Privacy Policy

Effective 2026-05-25

Kundlit (“we”, “us”) is operated by DATCRAZY LLP (GSTIN 22AASFD4221E1ZU), with registered office at 105, MM Silver Plaza, G.E. Road, Raipur, Chhattisgarh - 492001. This policy explains what data we collect when you use https://kundlit.com, why we collect it, who we share it with, and the rights you have over it. It is written to comply with the Digital Personal Data Protection Act, 2023 of India (the “DPDP Act”) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. What we collect

• Chart inputs — name, date of birth, time of birth, place of birth. Used to compute astrological results.
• Account data — email address and a hashed password (we never see your plaintext password). Optional: phone number, display name.
• Order data — service ordered, price, GST breakdown, billing address (for GST invoices), order status.
• Payment data — handled entirely by our payment processors (Razorpay, Stripe). We receive only a payment reference, a status, and the last four digits of the instrument. We do not store card numbers, UPI PINs, or CVVs.
• Server logs — IP address, user agent, referrer, and request path, retained for security and abuse-prevention purposes.
• Cookies — a strictly necessary session cookie for logged-in customers and your cart, plus optional analytics and marketing cookies that load only after you consent (see the “Cookies & Analytics” subsection below).

1a. Cookies & Analytics

We use a small set of measurement tools to understand how the site is used and to measure the effectiveness of our advertising. These load only after you grant consent through our on-site consent banner. Until you choose, they are blocked by default (Google Consent Mode v2, default-denied) and nothing is tracked.

• Google Analytics 4 (GA4) — governed by the Analytics consent category. Collects pseudonymous usage and behavioural data (pages viewed, events, approximate location, device and referrer) to help us improve the site.
• Microsoft Clarity — also governed by the Analytics consent category. Provides aggregate heatmaps and pseudonymous session replays (clicks, scrolls and navigation) so we can find and fix usability problems. It loads only after you grant Analytics consent; form input is masked by default.
• Google Ads and Meta Pixel — governed by the Marketing consent category. Used to measure ad conversions and reach relevant audiences. For Google Enhanced Conversions, any email or phone number is SHA-256 hashed in your browser before it is sent — we never transmit your raw email, phone number, or other plaintext personal data to these advertising platforms.
• Strictly necessary cookies (your login session and cart) are always on and are not part of these consent categories.

Your consent is required before any analytics or marketing tool runs, and you stay in control. The consent banner offers Accept all, Decline, and Customize (toggle Analytics and Marketing independently). To withdraw or change consent at any time, reopen the banner and choose Decline, or clear the stored consent choice in your browser — the banner will reappear and we will revert to the default-denied state with future effect.

2. Why we use it

• Compute astrological results and deliver paid reports.
• Authenticate you and keep your account and orders secure.
• Process payments and issue tax-compliant invoices.
• Provide customer support and process refunds.
• Detect, prevent, and respond to fraud or abuse.
• Comply with Indian tax, accounting, and consumer-protection law.

Under §6 of the DPDP Act, our lawful basis is the consent you give when you submit a form or place an order, together with the “legitimate use” ground for processing strictly necessary to fulfil the service you requested.

3. Who we share it with (data processors)

We do not sell your data. We share the minimum necessary data with the following processors:

• Razorpay Software Pvt. Ltd. — payment processing (India).
• Stripe Inc. — payment processing for international cards (US/EU).
• Hosting and email infrastructure providers — required to operate the site and send transactional emails (order confirmations, password resets).

4. How long we keep it

• Order and invoice records — eight (8) years, as required by the Indian GST Act and Companies Act.
• Account data — until you ask us to delete it (see §6 below), subject to the invoice-retention rule above.
• Chart inputs from one-off free-tool use — not stored on our servers beyond the immediate computation, unless you are signed in and explicitly save the result to your account.
• Server logs — ninety (90) days, then deleted.

5. Where we store it

Our primary servers are located in India. Payment processors may process data in India, the United States, and the European Union. When data leaves India, it is governed by the contractual safeguards published by those processors and the cross-border transfer provisions of §16 of the DPDP Act.

6. Your rights

Under §11–§14 of the DPDP Act (and, where applicable, GDPR Arts. 15–22) you have the right to:

• Access the personal data we hold about you.
• Correct it if it is inaccurate.
• Have it erased, subject to the retention obligations in §4 above.
• Withdraw consent at any time, with future effect.
• Nominate another person to exercise these rights on your behalf in the event of incapacity or death (§14 DPDP Act).
• Lodge a grievance with us, and escalate to the Data Protection Board of India if unresolved.

To exercise any of these rights, email [email protected] from the address on your account. We respond within thirty (30) days.

7. Security

The site is served over HTTPS. Passwords are stored as one-way hashes. Payment data never touches our servers. We follow the “reasonable security practices and procedures” standard prescribed by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the DPDP Act. If we ever suffer a data breach affecting your personal data, we will notify you and the Data Protection Board without undue delay, as required by §8(6) of the DPDP Act.

8. Children

We do not knowingly collect data from children under eighteen (18). If you are a parent or guardian and believe your child has provided us with personal data, contact us and we will delete it.

9. Changes

We may update this policy. Material changes will be announced on this page with a new effective date at least seven (7) days before they take effect.

10. Grievance officer

Under §10(2)(e) of the DPDP Act and Rule 5(9) of the IT (Intermediary Guidelines) 2021, our grievance officer is:

• Name: Purushottam Kiri
• Entity: DATCRAZY LLP
• Address: 105, MM Silver Plaza, G.E. Road, Raipur, Chhattisgarh - 492001
• Email: [email protected]

Acknowledgement within forty-eight (48) hours; resolution within thirty (30) days, as required by law.

See also: Terms of Service · Refund Policy · Contact