Last Updated: [August 01, 2025] At Mahaan Vastu, we take our responsibility as a data processor and data controller seriously. This Data Handling Policy ("Policy") explains how we collect, process, store, protect, and delete data entrusted to us by our users—primarily Vastu consultants—including the personal data of their clients inputted into the platform. This Policy forms part of our Terms & Conditions and Privacy Statement. By using our Service, you agree to this Policy and our practices outlined herein.
Data provided by consultants for their own registration and usage (e.g., email, name, payment info).
Personal and non-personal data about the consultant’s end-customers inputted into the Service for horoscope or Vastu analysis.
Any information relating to an identified or identifiable individual.
Any operation performed on personal data including storage, access, transmission, analysis, or deletion.
The consultant or business entity that decides the purposes and means of processing Client Data.
Mahaan Vastu, which processes data on behalf of the controller (consultant).
• Mahaan Vastu acts as a data controller for User Data and as a data processor for Client Data (as uploaded by consultants). • Consultants are responsible for ensuring lawful collection and upload of their clients’ personal data and for compliance with applicable privacy laws in their jurisdictions.
Collected during account creation, payment processing, and platform activity.
Includes birth information, names, property plans, and zone-related annotations used for generating horoscopes and Vastu recommendations.
• Provide platform functionality such as horoscope generation, zone mapping, and customer records. • Analyse and generate automated interpretations based on Vedic astrology and Vastu principles. • Enable consultants to export, review, and manage client records and reports. • Comply with applicable legal and tax obligations.
All data is securely stored on AWS servers located in US availability zones.
Data is encrypted at rest and in transit using AES-256 and TLS 1.3 respectively.
• Internal access to user or client data is strictly role-based. • Only authorized technical or support staff can access data, and only when required for support or security. • Multi-factor authentication is enforced for internal admin access.
Daily encrypted backups are maintained for disaster recovery purposes, retained for up to 30 days.
| Data Type | Retention Duration |
|---|---|
| User Data | Until account deletion + 12 months (for tax/legal) |
| Client Data | Retained until manually deleted by User OR 12 months post subscription cancellation |
| Support Logs | 90 days from creation |
| Audit Logs | 12 months |
| Anonymized Usage Data | Indefinitely for analytics and product improvement |
Consultants can delete client profiles or data directly through the dashboard.
Users may request deletion of their account and associated data by emailing support@mahaanvastu.com.
Users may export client data and reports in PDF or CSV format at any time before account cancellation.
After 12 months of inactivity or termination, data is securely purged from all systems unless required for legal compliance.
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| AWS | Cloud hosting | USA | Data encrypted, AWS DPA signed |
| Stripe | Payment processing | Global | PCI-DSS compliant |
| Razorpay/Cashfree | Payment in India | India | RBI & PCI-DSS compliant |
| Helpdesk (e.g., Intercom/Zendesk) | Customer support | USA/India | Access restricted, audit logged |
All vendors are bound by Data Processing Agreements (DPAs) and confidentiality clauses.
We will investigate and contain the breach immediately.
Affected users will be notified within 72 hours after concluding our investigation, in compliance with GDPR and Indian IT security guidelines.
Logs and audit trails will be reviewed to assess the cause.
Preventive measures will be strengthened to avoid recurrence.
All incidents are documented and reviewed by our internal security response team.
We comply with: • Indian IT Act, 2000 & DPDP Act, 2023. • GDPR (as a data processor for EU/EEA clients). • California Consumer Privacy Act (CCPA) for applicable users. • AWS SOC 2 compliance indirectly via hosting architecture.
As a consultant using our platform: • You must obtain client consent before uploading their personal data. • You must not upload sensitive personal data (e.g., health records, financial data) unless directly required for Vastu consultation and permitted under law. • You agree not to misuse our platform to harvest, resell, or aggregate personal data without consent.
We reserve the right to update this Policy as laws or practices evolve. Users will be notified of material changes via email or in-app notices. Continued use of the Service after updates constitutes agreement to the updated Policy.
If you have questions about this Policy or wish to exercise your rights, contact: Data Protection Officer – Mahaan Vastu Email: support@mahaanvastu.com Address: Vrindavan Orchards, Loharka Road, Amritsar 143001