This Privacy Policy describes how Gregforge Labs LLC ("we", "our", or "us") collects, uses, discloses, retains, and protects information when you use the Jyotish Vani mobile application (the "App").
1. Who we are
Gregforge Labs LLC is a California limited liability company based in Sunnyvale, California, United States. Privacy contact: support@gregforgelabs.com. Legal mail and service of process may be sent to Gregforge Labs LLC c/o ZenBusiness Inc., 2520 Venture Oaks Way Suite 120, Sacramento, CA 95833, United States.
2. Information we collect
We collect only what is needed to operate the App. We do not sell personal information. Where optional rewarded ads involve data use that may be considered sharing for cross-context behavioral advertising, we describe that use below and honor applicable opt-out choices.
- Account information. Email address or phone number, sign-in method (for example email/password, phone verification, Google Sign-In, or Apple Sign-In), verification status, and account identifiers. Passwords and one-time verification codes are handled by our third-party authentication provider and are never visible to us in plaintext.
- Birth profile. Name, date of birth, time of birth, place of birth with derived latitude, longitude, and timezone, gender, and optional occupation. You provide this so the App can compute your astrological chart.
- Chat history. Messages you send to the in-app astrology assistant ("Vani") and the assistant's replies. Free-tier chat continuity is stored locally on your device. For paid tiers that include saved conversations, chat titles, messages, replies, chart-profile identifiers, language, timestamps, and message counts may also be stored by our backend so you can view saved Vani conversations across app sessions and, where supported, across devices. The current message and recent context are sent to our backend service for each turn.
- Location you enter. If you choose to set a birth place or current place, we process the place name and derived latitude, longitude, and timezone so chart and timing features can use the correct location. The App does not request device GPS permission.
- Device and diagnostic information. Generic technical data such as app version, OS version, device model, language, country, timestamps, network status, crash traces, stack traces, breadcrumbs of in-app navigation immediately preceding a crash, request metadata, and abuse-prevention signals. Crash diagnostics are processed through a third-party error-monitoring provider; we configure the SDK to scrub device identifiers, IP addresses, and personally identifying fields from event payloads before transmission where supported.
- Advertising and rewarded ads. The App may show optional rewarded advertisements, for example to let a free-tier user earn a limited bonus action after watching an ad. The App uses an advertising SDK for this purpose. Depending on your platform settings and consent choices, the SDK may process device advertising identifiers (IDFA on iOS, AAID on Android), IP address, coarse device and app information, ad interactions, and fraud-prevention signals. On iOS, the App may present Apple's App Tracking Transparency prompt before using the IDFA for personalized advertising. You can decline tracking and still use the App; ads may be less personalized or limited.
- Purchase and subscription information. If paid features are offered, purchase status, subscription status, entitlement state, product identifiers, transaction identifiers, country of purchase, currency, and renewal state may be received from the app store (Apple App Store or Google Play) and from a third-party subscription-management provider so the App can provision access to purchased features, restore purchases across devices, and detect abuse. We do not receive your full payment-card number.
- Usage counters for subscription enforcement. To enforce the monthly Vani chat allotments included in each paid tier and the lifetime Vani allotment included in the free tier, our backend maintains per-account counters of Vani turns. These counters store your account identifier, the current and recent month keys, integer counts per day and per month, and a last-updated timestamp. They do not contain your chat content, names, birth profile, or any other personal data beyond the account identifier. Counters reset on the first day of each calendar month (UTC) for paid tiers and persist indefinitely for the free-tier lifetime allotment. Compatibility-reading counters are currently stored locally on your device.
3. How we use information
- To create and authenticate your account.
- To compute your Vedic astrological chart and personalized interpretations.
- To deliver answers from the in-app assistant.
- To manage purchases, entitlements, subscription access, and account deletion requests.
- To provide optional rewarded ads, measure ad delivery, prevent ad fraud, and grant the in-app reward after a completed ad where available.
- To diagnose crashes and improve reliability.
- To prevent abuse, enforce our Terms, and protect the Service.
- To comply with applicable laws.
4. Categories of service providers
We use service providers to operate the App. Specific vendors within each category may change over time as the Service evolves; providers process information only for the purposes described here and under agreements or platform terms intended to protect user data. The categories below are exhaustive for the App as of the date at the top of this policy:
- Authentication provider. Manages account sign-in, including email/password, phone-number verification, federated Google Sign-In, and Apple Sign-In where enabled. Stores hashed credentials, verification state, phone numbers where used for sign-in, and account identifiers.
- Cloud hosting provider (United States). Hosts our backend services that mediate Vani chat requests, entitlement checks, and other server functions.
- AI model providers. Provide the large language model or related AI services that power Vani. Your message, recent chat context, and relevant astrological context may be sent to a third-party AI provider to generate each reply. We select commercial providers that offer contractual or policy commitments around data handling; current providers may state that commercial API inputs and outputs are not used for model training by default unless the customer opts in or submits feedback. The set of providers and models may change.
- Places and timezone API provider. Used to look up the city you typed during onboarding and to resolve its timezone.
- Crash diagnostics provider. Receives crash reports, stack traces, breadcrumbs, and minimal runtime context to help us diagnose and fix bugs. Configured to drop personally identifying fields where supported.
- Subscription-management provider. Validates receipts, restores purchases across devices linked to the same store account, and maintains entitlement state. Receives anonymous app-user identifiers and platform receipts. Does not receive your name, birth profile, or chat content.
- Advertising provider. Delivers optional rewarded ads, measures whether an ad was loaded, shown, clicked, or completed, and helps detect invalid traffic. The advertising provider may receive device and ad-event data described above and may act as an independent controller for some advertising processing under its own terms.
- App stores (Apple App Store, Google Play). Process in-app purchases, subscriptions, cancellations, refunds, taxes, receipts, and payment disputes when paid features are offered.
The App also embeds the Swiss Ephemeris ("SWISS EPHEMERIS Inside") astronomical calculation library locally. It runs on your device, does not send your birth data to any external server, and is not a service provider.
To request the current list of named sub-processors (for example to satisfy a GDPR Article 15 access request, an Indian DPDP Act request, or an enterprise vendor-review process), email support@gregforgelabs.com with subject "Sub-Processor List Request". We will provide the current list within a reasonable time after verifying your identity.
5. Where data is stored
Your birth profile and current location are stored locally on your device using an encrypted on-device key-value store and may be synced to our backend account store when cloud profile sync is enabled. Free-tier Vani chat history is local to your device. Paid saved Vani conversations may be retained on our backend according to the chat-history limits of your subscription tier, until you delete them, delete the related chart profile, close your account, or the applicable retention period expires. Each Vani chat message you send is processed through our backend service and a third-party AI provider to generate a reply. Crash diagnostics are stored by our crash diagnostics provider. Subscription entitlement records are stored by our subscription-management provider and the respective app store. All transit between the App, our backend, and these providers is protected with TLS.
5a. International data transfers
Our service providers are predominantly based in the United States, and the App is operated from the United States. By using the App you understand that information about you may be transferred to, processed in, and stored in the United States and in other countries where service providers operate. Where we transfer personal information of EEA, UK, or Swiss data subjects out of those regions, we rely on lawful transfer mechanisms permitted by applicable law, including provider-level Standard Contractual Clauses, adequacy decisions, or other approved safeguards.
6. Data retention
- Account. Retained as long as you maintain an account. You may delete your account at any time (see Section 8); deletion removes or de-identifies the authentication record and associated server-side account data we control, subject to limited legal, security, fraud-prevention, dispute, tax, and accounting retention needs.
- Birth profile, current location, and chat history. Stored on your device. Removed when you delete the App, clear app data, or use in-app clearing controls where available.
- Backend logs. Operational logs such as timestamps, error traces, request metadata, and abuse-prevention signals are retained for up to 30 days unless a longer period is reasonably needed for security, fraud prevention, dispute resolution, or legal compliance.
- Purchase records. Purchase and subscription records are primarily retained by the app store under its own policy. We may retain entitlement or support records as needed to provide access, handle disputes, and comply with tax or accounting obligations.
7. Children
The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction; under 16 in many parts of the EEA/UK). We do not knowingly collect personal information from children. Birth profiles you enter for younger family members are processed as profile data about a third party, not as a child's account, and you are responsible under Section 7 of the Terms of Service for having the authority to enter that information. If you believe a child has independently created an account or provided us information, please contact us and we will delete it.
8. Your choices and rights
- Access, correction, deletion. You can edit your birth profile in the App at any time. To delete your account and associated data, use the in-app account deletion option or visit Account & Data Deletion.
- California residents (CCPA/CPRA). You may have rights to know, access, correct, delete, and limit certain uses of personal information, and the right not to be discriminated against for exercising those rights. We do not sell personal information. Where rewarded ads involve data use that may be considered "sharing" for cross-context behavioral advertising under California law, you may opt out through platform privacy controls such as denying App Tracking Transparency permission on iOS, resetting or deleting your advertising ID where supported, or contacting us.
- Other US states. Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), Delaware, Iowa, Indiana, Tennessee, New Hampshire, New Jersey, and other states with comparable consumer-privacy statutes have rights of access, correction (where applicable), deletion, and portability with respect to personal data we control. Where required by state law, you also have the right to opt out of targeted advertising, the sale of personal data, and certain profiling that produces legal or similarly significant effects. We will respect a properly submitted opt-out. You may appeal a decision on your request by replying to our response.
- EEA / UK / Switzerland residents (GDPR / UK GDPR / Swiss FADP). Depending on your location and circumstances, you may have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your supervisory authority. Our lawful bases include performance of a contract, legitimate interests in operating and protecting the Service, consent where required (including for non-essential advertising identifiers), and compliance with legal obligations.
- India (DPDP Act, 2023). If you are a Data Principal in India under the Digital Personal Data Protection Act, 2023, you have the right to (a) obtain a summary of personal data we process and the processing activities, (b) request correction, completion, updating, or erasure of personal data, (c) nominate another individual to exercise your rights in the event of your death or incapacity, and (d) grievance redressal. Contact support@gregforgelabs.com with subject "DPDP Request". If you are not satisfied with our response, you may complain to the Data Protection Board of India once it begins accepting complaints.
- Australia, Canada, Brazil, and other jurisdictions. Where applicable, you may have additional rights under the Australian Privacy Act 1988, Canada's PIPEDA / Québec Law 25, Brazil's LGPD, the Lei Geral de Proteção de Dados, and equivalent regimes (including the South African POPIA, the Singapore PDPA, the UAE PDPL, and others). Contact us using the address below to exercise them.
- Authorized agents. An authorized agent may submit a request on your behalf if you provide written authorization or proof of power of attorney; we will verify the relationship before acting.
- Verification. We may need to verify your identity or account ownership before acting on a privacy request. For deletion of an account, we may require reauthentication.
- No retaliation. We will not deny services, charge a different price, or provide a different level of quality because you exercised a privacy right.
8a. Consumer Health Data
Some content in the App, for example dosha discussion, wellness-style remedies, fasting suggestions, gemstone recommendations, or content phrased as "good for body/mind/energy", could be characterized as consumer health data under Washington's My Health My Data Act ("MHMDA"), Nevada's SB 370, Connecticut's amendments to CTDPA, and similar state laws. We treat that content as follows: we do not sell consumer health data; we do not share consumer health data with advertising or data-broker partners; access inside our team is limited to personnel who need it to provide or support the App; and we do not geofence facilities that provide healthcare services. Rewarded ads are not targeted using your birth profile, Vani chat content, astrological readings, or consumer health data. To exercise rights specific to consumer health data, including the right to confirm whether we are processing your consumer health data, to access it, to withdraw consent, and to have it deleted, contact support@gregforgelabs.com with subject "Consumer Health Data Request".
8b. Automated processing and AI disclosure
The Vani chat feature uses automated processing and large language models to produce responses. The assistant is software, not a human; the App labels it as such. We do not use automated decision-making to make decisions that produce legal or similarly significant effects about you. We do not use your User Content to train our own machine-learning models. Where third-party AI providers are involved, see Section 4 and Section 7 of the Terms of Service.
8c. Cookies and similar technologies
The Jyotish Vani App is a mobile application, not a website, and does not rely on browser cookies. It uses on-device storage (an encrypted key-value store, AsyncStorage, and operating-system caches) to remember your birth profile, language, theme, chat history, and authentication tokens. The App may also use platform identifiers for authentication, crash diagnostics, entitlement checks, fraud prevention, and optional rewarded ads. For cookies set by our support website at gregforgelabs.com, see Cookies & Web Tracking.
9. Security
We use industry-standard safeguards including TLS encryption for data in transit, encryption at rest applied by our cloud and authentication providers, and least-privilege access controls. No system is perfectly secure; we encourage you to use a strong, unique password and to enable platform-level security features such as device passcodes and biometric unlock on your phone.
9a. Sensitive data and special categories
Birth date, time, and place are not themselves sensitive personal data under most laws, but in combination they can reveal information you may consider personal: approximate age, gender, ethnicity, or religious orientation. You provide this information voluntarily so the App can compute your chart. We do not use it to infer protected characteristics for any purpose other than producing astrological interpretations within the App, and we do not sell or share it for advertising, profiling, or any cross-context purpose.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated through the App.
11. Governing law
This policy is governed by the laws of the State of California, United States, without regard to conflict-of-laws principles, except where mandatory local law requires otherwise (including, for example, mandatory consumer-protection or data-protection rules in your country of residence).
12. Grievance Officer (India)
In compliance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Grievance Officer / point of contact for Indian users is reachable at support@gregforgelabs.com with the subject line "Grievance — Jyotish Vani". We acknowledge grievances within a reasonable time and aim to resolve them within the period prescribed by applicable Indian law.
13. Contact
Questions or privacy requests: support@gregforgelabs.com
Legal mail and service of process: Gregforge Labs LLC c/o ZenBusiness Inc., 2520 Venture Oaks Way Suite 120, Sacramento, CA 95833, United States.