Privacy Policy

This Privacy Policy explains how Sigmoid Vedanta Technologies (the "Company", "we") collects, uses, discloses and protects personal data when you use the Rig Veda – Sacred Knowledge Portal (the "Service"). It is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDPA").

1. Data we collect

• Account data: email address, hashed password, full name (optional), access tier and payment references.
• Usage data: chat queries, search queries, IP address, user agent, page views, daily-limit counters, audit-log events.
• Analytics data: for each page view we record the page visited, your IP address, the approximate location (country, region and city) derived from that IP using an offline database, and the device, operating system and browser inferred from your user agent. This is first-party analytics processed on our own servers; it is not shared with third parties and is used only to understand site traffic.
• Payment data: handled by Razorpay; we receive only transaction IDs and statuses, not card or bank credentials.
• Communications: the contents of any enquiry you submit through our contact form.
• Cookies & tokens: a session cookie (Sigmoid Vedanta session) and an auth cookie (rv_auth) used for sign-in continuity.
• Advertising & measurement cookies: on pages that display ads, Google and its partners may set cookies and read device identifiers to serve and measure advertising. See section 5.

2. How we use it

• To operate, secure and improve the Service.
• To deliver verse explanations, chat answers, search results, audio playback, the knowledge graph and other features you request.
• To enforce free-tier and paid-tier entitlements and detect abuse.
• To process payments and send transactional emails (verification, password reset, receipts).
• To respond to your contact-form enquiries and grievance reports.
• To display advertising that helps keep the reading content free (see section 5).
• To comply with law and to defend legal claims.

3. Legal basis

We rely on (a) your consent (under the DPDPA, and under the GDPR / UK GDPR for advertising cookies where those laws apply) for marketing, advertising or optional features; (b) performance of a contract for delivering the Service you paid for; (c) legitimate interest for security, fraud prevention and product improvement; and (d) legal obligation for tax, accounting and intermediary compliance.

4. Sharing

We do not sell your personal data. We share data only with:

• Service providers acting under written contracts (cloud hosting, Razorpay for payments, Resend for transactional email, Groq for inference);
• Advertising partners (Google AdSense and its vendors) for serving and measuring ads, as described in section 5;
• Regulators or law-enforcement where required by a valid legal request;
• Acquirers in the event of a corporate transaction, subject to equivalent privacy commitments.

5. Advertising, cookies and Google AdSense

Parts of this site are supported by advertising served through Google AdSense. To make this possible:

• Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this website and/or other websites.
• Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to this site and/or other sites on the Internet.
• You may opt out of personalised advertising by visiting Google Ads Settings. You can also opt out of a third-party vendor's use of cookies for personalised advertising at www.aboutads.info/choices and www.youronlinechoices.eu.
• For details of how Google uses information from sites that use its services, see Google's partner-sites policy and the Google Privacy Policy.
• Users in the EEA, the UK and Switzerland: before serving personalised ads we use a consent management mechanism to obtain your consent for storing and accessing cookies and for processing personal data for advertising, as required by the ePrivacy and data-protection rules and Google's EU user consent policy. You can change or withdraw your consent at any time through the consent controls on the site.
• We do not show ads on sign-in, account, billing, administrative or other utility screens. Signed-in paid subscribers are served the site without ads.

6. Retention

Account data is retained while your account exists and for up to twelve (12) months after deletion for compliance, billing and dispute purposes. Chat history and contact-form submissions are retained for up to twenty-four (24) months unless you request earlier deletion. Audit logs are retained for up to seven (7) years where law requires.

7. Your rights

Subject to the DPDPA and other applicable laws, you may request access, correction, erasure, restriction or portability of your personal data, and you may withdraw consent at any time. Submit requests via our contact form or by email to sigmoidtechnologies@gmail.com. We will respond within thirty (30) days.

8. Security

Passwords are stored only as salted bcrypt hashes. Transport is encrypted using TLS. Production databases are access-controlled. We do not, however, warrant absolute security; you remain responsible for safeguarding your credentials.

9. International transfers

Some processors (e.g. cloud hosting, inference, advertising) operate outside India. Where data is transferred outside India, we ensure equivalent contractual protections, including standard contractual clauses where applicable.

10. Children

The Service is not directed at children under 18. Where parental consent is required by law, we will obtain it before processing a minor's personal data.

11. Grievance officer & Data Protection Officer

12. Governing law

This Policy is governed by the laws of the Republic of India. Disputes are subject to the exclusive jurisdiction of the competent courts at Thiruvananthapuram, Kerala, India.