Privacy Policy

This Privacy Policy explains how Sigmoid Vedanta Technologies (the "Company", "we") collects, uses, discloses and protects personal data when you use the Rig Veda – Sacred Knowledge Portal (the "Service"). It is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDPA").

1. Data we collect

• Account data: email address, hashed password, full name (optional), subscription tier and billing references.
• Usage data: chat queries, search queries, IP address, user agent, page views, daily-limit counters, audit-log events.
• Payment data: handled by Razorpay; we receive only transaction IDs and statuses, not card or bank credentials.
• Communications: the contents of any enquiry you submit through our contact form.
• Cookies & tokens: a session cookie (Sigmoid Vedanta session) and an auth cookie (rv_auth) used for sign-in continuity.

2. How we use it

• To operate, secure and improve the Service.
• To deliver verse explanations, chat answers, search results, audio playback, the knowledge graph and other features you request.
• To enforce free-tier and paid-tier entitlements and detect abuse.
• To process payments and send transactional emails (verification, password reset, receipts).
• To respond to your contact-form enquiries and grievance reports.
• To comply with law and to defend legal claims.

3. Legal basis

We rely on (a) your consent (under the DPDPA) for marketing or optional features; (b) performance of a contract for delivering the Service you paid for; (c) legitimate interest for security, fraud prevention and product improvement; and (d) legal obligation for tax, accounting and intermediary compliance.

4. Sharing

We do not sell your personal data. We share data only with:

• Service providers acting under written contracts (cloud hosting, Razorpay for payments, Resend for transactional email, Groq for inference);
• Regulators or law-enforcement where required by a valid legal request;
• Acquirers in the event of a corporate transaction, subject to equivalent privacy commitments.

5. Retention

Account data is retained while your account exists and for up to twelve (12) months after deletion for compliance, billing and dispute purposes. Chat history and contact-form submissions are retained for up to twenty-four (24) months unless you request earlier deletion. Audit logs are retained for up to seven (7) years where law requires.

6. Your rights

Subject to the DPDPA and other applicable laws, you may request access, correction, erasure, restriction or portability of your personal data, and you may withdraw consent at any time. Submit requests via our contact form or by email to sigmoidptn@gmail.com. We will respond within thirty (30) days.

7. Security

Passwords are stored only as salted bcrypt hashes. Transport is encrypted using TLS. Production databases are access-controlled. We do not, however, warrant absolute security; you remain responsible for safeguarding your credentials.

8. International transfers

Some processors (e.g. cloud hosting, inference) operate outside India. Where data is transferred outside India, we ensure equivalent contractual protections, including standard contractual clauses where applicable.

9. Children

The Service is not directed at children under 18. Where parental consent is required by law, we will obtain it before processing a minor's personal data.

10. Grievance officer & Data Protection Officer

11. Governing law

This Policy is governed by the laws of the Republic of India. Disputes are subject to the exclusive jurisdiction of the competent courts at Thiruvananthapuram, Kerala, India.