suspected fraud, threats to safety, or as evidence in litigation.
- Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to provide and secure our Service:
- Essential Authentication Cookies: We use session cookies managed by NextAuth.js to authenticate your identity and maintain your logged-in session. These cookies contain encrypted JSON Web Tokens (JWT) and are strictly necessary for the Service to function.
- No Third-Party Analytics or Tracking: As of the effective date of this policy, we do not use any third-party analytics, advertising, or tracking cookies (such as Google Analytics, Facebook Pixel, or similar services).
You can control cookie settings through your browser preferences. However, disabling essential cookies may prevent you from using certain features of the Service, including the ability to log in.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our Service. Specifically:
- Account Data: Retained for the duration of your active account. Upon account deletion, your personal information will be removed from our active systems within 30 days.
- Consultation Reports and Property Data: Retained for the duration of your active account. You may request deletion of specific consultation data at any time.
- Payment Records: Transaction records may be retained for up to seven (7) years as required by applicable tax and financial regulations.
- Server Logs: Automatically collected technical data is retained for up to 90 days for security and debugging purposes before being purged.
7. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to Access: You may request a copy of the personal information we hold about you.
- Right to Correction: You may request that we correct inaccurate or incomplete personal information.
- Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions (such as data required for legal compliance or completing a transaction).
- Right to Data Portability: Where technically feasible, you may request your data in a structured, commonly used, and machine-readable format.
- Right to Opt Out of Sale: We do not sell your personal information. If this practice ever changes, we will provide a clear opt-out mechanism.
To exercise any of these rights, please contact us at support@alignvastu.com. We will respond to your request within 45 days, as required by applicable law.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
- Right to Opt Out of Sale or Sharing: We do not sell or share (as defined under the CCPA/CPRA) your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level or quality of service because you exercised your rights.
- Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (such as your property address) for the purposes of providing the Service and do not use it for purposes beyond what is necessary.
Categories of Personal Information Collected
Under the CCPA/CPRA, the categories of personal information we have collected in the preceding twelve (12) months include:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, phone, IP address | Yes |
| Customer Records (Cal. Civ. Code 1798.80(e)) | Name, address, phone number | Yes |
| Commercial Information | Transaction history, services purchased | Yes |
| Internet or Network Activity | Browsing history on our Service, device info | Yes |
| Geolocation Data | Property address (provided by user) | Yes |
| Sensory Data | Floor plan images uploaded by user | Yes |
| Biometric Information | N/A | No |
| Protected Classifications | N/A | No |
| Professional or Employment Info | N/A | No |
| Education Information | N/A | No |
To submit a verifiable consumer request under the CCPA/CPRA, please contact us at support@alignvastu.com. You may also designate an authorized agent to make a request on your behalf. We may require verification of your identity before fulfilling any request.
9. Children's Privacy (COPPA)
Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. In compliance with the Children's Online Privacy Protection Act (COPPA), if we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete that information from our systems.
If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us at support@alignvastu.com so we can take appropriate action.
10. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL protocols.
- Hashed and salted password storage.
- Secure, encrypted JWT-based authentication sessions.
- Access controls limiting employee access to personal data on a need-to-know basis.
- Regular review of our data collection, storage, and processing practices.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.
11. Third-Party Links
Our Service may contain links to third-party websites or services that are not operated by us (such as Stripe for payment processing). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with through our platform.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy.
- Provide notice through the Service (such as a banner notification) or via email to your registered email address if the changes are significant.
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
AlignVastu
Email: support@alignvastu.com
Response Time: We aim to respond to all privacy-related inquiries within 45 days.
For CCPA/CPRA requests, please include “Privacy Rights Request” in your email subject line to help us process your request promptly.