Introduction
This Privacy Policy explains how SenjoTech, LLC (“the Company,” “SenjoTech,” “we,” “us,” or “our”), the operator of the BodhiRishi.ai platform, collects, uses, stores, shares, and protects your personal information when you use BodhiRishi.ai, including our website, mobile applications, and related services (collectively, the “Service”).
We are committed to transparency about our data practices. Because our Service processes birth details and other information that may be considered sensitive, we apply heightened safeguards to this data as described below.
1. Legal Basis for Processing
We process your personal data under the following legal bases, as applicable under the EU General Data Protection Regulation (“EU GDPR”), the UK General Data Protection Regulation (“UK GDPR”) as retained under the Data Protection Act 2018, and other applicable data protection laws:
- Contract Performance: Processing necessary to provide the Service you requested (e.g., generating your Vedic chart from birth data you provide).
- Consent: Where required by law, we obtain your explicit consent before processing sensitive personal data such as birth details. You may withdraw consent at any time (see Section 9).
- Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving platform performance, preventing fraud), where those interests are not overridden by your rights.
- Legal Obligation: Processing necessary to comply with applicable laws and regulations.
2. Information We Collect
2.1 Information You Provide
When you create an account or use the Service, you may provide:
- Account information: name or display name, email address, and account credentials.
- Birth details: date of birth, time of birth, and location of birth, used for chart generation. We classify birth details as sensitive personal information and apply additional protections described in Section 5.
- User-generated content: questions, messages, or other inputs submitted to our AI assistant.
2.2 Information Collected Automatically
When you access the Service, we automatically collect:
- Device and connection information: IP address, browser type and version, operating system, and device identifiers.
- Usage data: pages visited, features used, timestamps, referring URLs, and interaction patterns.
- Cookies and similar technologies: as described in Section 10.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: Generating Vedic astrology charts, interpretations, and AI-powered responses based on your inputs.
- Account management: Authenticating your identity, managing your account, and providing customer support.
- Platform improvement: Analyzing usage patterns to improve functionality, fix bugs, and develop new features.
- Communications: Sending service-related updates, responding to inquiries, and (with your consent where required) sending promotional materials. You may opt out of promotional communications at any time.
- Security and fraud prevention: Detecting, investigating, and preventing unauthorized access, abuse, or other harmful activity.
- Legal compliance: Fulfilling legal obligations, responding to lawful requests, and enforcing our terms.
We do not sell your personal data to third parties. We do not use your personal data for automated decision-making that produces legal or similarly significant effects without human oversight.
4. AI Processing and Third-Party AI Services
Our Service uses artificial intelligence to generate Vedic astrology interpretations, respond to your queries, and (where you enable the voice feature) synthesise spoken audio of the assistant’s text response. This section explains how your data is handled in that context.
4.1 How AI Processing Works
When you submit inputs (including birth data and questions), they are transmitted to our AI processing systems to generate responses. When you enable voice playback, the text of the assistant’s response is additionally transmitted to a third-party text-to-speech provider so that it can be synthesised into audio and streamed back to you. Inputs are processed in real time and are not retained by the third-party AI providers beyond what is described below.
4.2 Third-Party AI Providers
We engage the following third-party AI providers, each acting as a data processor on our behalf and processing your data solely in accordance with our instructions to provide the Service:
4.2.1 Anthropic PBC — Astrological Interpretations and Chat
We use the Anthropic API, powered by Anthropic’s Claude large language model, to process your inputs and generate AI-powered Vedic astrology interpretations and chat responses.
Key data handling commitments by Anthropic under their Commercial Terms:
- No model training on your data. Anthropic does not use inputs or outputs submitted through its API to train its generative AI models. We have not opted in to any program that would permit such use.
- Data retention. Anthropic automatically deletes API inputs and outputs within 30 days of receipt or generation, except where retention is required to enforce its Usage Policy or comply with applicable law.
- Data Processing Addendum. Our use of the Anthropic API is governed by Anthropic’s Commercial Terms of Service, which incorporate a Data Processing Addendum (DPA) including EU Standard Contractual Clauses (SCCs) for international data transfers.
- Anonymised data. Data sent to Anthropic is anonymised before transmission. Anthropic has no way to associate any input or output with a specific user, account, or identity. Only the Company maintains the internal mapping necessary to associate AI-processed data with your profile.
You can review Anthropic’s applicable terms and policies at the following links:
- Commercial Terms of Service: https://www.anthropic.com/legal/commercial-terms
- Data Processing Addendum: https://www.anthropic.com/legal/data-processing-addendum
- Privacy Policy: https://www.anthropic.com/privacy
4.2.2 xAI Corp. — Voice (Text-to-Speech) Synthesis
When you enable voice playback in the chat interface, we use xAI Corp.’s Grok text-to-speech API to convert the assistant’s text response into spoken audio. xAI Corp. (“xAI”) acts as a data processor on our behalf and only receives data when you trigger voice playback.
Key data handling for the voice feature:
- What is sent. Only the text of the assistant’s response to be read aloud, together with a voice identifier and audio format. Because the assistant’s response may address you by your first name as displayed in the chat (for example, “Hi Anjali, here is your reading...”), your first name as it appears in that response may be transmitted to xAI as part of the text to be synthesised. This is the only context in which a personal identifier is sent to a third-party AI provider; we make this disclosure here so the exception to the anonymisation principle described in Section 4.2.1 is unambiguous.
- What is not sent. Birth details, person identifiers, account identifiers, session tokens, prior conversation history, and any internal mapping data are not transmitted to xAI.
- No model training. Under xAI’s API terms, inputs submitted through the paid API are not used to train xAI’s models. We use the paid API tier.
- Data retention. xAI may retain API inputs for service operation, safety, and abuse prevention as described in its Privacy Policy.
- International transfers. xAI offers Standard Contractual Clauses for EU/UK data transfers via its Data Processing Addendum.
- Optional feature. Voice playback is opt-in on a per-message basis. If you never tap the “Listen” control on a message, no data is sent to xAI.
You can review xAI’s applicable terms and policies at the following links:
- Terms of Service: https://x.ai/legal/terms-of-service
- Privacy Policy: https://x.ai/legal/privacy-policy
- Data Processing Addendum: https://x.ai/legal/data-processing-addendum
4.3 Conversation Logging
AI conversations are stored on our platform and retained until you choose to delete them. You may delete conversations at any time by:
- Selecting and deleting individual conversations from your conversation history.
- Deleting your profile.
- Deleting your account entirely.
Stored conversations are secured using the measures described in Section 6. Access is restricted to authorized personnel for the purposes of customer support, safety monitoring, and abuse prevention.
4.4 AI Model Training
We do not use your personal data to train any AI models (whether our own or third-party) without your separate, explicit, informed consent. If we seek such consent in the future, we will clearly explain what data would be used, for what purpose, and how to opt out.
4.5 Limitations of AI Outputs
AI-generated content is provided for informational and self-reflection purposes only. It does not constitute medical, legal, financial, psychological, or other professional advice. See Section 13 for our full disclaimer.
5. Sensitive Data: Birth Details
Birth details (date, time, and location of birth) are central to the Service and may be considered sensitive personal information under applicable data protection laws. We apply the following additional safeguards:
- Explicit consent: We collect birth details only with your explicit, informed consent, obtained through an affirmative opt-in mechanism (not implied by usage).
- Purpose limitation: Birth details are used solely for generating Vedic astrology charts and related interpretations. They are not used for profiling, marketing, or any unrelated purpose.
- Minimized access: Access to birth details is restricted to systems and personnel strictly necessary to deliver the Service.
- Enhanced encryption: Birth details are encrypted at rest and in transit.
- Deletion: Birth details are stored as part of your account data. Because birth details are integral to your chart and interpretation history, deletion of birth details requires deletion of your account. You may request account deletion at any time (see Section 9).
6. Data Storage and Security
We implement technical and organizational measures designed to protect your personal information, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
- Hosting on secure cloud infrastructure with industry-standard certifications.
- Role-based access controls with least-privilege principles.
- Regular security assessments and vulnerability testing.
- Incident response procedures (see Section 6.1).
No system is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.
6.1 Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required under EU GDPR and UK GDPR where applicable). For UK residents, the relevant authority is the Information Commissioner’s Office (ICO). We will notify affected individuals without undue delay. Where CCPA applies, we will notify affected California residents as required by law.
7. Sharing of Information
We share your personal data only in the following circumstances:
7.1 Service Providers (Data Processors)
We engage third-party companies to perform functions on our behalf. These processors are contractually bound to use your data only as instructed and to maintain appropriate security measures. Our current service providers include:
- Anthropic PBC — AI processing (chat interpretations) via the Anthropic API (United States). See Section 4.2.1 for details.
- xAI Corp. — Text-to-speech audio synthesis when voice playback is enabled (United States). See Section 4.2.2 for details, including the limited circumstances in which your first name may be transmitted.
- Latitude.sh — Cloud hosting, application servers, and database infrastructure (United States).
- Stripe, Inc. — Payment processing and subscription billing (United States). Stripe receives your name, email address, billing address, and payment-card details directly from you at checkout; the Company does not store full card numbers.
- Mailgun — Transactional email and newsletter delivery (name and email address only).
- Google LLC — Optional “Sign in with Google” identity service (United States). When you use Google sign-in, Google receives the OAuth authorisation request; the Company receives only your verified email address and basic profile information.
7.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process (e.g., a court order, subpoena, or government request). Where permitted, we will notify you before making such a disclosure.
7.3 Business Transfers
If the Company is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your data becomes subject to a different privacy policy.
We never sell personal information. We do not share personal data with third parties for their own marketing purposes.
8. International Data Transfers
The Company is based in the United States and does not have an establishment in the European Union. Our servers and service providers are located in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States.
If you are located in the EU/EEA or UK, we ensure appropriate safeguards are in place for international data transfers, including:
- EU/EEA residents: Standard Contractual Clauses (SCCs) approved by the European Commission, as incorporated in each US-based processor’s Data Processing Addendum (including Anthropic’s DPA for chat AI, xAI’s DPA for voice synthesis, and equivalent SCC-based safeguards for our other US-based processors).
- UK residents: The UK Addendum to the EU Standard Contractual Clauses, as approved by the UK Information Commissioner’s Office (ICO), or the International Data Transfer Agreement (IDTA) where applicable.
- Adequacy decisions where applicable.
By using the Service, you acknowledge that your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. You may request a copy of the applicable transfer safeguards by contacting us at the address in Section 15.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
9.1 Rights Under EU GDPR and UK GDPR (EU/EEA/UK Residents)
If you are located in the EU/EEA, your rights arise under the EU General Data Protection Regulation. If you are located in the United Kingdom, your rights arise under the UK GDPR (retained under the Data Protection Act 2018). In both cases, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (“right to be forgotten”). Note: deletion of birth details requires deletion of your account, as described in Section 5.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: Withdraw consent at any time for processing based on consent. Withdrawal does not affect the lawfulness of processing performed before withdrawal.
- Lodge a complaint: File a complaint with your local data protection supervisory authority. For UK residents, this is the Information Commissioner’s Office (ICO) at ico.org.uk.
9.2 Rights Under CCPA/CPRA (California Residents)
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to delete: Request deletion of personal information we have collected.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your rights.
9.3 How to Exercise Your Rights
Submit requests to: support@bodhirishi.ai
We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA/CPRA). We may request verification of your identity before processing a request. If we need additional time, we will inform you of the reason and extension.
If you withdraw consent for processing birth details, your account and all associated data (including birth details, chart history, and conversation history) will be deleted, as birth details cannot be separated from your account. You may continue to access the Service by creating a new account.
10. Cookies and Tracking Technologies
We use cookies and similar technologies for the following purposes:
- Strictly necessary cookies: Required for authentication, security, and core platform functionality. These cannot be disabled.
- Analytics cookies: Help us understand how users interact with the Service (e.g., page views, feature usage).
- Preference cookies: Remember your settings and preferences.
We do not use advertising or cross-site tracking cookies.
10.1 Cookie Consent
Where required by law (including under the EU ePrivacy Directive and the UK Privacy and Electronic Communications Regulations 2003 (PECR)), we obtain your affirmative consent before setting non-essential cookies. You can manage your cookie preferences through our cookie consent banner or by contacting us. You may also control cookies through your browser settings, though disabling certain cookies may affect platform functionality.
11. Data Retention
We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law. Our standard retention periods are:
| Data Category | Retention Period | Notes |
|---|---|---|
| Account information | Duration of account | Deleted upon account deletion request |
| Birth details | Duration of account | Deleted upon account deletion; cannot be deleted independently |
| AI conversations | Until user-initiated deletion | User may delete individual conversations, their profile, or their account |
| Usage/analytics data | 12 months | Aggregated and anonymized after retention period |
| Server/security logs | 90 days | Retained for security and legal compliance |
| Legal hold data | As required by law | May extend other retention periods |
You may request deletion of your data at any time by contacting us. We will process deletion requests in accordance with the timelines in Section 9.
12. Children’s Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will take prompt steps to delete that information.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the address in Section 15.
13. Astrology Disclaimer
All Vedic astrology charts, interpretations, and AI-generated content provided through BodhiRishi.ai are for informational and self-reflection purposes only. They do not constitute and should not be relied upon as medical, legal, financial, psychological, or any other form of professional advice.
You should not make significant life decisions based solely on astrological interpretations. If you need professional advice, please consult a qualified professional in the relevant field.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will post the updated Policy on this page with a revised “Last Updated” date.
- For material changes, we will notify you by email (if you have an account) or by prominent notice on the Service at least 30 days before the changes take effect.
- Where required by law, we will obtain your consent to material changes.
Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy. If you do not agree with any changes, you should discontinue use of the Service and request deletion of your data.
15. Contact Information
For privacy questions, data requests, or complaints:
Company: SenjoTech, LLC
Platform: BodhiRishi.ai
Email: support@bodhirishi.ai
The Company does not have an establishment in the European Union or the United Kingdom. EU/EEA and UK residents may contact us directly at the email address above for any data protection inquiries.
If you are a UK resident and are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: ico.org.uk
Helpline: 0303 123 1113
If you are an EU/EEA resident, you have the right to lodge a complaint with your local data protection supervisory authority.