Privacy Policy
Divyana Inc. (“Divyana,” “we,” “us,” or “our”) operates the Divyana mobile application (“App”) and the website at divyana.ai (the “Site”). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the App or the Site.
Contact: support@divyana.ai
Website: https://divyana.ai
Summary: How Divyana uses third-party AI services
What data we send. When you use AI-powered features (your personal Divyana AI chat, journal reflections, dream interpretation, daily summaries, and semantic journal search), we send the text of your messages or journal/dream entries, recent AI chat history, and aggregated context (such as your Divyana Score pillar values and a short astrological summary). We do not send your full name, email, payment information, device push token, or raw Apple Health values.
Who we send it to. We use two named third-party AI providers: Anthropic, PBC (Claude models, used for AI chat, reflections, dream interpretation, and daily summaries) and OpenAI, L.L.C. (used only to generate vector embeddings for in-app semantic search across your own journal entries). Their privacy policies are available at anthropic.com/legal/privacy and openai.com/policies/privacy-policy.
Your permission. Before any of your data is sent to these AI providers, the App presents an in-app consent screen that names the providers, explains what is sent, and requires your explicit agreement. AI features are disabled until you accept. You can revoke consent at any time from Profile > Privacy > AI Services; revoking consent disables AI features and stops further data from being sent to AI providers.
Equal protection. Both Anthropic and OpenAI are contractually bound, under their enterprise API terms, to protect your data with the same or equivalent level of protection that Divyana provides under this Privacy Policy. Specifically: they do not use your content to train their models, they do not sell or share your content, and they retain content only for the limited periods required to operate the API and meet abuse-detection obligations under their published policies.
1. Information We Collect
1.1 Account Information
- Email address (required for authentication)
- Display name and profile avatar (optional)
- Authentication provider identifier when you sign in with Apple or Google (we receive your email and a stable user identifier; we do not receive your Apple or Google password)
1.2 Birth & Astrological Profile
- Date of birth, time of birth, and place of birth
- Used to generate your natal chart, Western and Vedic astrological profiles, planetary positions, and Fortune timing windows
- Stored as your Esoteric Profile within the App
1.3 Health and Wellness Data (Optional)
If you choose to connect Apple Health, we may access the following data types with your explicit permission. You can grant or revoke access at any time from Profile > Data Sovereignty or from your iOS Settings > Privacy > Health.
Core Health Metrics (synced continuously):
- Step count and active energy burned
- Heart rate and resting heart rate
- Heart rate variability (HRV)
- Exercise minutes
- Sleep analysis
Additional Vitals (synced on request):
- Blood oxygen (SpO2)
- Respiratory rate
- Body temperature
- Blood pressure (systolic and diastolic)
Body Composition:
- Body mass (weight)
- Body fat percentage
Mindfulness & Nutrition:
- Mindful session data
- Dietary energy (calories), protein, carbohydrates, fats, fiber
Apple HealthKit Commitment:
- HealthKit data is used solely to provide and improve the App's wellness features
- HealthKit data will never be used for advertising, marketing, or sold to data brokers
- HealthKit data will never be shared with third parties except as required to deliver the core service (see Section 4)
- HealthKit data will not be used to build advertising profiles
- Raw HealthKit values are kept inside your secure account; only summarized scores (such as your Body pillar score) and short, derived context (e.g., “your sleep quality has been low this week”) are passed to AI providers to generate personalized insights
1.4 Journal, Mind & AI Chat Content
- Voice recordings and text journal entries you create within the App
- Dream journal entries and interpretations
- AI-generated insights, reflections, and sentiment analysis based on your entries
- AI chat conversation history with your personal Divyana AI, including the messages you send, model responses, the AI model used, and any rating or feedback you provide on a response
Voice recordings are stored in your secure account. The text content of your journal entries, dream entries, and AI chat messages — together with relevant context such as your astrological profile and aggregated pillar scores — is sent to our third-party AI providers (Anthropic and OpenAI; see Section 4) only after you have granted in-app consent, in order to generate reflections, dream interpretations, semantic search results, and personalized chat responses. Anthropic and OpenAI do not use your content to train their own models. Divyana may use your content (where feasible, in de-identified or aggregated form) to improve our own models, scoring, and product quality.
1.5 Goals, Life Areas & Rituals
- Personal goals and progress tracking data you enter
- Life area scores and focus areas (e.g., career, relationships, health)
- Custom daily rituals you create
1.6 Location Data
- Current location: Used for real-time weather, air quality, pollen count, and geomagnetic data to provide your World pillar insights. Accessed only while the App is in use (foreground only). Approximate coordinates (latitude and longitude) are sent to the third-party environmental data providers listed in Section 4.
- Birth location: Collected during onboarding via Google Places Autocomplete. Used exclusively to calculate your astrological chart coordinates. Stored as part of your Esoteric Profile.
1.7 Subscription & Purchase Data
- Subscription tier (Seeker, Mystic, or Sovereign) and expiration date
- In-app purchase receipt data, validated with Apple's servers
- No full payment card or financial information is stored by Divyana — all payments are processed exclusively by Apple
1.8 Device, Usage & Product Analytics
- Device model, iOS version, and app version
- Crash logs and performance data (collected anonymously and aggregated)
- App feature usage events (such as screen views, onboarding step completions, and feature taps), captured through Mixpanel for product analytics
- Mixpanel events are linked to your account identifier so we can measure how features are used across your sessions, but they do not include the substance of your journal entries, AI chat messages, health values, or birth chart. IP-based geolocation is disabled on these analytics events.
- You can disable product analytics at any time from Profile > Privacy in the App. The opt-out is remembered on your device and prevents further events from being sent.
1.9 Local Device Storage
- Sync anchors for Apple Health incremental data fetching (stored locally on your device using MMKV)
- Encrypted session tokens stored on your device using AES-256 encryption (LargeSecureStore)
- Biometric authentication data (Face ID / Touch ID) is managed entirely by iOS and never accessed or stored by Divyana
1.10 Notifications
- If you enable push notifications, we register your device push token via the Expo Push Service so we can deliver Divyana Score alerts, morning rituals, and wellness reminders. Push tokens are stored in encrypted form in our database.
- Quiet hours are enforced server-side (no notifications between approximately 11 PM and 6:30 AM in your local time)
- You can disable notifications at any time from iOS Settings or the App
1.11 Community Safety Data
When you submit a content report or block another user, we record: who reported whom, the reported content (snapshotted at the time of report so it survives later deletion), the reason you selected, and the timestamp. Block records contain only the two user IDs and the time. This data is used solely to operate the moderation workflow described in our Terms of Service and is retained for the duration described in Section 7.
1.12 Site Data (divyana.ai)
When you visit divyana.ai or interact with our waitlist, referral, or invite pages, we collect:
- The email address and any optional fields you submit on the waitlist form, along with the platform you signed up for and (where applicable) the referral or invite token used to reach the form
- Standard server log data on inbound requests for security, fraud prevention, and rate-limiting purposes
- Aggregated, first-party performance metrics (such as Core Web Vitals) collected by Vercel Analytics to help us keep the Site fast and reliable
The Site does not run third-party advertising pixels (no Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, or similar). Where we use a CAPTCHA service to prevent automated abuse on signup forms, that service may receive standard browser metadata for fraud detection and is governed by its own privacy policy.
2. How We Use Your Data
We use your information to:
- Calculate your daily Divyana Score and personalized wellness insights across four pillars: Spirit, Body, Mind, and World
- Generate and maintain your astrological profile and Fortune timing windows
- Provide body and health metrics analysis and trends
- Deliver environmental context (weather, air quality, pollen, geomagnetic data)
- Process voice journal entries, generate AI reflections, and power semantic search across your entries
- Power your personal Divyana AI chat with personalized, cross-pillar context
- Track your goals, life areas, and custom rituals
- Send push notifications you have opted into
- Validate and manage your subscription status
- Improve the App, diagnose issues, and fix bugs
- Review the quality and safety of AI-generated responses (see Section 5)
- Review user-submitted content reports and enforce our community standards (see Section 9 of the Terms of Service)
- Operate, secure, and improve the divyana.ai website and waitlist
We do not sell your personal data. Ever.
We do not use your data for targeted advertising or cross-app tracking.
3. Data Storage and Security
- All account data is stored on Supabase infrastructure, with encryption in transit (TLS) and at rest (AES-256)
- Authentication is handled via Supabase Auth using industry-standard practices including PKCE (Proof Key for Code Exchange) for OAuth flows. We support Sign in with Apple, Google Sign-In, and email-based magic links.
- Row-Level Security (RLS) is enforced at the database level — you can only access your own data
- Session tokens are stored in AES-256 encrypted local storage on your device
- Journal entries, dream entries, and AI chat messages are processed by AI services to generate reflections, interpretations, and semantic search embeddings (see Section 1.4 for how Divyana and our third-party providers use this content)
- Apple Health data synced to your account is not shared with third parties except as described in Section 4
- Vector embeddings generated from your journal entries are used solely for in-app semantic search and personalized AI context; they are not shared externally
4. Third-Party Services
We share the minimum necessary data with the following service providers to operate the App and the Site. Each operates under its own privacy policy. Each provider is contractually bound to protect your data with the same or equivalent level of protection that Divyana provides under this Privacy Policy, and we do not permit any of these providers to use your data for their own advertising or marketing purposes. AI providers, in particular, do not use your content to train their models.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Cloud database, authentication, storage, and serverless functions | All account data, health metrics, journal entries, AI chat history, preferences |
| Apple — HealthKit, App Store, Sign in with Apple, Push Notifications | On-device health data access, subscription billing and validation, identity, push delivery | Permission-gated HealthKit data, App Store receipts, Apple-issued user identifier, device push token |
| Google — Sign-In, Places API | Google sign-in option, birth location autocomplete during onboarding | Email and stable user identifier (sign-in); place-name search query (Places) |
| Anthropic, PBC (Claude) — third-party AI service anthropic.com/legal/privacy | AI chat, journal reflections, dream interpretation, daily summaries, and other AI-generated insights | After in-app consent only: the text of your prompts, recent chat history, journal/dream content you ask to be analyzed, and aggregated context (such as pillar scores and a short astrological summary). Anthropic does not use API content to train its models. We do not send your name, email, payment information, push token, or raw Apple Health values. |
| OpenAI, L.L.C. — third-party AI service openai.com/policies/privacy-policy | Generating vector embeddings for in-app semantic search across your own journal entries (using text-embedding-3-small). We do not use OpenAI for chat generation. | After in-app consent only: journal entry text submitted for embedding. OpenAI does not use API content to train its models. We do not send your name, email, payment information, push token, or raw Apple Health values. |
| OpenWeather, Tomorrow.io, Google Pollen API, NOAA | Weather, air quality, pollen forecast, and geomagnetic (K-index) data for your World pillar | Approximate latitude and longitude only; no account identifier |
| Expo Push Service | Delivery of push notifications | Device push token and the notification payload |
| Mixpanel | Anonymous product analytics — feature usage, screen views, onboarding flow | Event names and event properties tied to your account identifier; no journal text, AI chat content, health values, or birth chart. IP geolocation is disabled. |
| Resend | Transactional email delivery (welcome, account deletion confirmation, data export, password and subscription notices, waitlist communications) | Your email address and the contents of the email we send to you |
| Vercel | Hosting of divyana.ai and first-party performance metrics (Vercel Analytics) | Standard request metadata and aggregated, first-party Web Vitals |
We may add or change service providers as the product evolves. When we do, we will update this Section 4 and, where the change is material, notify you in accordance with Section 10. If a change adds a new third-party AI service, we will request renewed in-app consent before any of your data is sent to that new provider.
5. AI Quality & Safety Review
To improve the quality, accuracy, and safety of AI-generated responses, Divyana operates an internal review process:
- Automated review. AI chat responses are checked by an automated system to flag possible inaccuracies. Responses you rate negatively, or sessions our system flags for safety-relevant content, are queued for further review.
- Periodic quality scans. A small sample of recent flagged sessions is reviewed by an AI model (Anthropic's Claude) to suggest improvements to our system instructions and safety guardrails. This review focuses on our own prompt design, not on you. Suggested changes are reviewed by Divyana staff before any update is applied.
- What this means in practice. Some of your AI chat content may be re-processed by our AI provider as part of this quality review. It is treated under the same confidentiality terms as your live chat and is not shared outside Divyana and its named providers (see Section 1.4 for how content may be used to improve Divyana itself).
- Human access at Divyana. A limited number of authorized Divyana staff may review flagged content for safety or debugging purposes. Access is logged.
6. Your Rights and Choices
6.1 Control Your Integrations
- AI Services Consent: Granted on first use of any AI feature via an in-app consent screen, and revocable at any time from Profile > Privacy > AI Services. Revoking consent disables AI features and stops further data from being sent to AI providers.
- Apple Health: Revoke access at any time via iOS Settings > Privacy & Security > Health > Divyana, or from Profile > Data Sovereignty in the App
- Location: Disable location access at any time via iOS Settings > Privacy & Security > Location Services > Divyana
- Push Notifications: Disable at any time via iOS Settings > Notifications > Divyana
- Granular Health Data Controls: Toggle individual data types (sleep analysis, HRV, nutrition/weight) on or off from Profile > Data Sovereignty
- Product Analytics: Disable Mixpanel event collection from Profile > Privacy in the App
- Marketing Email: Each marketing or waitlist email contains an unsubscribe link; transactional emails (such as account deletion confirmation) cannot be unsubscribed from while you have an active account
6.2 Access Your Data
Use Profile > Export My Data in the App to receive a JSON copy of the personal data we hold about you, delivered to your email as a time-limited secure link. You may also email support@divyana.ai to make a request.
6.3 Delete Your Data
Request complete deletion of your account and all associated data:
- In-app: Profile > Delete Account
- By email: support@divyana.ai
All personal data is permanently deleted within 30 days of your request.
6.4 Opt Out of Optional Features
You can use the App without granting AI Services consent, without connecting Apple Health, and without enabling location access, though some features will be limited or unavailable.
6.5 California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell (we do not sell your data)
- Delete personal information we have collected, subject to certain exceptions
- Opt out of the sale or sharing of personal information (we do not sell or share for advertising)
- Non-discrimination — we will not discriminate against you for exercising your privacy rights
- Correct inaccurate personal information
To exercise these rights, contact us at support@divyana.ai with the subject line “California Privacy Request.”
6.6 International Users
Divyana is operated in the United States, and our AI service providers and most of our other infrastructure providers are located in the United States. If you access the App or the Site from outside the United States, your data will be transferred to and processed in the United States. By using the App or the Site, you consent to this transfer.
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar privacy laws (including users protected by India's Digital Personal Data Protection Act), you may have additional rights under your local law — including rights of access, correction, deletion, restriction, and objection. Contact us at support@divyana.ai to exercise them.
7. Data Retention
- We retain your data for as long as your account is active
- If you delete your account, all personal data is permanently deleted within 30 days
- Apple Health data synced to your account is deleted along with your account
- Content reports and block records are retained for up to 24 months after resolution to enforce repeat-offender bans and respond to legal requests; content snapshots are deleted along with the report once it is resolved unless retention is required by law
- Anonymized, aggregated data (e.g., aggregate wellness trend statistics with no personally identifiable information) may be retained for product analytics
8. Children's Privacy (COPPA)
Divyana is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@divyana.ai and we will delete that information promptly.
Users between 13 and 17 years of age may only use the App with parental consent.
9. No Cross-App Tracking
Divyana does not track you across third-party apps or websites for advertising purposes. We do not participate in cross-app data sharing for advertising or marketing. Apple's App Tracking Transparency (ATT) framework applies — if we ever implement tracking, we will request your explicit permission first.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email at least 30 days before the change takes effect. Continued use of the App after changes constitutes acceptance of the revised policy. The “Last Updated” date at the top of this page reflects the most recent revision.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy:
Email: support@divyana.ai
Website: https://divyana.ai
Mailing Address: Divyana Inc., Georgia, United States