Legal · Privacy

Privacy Policy

Effective: 1 July 2025  ·  Updated: 13 July 2026  ·  Version 1.2.1  ·  atmasarathy.com
"Ātmānam viddhi" — Know Thyself
The Upanishadic invitation that inspired AtmaSarathy. We hold that every seeker's personal data is as sacred as their inquiry.

In Sanatana Dharma, every guest is Atithi — a form of the Divine arriving at our threshold. When you step across this threshold, you bring your thoughts, your questions, and certain digital traces. We receive those traces the way a devoted host receives a guest: with respect, discretion, and purpose.

We do not sell your data. We do not profile you for advertisements. We hold only what is needed to serve you well, and we release it when that purpose ends. This policy fulfils our obligations under India's Digital Personal Data Protection Act, 2023 (DPDPA 2023) and reflects Privacy by Design — your privacy is built into this platform from its foundation, not bolted on.


1. Who We Are

Data Fiduciary

Ganeshram Sundaram (Individual)
2A, Block 1, 9, 4th Main Road Extension, Kotturpuram, Chennai — 600085, Tamil Nadu, India
Privacy contact: privacy@atmasarathy.com
Grievance Officer: Ganeshram Sundaram — same address and email

2. What Data We Collect — The Panchabhoota Framework

Just as the universe is composed of five elements, the data we collect can be understood through five kinds of information. We collect only what each element truly requires.

Prithvi (Earth) — Identity Data

Jal (Water) — Conversation Data

Authenticated users have conversation history and the above stored. Guest users have no data stored beyond what is processed transiently in the current session. You may view, rebuild, export, or delete all of this at any time from your Svabhava page — including the understanding AtmaSarathy holds of you.

A private ("incognito") reflection is never stored and never shapes the understanding AtmaSarathy holds of you — no message, no summary, no Svabhava update is written. The only trace is brief, content-free fair-use metadata (an identity token and timestamp, never your words), which is deleted within about a day.

Agni (Fire) — Technical Data

Vayu (Air) — Preference Data

Akasha (Space) — What We Do Not Collect

3. Why We Use Your Data

PurposeLegal basis
Providing AI-guided conversationsContract (core service)
User account management (login, reset)Contract
Sending transactional emailsContract
Saving conversation historyYour consent
Forming an evolving understanding of you (memory), for continuityYour consent
Detecting signs of acute distress to point you to real-world supportVital interests / safety
Platform security and performanceLegitimate use
Improving AtmaSarathy (anonymised)Legitimate use

We do not use your data for targeted advertising, sale to third parties, or automated decision-making with significant effects on you.

4. How Long We Keep Your Data

Our principle is simple: we hold what you share on the basis of your consent and our need to serve you — and no longer than that. So we keep your reflections for as long as you are in relationship with AtmaSarathy, so that it can remember you with continuity. When you delete them, they are erased completely and promptly. And if you go entirely dormant for a long time, we let go on our own.

Data typeRetention
Account profileUntil you delete it, or 24 months of total inactivity (see below)
Conversation history & SvabhavaUntil you delete it, or 24 months of total inactivity
Feedback signalsErased with your account (deleted, not merely anonymised)
Error logs14 days
Fair-use / rate-limit metadata~25 hours (identity token + timestamp only; no message content)
IP address (raw)30 days, then anonymised
Transactional email records90 days
Backup snapshots30 days rolling
Dormancy — letting go when the need has passed

If a signed-in seeker becomes entirely inactive — no visits at all — for 24 months, we take that as a sign the need has passed, and we release their reflections completely. About 30 days beforehand, we send a single gentle email to the address on the account, so no one is ever erased by surprise: returning even once within that month keeps everything, and resets the clock. This is how we live the principle of holding nothing longer than it is needed. (Private, incognito reflections are never stored, so nothing of them persists to release.)

5. Your Rights as a Data Principal

Right to Access
Request a summary of all personal data we hold. We respond within 72 hours.
Right to Correction
Request correction of inaccurate data. Name and language are self-serve in your profile settings.
Right to Erasure
Request deletion of your account and all associated personal data. When you delete your account, everything is erased completely — conversations, messages, summaries, your Svabhava, sankalpas, settings, and any feedback text — not merely de-linked. Processed within 7 business days.
Right to Withdraw Consent
Where processing rests on consent (e.g. storing conversations), you may withdraw at any time.
Right to Grievance Redressal
File a grievance at privacy@atmasarathy.com. Acknowledged within 48 hours, resolved within 30 days.
Escalation
If unsatisfied, you may escalate to the Data Protection Board of India once constituted.
How to exercise your rights

Email privacy@atmasarathy.com with subject: "Data Rights Request — [Your Name]". We will verify your identity before processing.

6. Who We Share Your Data With

We do not sell, rent, or trade your data. The following sub-processors receive limited data to operate the platform:

ProcessorPurposeData shared
Anthropic (USA)AI language model inferenceConversation text (as plaintext)
Supabase (Mumbai)Database and authenticationAccount data, conversations, memory
Resend (USA)Transactional email deliveryEmail address only
Vercel (USA)Web hosting & networkRequest logs (IP, path), country

A note on how your reflections are processed: to generate a response, the text of your message is sent to Anthropic's AI service as plaintext — this is unavoidable, as the model must read what you write in order to respond. At rest in our database, your stored history is held within Supabase's encrypted infrastructure. We are exploring stronger, seeker-held encryption for stored reflections; until then, we describe our protection honestly rather than over-promise. We never sell your data, and we do not use your reflections to train AI models.

7. Cross-Border Transfers

Anthropic, Resend, and Vercel are based in the United States. Your data may be processed there through processors who maintain adequate safeguards. We will update this section as India's cross-border transfer regulations under DPDPA 2023 are notified.

8. Security — The Kavacham

An honest word on what this does and does not mean. Your reflections are walled off from other users and encrypted at rest. But because AtmaSarathy remembers you across visits — your Svabhava, your continuity — the service itself must be able to read your conversations to provide that memory. So we do not claim that "even we cannot see your reflections": as long as memory works, that would not be true, and we would rather be truthful than reassuring. Access is limited to the running service and is never sold, shared for advertising, or used to train AI models. For those who would prefer that even we could not read a session, a private ("incognito") reflection is available today — it is never stored — and we are designing an opt-in "sealed" mode of stronger, seeker-held encryption for the future, in which memory would be set aside in exchange for that privacy. We will describe it plainly, and only offer it, when it genuinely delivers what it promises.

In the event of a data breach likely to cause high risk to your rights, we will notify affected seekers and the relevant authority without undue delay, and within 72 hours of becoming aware wherever feasible.

9. Children's Privacy

AtmaSarathy is designed for adults. Before beginning, seekers are asked to confirm they are 18 or older. We do not knowingly collect personal data from individuals under 18. If you believe your child has used this platform, contact us at privacy@atmasarathy.com and we will delete their data.

10. Changes to This Policy

We will notify registered users by email of material changes at least 15 days before they take effect. The version history is maintained at this page.

11. Contact

Reach Us

General enquiries: hello@atmasarathy.com
Privacy and data rights: privacy@atmasarathy.com
Grievance Officer: Ganeshram Sundaram — privacy@atmasarathy.com

"Sarve bhavantu sukhinah"
May all beings be happy. Your data is not our asset — it is information you share with us in trust.