Privacy Policy

Naksha is operated by NOVA-LUMEN LABS LLP (trading as Lumen Labs), a Limited Liability Partnership incorporated in India. We are the data controller (GDPR) and data fiduciary (India DPDP Act 2023) for personal data processed through Naksha.

• App identifier: works.lumenlabs.naksha
• LLPIN: ACW-8836
• Registered office: Plot No 10/A, Rail Nagar, Belgaum, Karnataka 590001, India
• General contact: [email protected]
• Grievance Officer (India DPDP Act 2023): the Grievance Officer, NOVA-LUMEN LABS LLP — [email protected]

This policy applies to the Naksha mobile application and the information it handles. It works alongside our studio-wide Privacy Policy (which also covers this website); where this app-specific policy and the studio policy differ, this one governs Naksha. Links to third-party services are governed by their own policies.

Naksha works with the following information, most of which you create by using it:

• Phone number (for sign-in)
• Birth details (date, time, place)
• Generated charts & compatibility scores
• Panditji chat history

What we do not collect:we do not collect your contacts, your precise advertising identifier for ad targeting, or any data we don't need to run a feature you use. We do not build advertising profiles, and we do not track you across other apps or websites.

We use the information above only to:

• provide the app's features to you;
• process and validate your purchases;
• understand, anonymously and with your consent, how the app is used so we can improve it;
• comply with our legal obligations and protect our rights.

Legal bases (GDPR / UK GDPR): we rely on the performance of a contract with you to provide the app and process purchases; on your consent for optional analytics, crash reporting, and (where applicable) notifications, which you can withdraw at any time; and on our legitimate interests in securing and improving the app, balanced against your rights. Under the India DPDP Act 2023 we process personal data on the basis of your consent or for legitimate uses permitted by the Act.

Your birth profiles and chart data are stored on your device; core astrological calculations run on-device from a bundled ephemeris.

Unlike most of our apps, Naksha runs a secure backend (Supabase). Your phone number is used for sign-in, and certain features — the Panditji chat and daily transit notifications — send the relevant birth/chart details to our server to generate a response. We do not sell this data or use it for advertising.

We use PostHog for opt-in, anonymous product analytics — events such as which screens are opened and which buttons are tapped, tied to a random, app-specific identifier. We never attach your name or email, and your actual content (entries, balances, documents, charts, prayers — whatever the app holds) is never sent. You can turn analytics off at any time in Settings.

We request the following permissions, each only for the feature that needs it and only when you use it:

• Microphone (optional, to ask Panditji by voice)
• Notifications (optional, daily transits)

You can revoke any of these at any time in your device settings.

Payments are handled by RevenueCat (Apple App Store & Google Play billing). We never see or store your full payment-card details — the relevant app store processes payment and shares with us only what is needed to validate your purchase or subscription status. Those providers handle your payment data under their own privacy policies.

We do not sell your data and we do not share it for advertising. The only third parties involved are the service providers (processors) that make the app work, each acting under contract and for the limited purpose shown:

• Supabase — Phone-OTP sign-in and backend for chat & notifications
• RevenueCat — Validates your purchase / subscription receipt
• PostHog — Anonymous product analytics (opt-in)
• Apple — App Store billing & (where used) HealthKit / iCloud
• Google — Google Play billing

Some of our service providers may process limited data on servers outside your country, including outside the EEA, the UK, or India. Where that happens we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an equivalent mechanism, and the providers' own compliance programmes — to protect your data to the standard required by applicable law.

Data stored on your device is retained until you delete it in the app or remove the app. Where we process data on our backend, we keep it only for as long as needed to provide the relevant feature, and we delete or anonymise it within a reasonable period after you delete your account or it is no longer needed. Anonymous analytics and crash data are retained in aggregate for a limited period and cannot be tied back to you.

We use reasonable, industry-standard technical and organisational measures to protect information — including on-device storage by default, encryption in transit for any network calls, and access controls on any backend systems. No method of electronic storage or transmission is 100% secure, however, and we cannot guarantee absolute security. If a personal-data breach occurs that is likely to affect your rights, we will notify the relevant supervisory authority and affected users as required by applicable law.

You can delete your Nakshaaccount and all associated data at any time from within the app's settings, or by emailing [email protected]; we will delete it and instruct our processors to do the same, except where we must retain limited records by law. In addition, depending on where you live, you have the following rights, which we honour for all users:

• Access a copy of the personal data we hold about you;
• Rectify inaccurate data;
• Erase your data (“right to be forgotten”);
• Port your data to another service;
• Object to or restrict certain processing, and withdraw consent for optional processing such as analytics;
• Nominate a person to exercise your rights in the event of death or incapacity (India DPDP Act);
• Not be discriminated against for exercising your rights (CCPA/CPRA), and to know that we have not sold or “shared” your personal information in the preceding 12 months.

To exercise any right, email [email protected]. We will respond within the timeframes required by law. You also have the right to complain to your data-protection authority — for example the Data Protection Board of India, your EU/EEA supervisory authority, or the UK ICO.

Naksha is intended for adults and is not directed to children. We do not knowingly collect personal data from children under the age of 13 (or under 16 in the EEA, or as otherwise defined by local law). If you believe a child has provided us personal data, contact us and we will delete it.

Nakshadoes not make decisions about you that produce legal or similarly significant effects through solely automated means. The app does not use advertising cookies or cross-app tracking. Our website may use strictly necessary cookies and respects browser “Do Not Track” and Global Privacy Control signals where applicable.

If we change this policy we will update the date above and, for material changes, surface a notice in the app. Questions, requests, or grievances? Write to our Grievance Officer at [email protected]. See also the Naksha Terms of Service.