Privacy Policy

1. Introduction

YogVritti ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website at yogvritti.com and associated services (the "Platform").

This policy complies with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and its rules, the General Data Protection Regulation (GDPR) for EU/EEA users, and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and phone number (optional) when you register.
• Authentication Data: Password (stored in encrypted/hashed form) or Google account identifier if you use Google Sign-In.
• Profile Data: Any additional information you choose to add to your profile (e.g., health goals, dosha preferences).
• Practice Data: Your yoga practice history, session completions, challenge participation, and preferences.
• Communications: Messages or feedback you send us via email or support channels.

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, device type, and screen resolution.
• Usage Data: Pages visited, features used, time spent on pages, and interaction patterns.
• Log Data: IP address, access times, and referring URLs.
• Cookies & Similar Technologies: Session cookies for authentication and functionality. See Section 7 for details.

2.3 Information from Third Parties

• Google Sign-In: If you authenticate via Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Create and manage your account, deliver personalized yoga sequences and recommendations.
• Personalization: Customize content, practices, and recommendations based on your preferences and practice history.
• AI-Powered Features: Generate personalized yoga sequences, practice suggestions, and wellness content using AI models. Your practice data may be used to improve recommendations.
• Communication: Send account-related notifications, practice reminders, and respond to your inquiries.
• Improvement: Analyze usage patterns to improve the Platform, fix bugs, and develop new features.
• Safety & Security: Detect fraud, prevent unauthorized access, and ensure platform security.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process your data based on:

• Contract Performance: Processing necessary to provide our services (account management, practice delivery).
• Consent: Where you have given explicit consent (e.g., marketing communications, optional data sharing).
• Legitimate Interest: Platform improvement, security, and analytics, balanced against your privacy rights.
• Legal Obligation: Where processing is required by law.

5. Data Sharing & Disclosure

We do not sell your personal data.

We may share your information with:

• Service Providers: Trusted third-party services that help us operate the Platform:
  • Cloud hosting and database services (MongoDB Atlas)
  • Email delivery services (Resend)
  • Authentication services (Google OAuth)
  • AI services (Google Gemini) for content generation
  • Media storage (Cloudinary) for images and audio
• Legal Requirements: When required by law, court order, or government authority, or to protect our rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to users.

6. Data Storage & Security

• Storage Location: Your data is stored on secure cloud servers (MongoDB Atlas) with data centers that may be located outside India. By using the Platform, you consent to this transfer.
• Encryption: Passwords are hashed using industry-standard algorithms (bcrypt). Data in transit is encrypted using TLS/SSL.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
• JWT Authentication: Sessions are managed using JSON Web Tokens with expiration periods for security.
• Retention Period: We retain your data for as long as your account is active, plus a reasonable period thereafter for legal and operational purposes. Practice data may be retained in anonymized/aggregated form for analytics.
• While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Cookies & Tracking

• Essential Cookies: Used for authentication (JWT tokens stored in localStorage) and session management. These are necessary for the Platform to function.
• Analytics: We may use analytics tools to understand how users interact with the Platform. This data is aggregated and anonymized.
• We do not use advertising cookies or trackers.
• You can control cookies through your browser settings, but disabling essential cookies may affect Platform functionality.

8. Your Rights

8.1 For All Users

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated personal data.
• Withdraw Consent: Withdraw consent for optional data processing at any time.

8.2 Additional Rights for Indian Users (DPDP Act, 2023)

• Right to access information about your personal data processing.
• Right to correction and erasure of personal data.
• Right to nominate another person to exercise your rights in case of death or incapacity.
• Right to grievance redressal — contact our Grievance Officer (see Section 12).

8.3 Additional Rights for EU/EEA Users (GDPR)

• Right to data portability (receive your data in a structured, machine-readable format).
• Right to restrict processing of your data.
• Right to object to processing based on legitimate interest.
• Right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at admin@yogvritti.com. We will respond within 30 days.

9. Children's Privacy

• The Platform is not intended for children under 13 years of age.
• We do not knowingly collect personal data from children under 13.
• Users between 13-18 years may use the Platform with parental or guardian consent.
• If you believe a child under 13 has provided us personal data, contact us immediately, and we will take steps to delete such data.

10. Health & Wellness Data

11. International Data Transfers

• YogVritti is based in India. Your data may be transferred to and processed in countries outside your country of residence.
• We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.
• By using the Platform, you consent to the transfer of your data to India and other jurisdictions where our service providers operate.

12. Grievance Officer (India)

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the details of the Grievance Officer are:

13. Changes to This Policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated "Last updated" date. For material changes, we will notify registered users via email. Continued use of the Platform after changes constitutes acceptance of the revised policy.

14. Contact Us

For any privacy-related questions or concerns, contact us at: