Esha← Home

Esha Privacy Policy

Effective: 13 June 2026 App: Esha Operator (Data Fiduciary under DPDP 2023): Solo individual (not a company). Operator legal name: Phanidhar Rao Madduri (sole proprietor), India. Operator country of residence: India. Primary regulatory framework: India Digital Personal Data Protection Act, 2023 (DPDP). Service area: Esha is not offered to individuals in the EU/EEA, the United Kingdom, or Switzerland — account creation from those regions is blocked (see §11). For California residents, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) applies to the extent its thresholds and provisions are applicable to the operator. Privacy contact (Data Protection Officer / Grievance Officer under DPDP §10): privacy@askesha.com (operator-monitored mailbox; replies issued from this address within the SLAs in §17). Public account-deletion page: https://askesha.com/delete-account


1. Plain-English summary

TopicPlain meaning
Who runs EshaA solo individual, not a company.
What we collectAccount: email + hashed password. Chart: name, birth date, birth time, birth place, latitude, longitude, timezone. Chat: your messages and AI replies. Activity: streaks, subscription tier, daily AI usage.
What we do not collectPhone numbers, contacts, photos, microphone or camera input, current GPS location, health-app data, payment-card numbers, government IDs, biometric data, browsing history outside Esha.
Why we use OpenAITo generate astrology readings and chat replies.
Selling your dataWe do not.
Ads / third-party analytics SDKsEsha does not run ads. Esha does not use any third-party analytics SDK (no Mixpanel, Amplitude, Firebase Analytics, PostHog, or Google Analytics) at version 1.0.
First-party usage telemetryEsha collects first-party usage telemetry events (screen views, feature opens, paywall interactions) linked to your user ID. This data improves product quality and is NEVER sold or shared with third-party analytics platforms. You can opt out in Profile → Privacy (default = off, per GDPR Art. 7(2)). See §3 for the schema.
Your controlYou can export everything we hold about you, delete a profile, or delete your entire account from inside the app at any time.
Minimum age18. Single global floor that satisfies India DPDP 2023 §2(f)/§9(1) (children defined as under-18 requiring verifiable parental consent), GDPR Art. 8 (highest member-state digital-consent ceiling is 16), and the adult-targeted nature of relationship/career/health astrology content.

This summary is informational only; the sections below control if there is any conflict.


2. Who Esha is

Esha is operated by Phanidhar Rao Madduri (sole proprietor), a solo individual based in India. References to "Esha," "we," "us," or "our" mean that operator and any service providers acting on the operator's behalf. There is no company, partnership, or limited-liability entity behind Esha at version 1.0. The operator is the Data Fiduciary under India DPDP 2023 §2(i). Esha is not offered to individuals in the EU/EEA, the UK, or Switzerland, and the operator does not designate itself a controller under those regimes; for California residents, CCPA/CPRA applies to the extent applicable.

The operator is also the named Grievance Officer for DPDP §10 purposes; complaints under DPDP and CCPA "right to know / delete / opt-out" requests all reach the same address listed at the top of this document.

If Esha later becomes operated by a legal entity, an acquirer, or a successor, this Privacy Policy will be updated and you will be notified before that change takes effect.


3. What we collect

We collect only what we need to run the product. Each row below maps to a real field in our database; nothing on this list is hypothetical.

CategorySpecific fieldsWhere it lives
AccountEmail address; hashed password (bcrypt); subscription tier (free / pro / premium); account creation timestampusers table
Age confirmation at registrationDate of birth used solely to enforce the minimum-age rule. Validated server-side and not persisted to the account record. If you exit the app between registration and the chart-onboarding step, the value is held briefly in your device's secure storage (iOS Keychain / Android Keystore — never plaintext on disk) so the onboarding flow can resume; it is cleared on completion or on logout.Validated in transit; transiently held in device secure storage if onboarding is paused
Birth profile(s)Profile name; birth date; birth time; birth place text; latitude; longitude; timezone; the computed astrological chartprofiles table
ChatEach message you send; each AI reply; session ID; profile ID; timestampchat_messages table
Auto-extracted life eventsTags such as "career change," "relationship," "loss," extracted from your chat content using keyword rules to give the AI relevant context for future replieslife_events table
Conversation summaries (cross-session memory)Per-conversation summaries generated AFTER a session ends: top topics, emotional tone, decisions you reached, follow-up hooks for next time, and a short prose summary. Used so Esha can pick up where you left off in your next conversation rather than starting cold. Up to the last 3 of these summaries are loaded as context when you next chat.conversation_digests table
StreakCurrent streak, longest streak, last check-in date, total check-insuser_streaks table
Rate-limit stateNumber of questions asked today, number of compatibility checks todayrate_limits table
Daily content cacheDaily insight, daily card, and daily digest payloads, keyed by profile and datedaily_insight_cache, daily_card_cache, daily_digest_cache
Family-plan slotsSlot ID, member user ID (if filled), action historyfamily_slot_changes
AI usage logsPer-call token counts (prompt, completion, total), endpoint, tier, model, timestamptoken_usage_logs table
Chat-quality evaluation (opt-in)A copy of your question and Esha's reply, plus computed quality signals (reply length, jargon flags, voice-drift summary, safety verdict), captured only if you have enabled usage telemetry (Profile → Privacy; default off). Used solely by the operator to measure and improve answer quality; never shared with third parties; deleted when you delete your account.ai_response_evals table
Crash & error diagnosticsStack traces and request metadata, sent to Sentry only if Sentry is enabled for the deployment. We do not send your chat content or birth data to Sentry.Third-party (Sentry)

We do not collect: phone numbers, contact lists, photos, microphone or camera input, current GPS location, Apple Health or Google Fit data, browsing history outside Esha, payment-card numbers, government IDs, or biometric data.

We do not use third-party advertising or analytics SDKs at version 1.0.

First-party usage telemetry (server-side analytics): Esha collects a curated allowlist of telemetry events — for example, today_screen_viewed, pillar_opened, chat_message_sent, paywall_viewed, subscription_purchase_initiated — linked to your user_id. The full allowlist lives in backend/main.py under TELEMETRY_EVENT_ALLOWLIST and is also visible to App Store / Google Play reviewers on request. The data is used to (a) measure feature adoption, (b) detect breakages (e.g. a screen that nobody can open), (c) inform product decisions. It is NEVER sold, NEVER shared with any third-party analytics service, and is silently dropped for users who opt out via Profile → Privacy. The default is off (opt-in only, per GDPR Art. 7(2)). See §10 (Retention) for storage duration.


4. Why we use it (purpose limitation)

PurposeData used
Calculate your astrological chartBirth date, birth time, birth place, latitude, longitude, timezone
Generate AI chat responsesYour message; recent chat history (up to ten messages); chart context; current dasha context; system prompts
Measure and improve answer quality (opt-in)A copy of your question + reply + computed quality signals — recorded only when you have enabled usage telemetry. Lawful basis: consent (Profile → Privacy; default off; you can withdraw anytime).
Maintain conversational continuity across sessions (personalization)Auto-extracted life-event tags from your chat content; conversation summaries from your previous sessions (top topics, emotional tone, decisions, follow-up hooks) — so Esha can pick up where you left off and reference what you've talked about before. Lawful basis: contract performance (Art. 6(1)(b) GDPR / DPDP §7(a)) — these features are core to the product you signed up for; you can opt out by deleting your account.
Personalize daily contentBirth profile + current date
Enforce minimum-age policyDate of birth at registration only (then discarded)
Operate accounts and sessionsEmail, hashed password, JWT
Apply rate limits and per-user daily AI-cost limitsrate_limits table + token_usage_logs table
Operate subscriptionsSubscription tier + free-trial timestamp; billing receipts handled by Apple, Google, and RevenueCat (mobile) and by Razorpay for web subscriptions on app.askesha.com
Detect crisis prompts and route to safe responsesYour message text matched against keyword patterns; no detection metadata is sent to third parties
Diagnose crashesSentry crash reports (only if Sentry is enabled)
Respond to your privacy or support requestYour contact email and the contents of your request

We do not use your data for automated decisions that produce legal or similarly significant effects. Esha's outputs are reflective content, not determinations.


5. AI processing — what OpenAI sees

Esha uses OpenAI to generate chat responses and structured interpretations.

When you chat with Esha, we send OpenAI:

  • Your message
  • Up to ten recent prior messages from the same conversation
  • Up to three short summaries of your previous conversations (top topics, emotional tone, decisions, follow-up hooks, prose summary) — so Esha can pick up where you left off rather than starting cold
  • Auto-extracted life-event tags relevant to your profile (career change, relationship, loss, etc.)
  • A compact, redacted snapshot of your chart (planetary placements, current dasha, the houses relevant to your question)
  • A system prompt that instructs the model how to behave
  • A response contract requiring the model to ground its reply in your chart

What we do not send to OpenAI:

  • Your email address
  • Your password (it is hashed and never leaves our database)
  • Numeric strength scores from internal calculations (these are redacted before transmission)
  • Crash diagnostics

OpenAI processes these inputs to produce a reply and may retain limited request metadata for safety, abuse prevention, and reliability under its own privacy terms. We do not control OpenAI's infrastructure.

Two important properties of how we use the model:

  1. Output validation. Every AI reply passes through an automated validator before you see it. It screens for answers that misplace a planet, misidentify a karaka, or claim a specific date for marriage, childbirth, death, or disease; such replies are regenerated or replaced with a safe response. This reduces, but does not eliminate, AI mistakes.
  2. Layered refusals. Requests for medical diagnosis, legal advice, financial advice, the date of someone's death, or harm to another person are designed to be refused before they reach the model. Questions about life timing such as marriage or children are answered as windows or tendencies rather than dates. No automated safety layer is perfect; treat every reply as reflection, not instruction.

You should not submit information to Esha that you do not want processed by an AI provider.


6. Third-party services we actually use

ProviderRoleData potentially processed
OpenAIAI inference for chat and structured interpretationsPrompt, redacted chart snapshot, recent chat context, technical metadata
RailwayHosting (US region) for the API server and Postgres databaseAll stored data, request logs, technical metadata
Apple App Store / Google PlayApp distribution and in-app purchasesSubscription / purchase metadata under their own terms
RevenueCatSubscription orchestration across Apple and Google billingApp user ID, product IDs, entitlement state, receipt metadata
RazorpayPayment processing for subscriptions purchased on the web app (app.askesha.com)Payment / subscription metadata, transaction identifiers, and the billing details you enter at checkout. We do not see or store your full card number; Razorpay handles card data under PCI-DSS.
Brevo (Sendinblue SAS) — transactional email (operator-configured email provider; EU-based, sends over its API)Sends account-verification, security, password-reset, rights-request, and (if ever needed) breach-notice emailsYour email address and the content of those messages
Sentry (only if SENTRY_DSN is configured for the deployment)Crash and error reportingStack traces, request metadata. No chat content. No birth data.
Expo Push (Apple APNs / Google FCM)Push notifications for daily contentDevice push token; notification body

We do not use Mixpanel, Amplitude, Firebase Analytics, PostHog, Google Analytics, or any other analytics SDK at version 1.0. We do not embed advertising SDKs of any kind. If we add any of these in the future, this Privacy Policy will be updated and you will be notified in-app before the change takes effect.


7. Data retention

DataHow long we keep it
Account, birth profiles, chat history, life events, conversation summaries, streak, daily cachesUntil you delete the chat, the profile, or the entire account, or until your account is suspended for abuse. We do not auto-delete this content on a fixed schedule.
Chat-quality evaluation rows (ai_response_evals, opt-in only)Deleted with your account; not retained after deletion completes.
Hashed passwordUntil account deletion
AI usage logs (token_usage_logs)Up to 24 months for cost accounting, abuse detection, and fraud prevention. We may retain aggregated, non-identifiable totals longer.
Crash diagnostics in Sentry (if enabled)Per Sentry's default retention; typically 30–90 days
BackupsStandard Postgres backup cycle; deletion from backups can lag the live system by up to 30 days
Family-plan slot change historyUp to 24 months for abuse prevention

When you delete your account, every row tied to your user_id in the tables listed in Section 3 is removed in a single database transaction, except backup snapshots which roll off naturally and aggregated cost totals where required for fraud and accounting purposes.


8. Your rights

RightHow to use it
Access / exportCall GET /api/v1/user/export from inside the app, or email the privacy contact. We return a JSON document containing your account, every birth profile, every chat message, every life event, every conversation summary, your streak, your daily caches, and an export timestamp.
Delete a single birth profileUse the in-app profile delete control, which calls DELETE /api/v1/profiles/{profile_id}.
Delete your entire accountUse the in-app account delete control, which calls DELETE /api/v1/user. You may also use the public page at https://askesha.com/delete-account or email the privacy contact.
Correct your dataEdit a birth profile in-app; recompute the chart if you change birth details.
Object to or restrict processingStop using the app and delete your account.
Withdraw consent for AI processingStop sending chat messages and delete your account. AI processing only happens when you initiate a chat.
Lodge a complaintYou may contact your local data-protection authority. We will cooperate with regulator inquiries.

We respond to verifiable rights requests within 30 days, or sooner where required by local law. We may need to verify your identity before fulfilling sensitive requests.


9. Account deletion

You can delete your account in three ways:

  1. In-app: Settings → Delete account (calls DELETE /api/v1/user).
  2. Web: https://askesha.com/delete-account.
  3. Email: the privacy contact below; we will verify and delete within 30 days.

Deleting your account does not cancel a paid subscription. Subscriptions are managed by Apple, Google, or RevenueCat under their own rules. To stop being billed, cancel the subscription in your App Store or Google Play account before deleting your Esha account.

After deletion, we retain only what is strictly necessary: aggregated cost-accounting totals, fraud signals, and backup snapshots that roll off naturally. We do not keep your chat content or birth profiles after deletion completes.


10. Children and minors (DPDP §9 / GDPR Art. 8 / COPPA)

Esha is intended for users 18 years of age and older. The app enforces this floor at registration: you cannot create an account if your supplied date of birth indicates you are under 18.

The 18-year floor is a single global rule that satisfies three independent regimes:

RegimeCitationWhat it requiresHow Esha meets it
India DPDP 2023§2(f) "child" = under 18; §9(1) verifiable parental consent for processing children's personal dataEither obtain verifiable parental consent OR refuse childrenRefuses registration under 18 — no children's data ever enters the system.
EU GDPRArt. 8 sets a member-state-configurable digital-consent age between 13 and 16; highest member-state floor (DE, NL) is 16A digital-consent age must be set; processing of under-floor users requires parental consent18 > 16, so the highest GDPR member-state floor is satisfied by construction.
US COPPA15 U.S.C. §6501(1) "child" = under 13Requires verifiable parental consent for under-13 collection; "child-directed service" framework18 > 13, so the service is outside COPPA scope by construction.

If a parent or guardian believes a person under 18 has nonetheless created an account (for example, by providing an inaccurate date of birth), please contact the privacy address at the top of this document and we will delete the account and all associated data.

Esha does not produce content intended to be sexual, exploitative, manipulative, or upselling toward minors. The app does not give marriage, fertility, or death timing for any user — adult or otherwise.


11. International transfers

Esha is not offered to users in the European Union, the European Economic Area, the United Kingdom, or Switzerland; account creation from those regions is blocked (app-store availability, marketing, and a signup geo-fence are all scoped accordingly). The GDPR / UK-GDPR mechanisms described below are retained purely as a matter of good practice for any data that nonetheless reaches us; they are not an offer of service to, or an assumption of controller obligations for, those regions.

Esha's production servers are hosted on Railway, in the US region. If you use Esha from outside the US — including from the EU, the UK, India, or anywhere else — your data is transferred to and processed in the US.

Specific transfer mechanisms by jurisdiction:

Source regionMechanismReference
EU/EEAEU Standard Contractual Clauses (Commission Decision 2021/914 of 4 June 2021, Module 1 controller-to-controller for Railway/OpenAI relationships; Module 2 controller-to-processor where the sub-processor acts on documented instructions) plus a Transfer Impact Assessment ("Schrems II" requirement); supplementary technical measures include TLS 1.2+ in transit, AES-256-GCM at rest for PII columns (AAD-bound; see §12).GDPR Art. 46(2)(c)
UKUK International Data Transfer Addendum to the EU SCCs ("UK Addendum", ICO IDTA published 21 March 2022), executed with each US-based sub-processor.UK GDPR Art. 46; DPA 2018 §17A
IndiaDPDP 2023 §16 allows transfer to any jurisdiction except those specifically restricted by the Central Government via notification. At v1.0 the US is not on any DPDP §16 restricted list.DPDP 2023 §16
CaliforniaCCPA / CPRA does not restrict cross-border transfers per se, but requires disclosure of "categories of personal information sold or shared" — none for Esha (we do not sell).Cal. Civ. Code §1798.100(c)

Sub-processors listed in Section 6 transfer and process data under their own contractual safeguards. Specifically:

  • OpenAI: US-based; DPA at https://openai.com/policies/data-processing-addendum executes the EU SCCs Module 2 (controller-to-processor) and UK Addendum on the operator's behalf.
  • Railway: US-based; provides DPA + SCCs to its customers under its Terms of Service.
  • Apple App Store / Google Play / RevenueCat: US-based; each maintains its own privacy posture for billing flows that the operator does not control.
  • Razorpay: India-based payment processor used for web-subscription billing on app.askesha.com. Card data is processed by Razorpay under PCI-DSS; Razorpay processes payment details under its own privacy policy (https://razorpay.com/privacy/) and the operator's merchant agreement. As an India-resident processor, Razorpay does not introduce an additional cross-border transfer for India-based users.
  • Sentry (if enabled): US-based; DPA available at https://sentry.io/legal/dpa/.
  • Expo Push (Apple APNs / Google FCM): Push tokens transit through Apple/Google infrastructure under their own terms.

12. Security

We use:

  • TLS for all traffic in transit
  • bcrypt password hashing (we never see your plaintext password after the moment you create or change it)
  • JWT-based session authentication with bounded lifetimes
  • Environment-isolated secrets (the JWT signing key is required to be present in production; the application will refuse to boot otherwise)
  • An admin endpoint guard requiring a separate admin token in production
  • Per-user daily message and AI-cost caps to prevent abuse
  • A deterministic AI output validator that blocks fact hallucinations and deterministic event-timing claims before they reach you

No system is completely secure. If we become aware of a personal-data breach affecting you, we will notify the relevant supervisory authority within the time window required by applicable law (72 hours under GDPR / UK GDPR for qualifying breaches) and notify affected users where the law requires direct notice.

You are responsible for the security of your device, your email account, your app-store account, and your Esha password.


13. AI accuracy and the nature of astrology

Esha is a reflective astrology product. Three things you must understand:

  1. AI outputs may be wrong. Even with our validation layers, AI replies may be inaccurate, incomplete, biased, outdated, or unsuitable for your situation.
  2. Astrology is not deterministic. Esha gives windows of activation and reflective patterns, never calendar guarantees. We screen the model's output for, and regenerate or replace, replies that claim a specific date for marriage, childbirth, death, or disease, and we refuse direct requests for the date of someone's death and for medical, legal, or financial determinations. These checks reduce but do not eliminate the risk of an over-confident reply.
  3. Esha is not professional advice. It is not medical, legal, financial, or psychological advice. For any of those, see a licensed professional.

14. Crisis and safety

If you tell Esha you are thinking about self-harm or suicide, the app will replace the astrology reply with a crisis response that lists helplines (US 988, UK Samaritans, India Tele MANAS, and a global pointer to local emergency services). The app cannot replace emergency services. If you are in immediate danger, call your local emergency number.

We do not share crisis-detection metadata with third parties.


15. No sale, no targeted advertising

We do not sell personal data. We do not run third-party ads. We do not share birth data, chat content, or chart data with anyone for advertising purposes. If this changes, we will update this Privacy Policy and obtain any consent required by law before the change takes effect.


16. Changes to this policy

We may update this Privacy Policy. The effective date at the top of the document changes when we do. Material changes — for example, adding a new third-party processor, changing retention defaults, or starting to use data for a new purpose — will be communicated in-app, or by an email to your account address, before the change takes effect.


17. Contact

For privacy questions, rights requests, or deletion requests: privacy@askesha.com

The operator is the named Grievance Officer for the purposes of DPDP 2023 §10 and the Data Protection Officer equivalent for other jurisdictions. Verifiable rights requests will be acknowledged within 7 days and completed within the timelines required by the applicable law (typically 30 days under GDPR Art. 12(3) / DPDP 2023 §11(2); 45 days under CCPA §1798.130(a)(2)).

If you do not receive a reply within 30 days, you may contact your local data-protection authority. For India users specifically, the Data Protection Board of India (https://www.dpb.gov.in once notified into operation under DPDP §28). For EU users, the supervisory authority of your member state of habitual residence (list at https://edpb.europa.eu/about-edpb/about-edpb/members_en). For UK users, the Information Commissioner's Office (https://ico.org.uk). For California residents, the California Privacy Protection Agency (https://cppa.ca.gov).