In Sanatana Dharma, every guest is Atithi — a form of the Divine arriving at our threshold. When you step across this threshold, you bring your thoughts, your questions, and certain digital traces. We receive those traces the way a devoted host receives a guest: with respect, discretion, and purpose.
We do not sell your data. We do not profile you for advertisements. We hold only what is needed to serve you well, and we release it when that purpose ends. This policy fulfils our obligations under India's Digital Personal Data Protection Act, 2023 (DPDPA 2023) and reflects Privacy by Design — your privacy is built into this platform from its foundation, not bolted on.
Ganeshram Sundaram (Individual)
2A, Block 1, 9, 4th Main Road Extension, Kotturpuram, Chennai — 600085, Tamil Nadu, India
Privacy contact: privacy@atmasarathy.com
Grievance Officer: Ganeshram Sundaram — same address and email
Just as the universe is composed of five elements, the data we collect can be understood through five kinds of information. We collect only what each element truly requires.
Authenticated users have conversation history and the above stored. Guest users have no data stored beyond what is processed transiently in the current session. You may view, rebuild, export, or delete all of this at any time from your Svabhava page — including the understanding AtmaSarathy holds of you.
A private ("incognito") reflection is never stored and never shapes the understanding AtmaSarathy holds of you — no message, no summary, no Svabhava update is written. The only trace is brief, content-free fair-use metadata (an identity token and timestamp, never your words), which is deleted within about a day.
| Purpose | Legal basis |
|---|---|
| Providing AI-guided conversations | Contract (core service) |
| User account management (login, reset) | Contract |
| Sending transactional emails | Contract |
| Saving conversation history | Your consent |
| Forming an evolving understanding of you (memory), for continuity | Your consent |
| Detecting signs of acute distress to point you to real-world support | Vital interests / safety |
| Platform security and performance | Legitimate use |
| Improving AtmaSarathy (anonymised) | Legitimate use |
We do not use your data for targeted advertising, sale to third parties, or automated decision-making with significant effects on you.
Our principle is simple: we hold what you share on the basis of your consent and our need to serve you — and no longer than that. So we keep your reflections for as long as you are in relationship with AtmaSarathy, so that it can remember you with continuity. When you delete them, they are erased completely and promptly. And if you go entirely dormant for a long time, we let go on our own.
| Data type | Retention |
|---|---|
| Account profile | Until you delete it, or 24 months of total inactivity (see below) |
| Conversation history & Svabhava | Until you delete it, or 24 months of total inactivity |
| Feedback signals | Erased with your account (deleted, not merely anonymised) |
| Error logs | 14 days |
| Fair-use / rate-limit metadata | ~25 hours (identity token + timestamp only; no message content) |
| IP address (raw) | 30 days, then anonymised |
| Transactional email records | 90 days |
| Backup snapshots | 30 days rolling |
If a signed-in seeker becomes entirely inactive — no visits at all — for 24 months, we take that as a sign the need has passed, and we release their reflections completely. About 30 days beforehand, we send a single gentle email to the address on the account, so no one is ever erased by surprise: returning even once within that month keeps everything, and resets the clock. This is how we live the principle of holding nothing longer than it is needed. (Private, incognito reflections are never stored, so nothing of them persists to release.)
Email privacy@atmasarathy.com with subject: "Data Rights Request — [Your Name]". We will verify your identity before processing.
We do not sell, rent, or trade your data. The following sub-processors receive limited data to operate the platform:
| Processor | Purpose | Data shared |
|---|---|---|
| Anthropic (USA) | AI language model inference | Conversation text (as plaintext) |
| Supabase (Mumbai) | Database and authentication | Account data, conversations, memory |
| Resend (USA) | Transactional email delivery | Email address only |
| Vercel (USA) | Web hosting & network | Request logs (IP, path), country |
A note on how your reflections are processed: to generate a response, the text of your message is sent to Anthropic's AI service as plaintext — this is unavoidable, as the model must read what you write in order to respond. At rest in our database, your stored history is held within Supabase's encrypted infrastructure. We are exploring stronger, seeker-held encryption for stored reflections; until then, we describe our protection honestly rather than over-promise. We never sell your data, and we do not use your reflections to train AI models.
Anthropic, Resend, and Vercel are based in the United States. Your data may be processed there through processors who maintain adequate safeguards. We will update this section as India's cross-border transfer regulations under DPDPA 2023 are notified.
An honest word on what this does and does not mean. Your reflections are walled off from other users and encrypted at rest. But because AtmaSarathy remembers you across visits — your Svabhava, your continuity — the service itself must be able to read your conversations to provide that memory. So we do not claim that "even we cannot see your reflections": as long as memory works, that would not be true, and we would rather be truthful than reassuring. Access is limited to the running service and is never sold, shared for advertising, or used to train AI models. For those who would prefer that even we could not read a session, a private ("incognito") reflection is available today — it is never stored — and we are designing an opt-in "sealed" mode of stronger, seeker-held encryption for the future, in which memory would be set aside in exchange for that privacy. We will describe it plainly, and only offer it, when it genuinely delivers what it promises.
In the event of a data breach likely to cause high risk to your rights, we will notify affected seekers and the relevant authority without undue delay, and within 72 hours of becoming aware wherever feasible.
AtmaSarathy is designed for adults. Before beginning, seekers are asked to confirm they are 18 or older. We do not knowingly collect personal data from individuals under 18. If you believe your child has used this platform, contact us at privacy@atmasarathy.com and we will delete their data.
We will notify registered users by email of material changes at least 15 days before they take effect. The version history is maintained at this page.
General enquiries: hello@atmasarathy.com
Privacy and data rights: privacy@atmasarathy.com
Grievance Officer: Ganeshram Sundaram — privacy@atmasarathy.com