Privacy Policy
Last updated: 23 May 2026
Vaastulokam (“the App”, “we”, “us”) helps users analyse residential and commercial floor plans through Vaastu Shastra principles. This policy explains what we collect, how we use it, and the rights you have.
The published version of this policy lives at https://vaastulokam.com/privacy.html. If there is any conflict between an in-app copy and this published version, this published version controls.
1. Information We Collect
1.1 Account information
- Google account display name, email address, and profile photo obtained when you sign in with Google Sign-In / Credential Manager.
- A unique Firebase Authentication user ID.
1.2 Floor plans and consultation content
- Floor plan images you upload, draw, or capture inside the app.
- Annotations, room labels, dimensions, and notes you attach to a plan.
- Chat messages exchanged with the AI assistant about your plans.
- Metadata about each consultation: timestamps, status, queue position, cost in coins, and refund state.
1.3 Wallet and purchases
- Wallet balance and transaction history (coin top-ups, deductions, refunds, welcome bonuses).
- Google Play Billing receipts (order ID, SKU, purchase token). We do not see your card or bank details — Google Play handles payment processing.
1.4 Device and diagnostic information
- Firebase Cloud Messaging (FCM) push notification token.
- Device model, OS version, app version, locale, time zone — collected by Firebase Crashlytics and Firebase Analytics.
- Crash reports, ANRs, and non-fatal exceptions (Crashlytics).
- Anonymous usage events (Firebase Analytics).
1.5 Advertising identifier (AD_ID)
The app declares the AD_ID permission so Firebase Analytics on Android 13+ can read your
advertising ID for aggregated, non-personal reporting only. We do not serve targeted ads
inside the app and we do not sell or share this identifier with advertising networks.
You can reset or limit this ID in your device settings.
1.6 Voice and microphone
The Live Vaastu Compass uses your device microphone to recognise the room name you call out (e.g. “Kitchen”, “Pooja Room”). Speech recognition runs through the Android speech service on the device. We do not store or upload your raw audio.
2. How We Use Your Information
- Provide the core service: render your floor plan, run AI Vaastu analysis, deliver consultation responses, send follow-up replies.
- Maintain your account, wallet, and consultation history.
- Send you push notifications about consultation status and new follow-up messages (only after you grant the notification permission).
- Improve detection, recommendations, and reliability through aggregated metrics and crash reports.
- Comply with legal obligations and prevent abuse.
We do not use your floor plans, chats, or personal data to train third-party foundation models. AI requests are routed to the model provider for inference and discarded after the response is returned.
3. Third-Party Services
| Service | Data shared | Purpose |
|---|---|---|
| Firebase Authentication (Google) | Google ID token, UID | Sign-in |
| Cloud Firestore (Google) | Account, consultations, wallet | Storage |
| Cloud Functions for Firebase (Google) | API calls + payloads | Backend |
| Cloud Storage for Firebase (Google) | Floor plan images | Storage |
| Firebase Cloud Messaging (Google) | FCM token, message payload | Push notifications |
| Firebase Crashlytics (Google) | Crash stack, device info | Reliability |
| Firebase Analytics (Google) | Anonymous events, AD_ID | Aggregated analytics |
| Firebase App Check + Play Integrity (Google) | Device attestation | Anti-abuse |
| ML Kit on-device (Google) | Image pixels | On-device detection only — never uploaded |
| Google Play Billing (Google) | Purchase token, SKU | In-app purchases |
| Meta SDK (initialised lazily) | Install/launch event, anonymous device hash | Attribution if you arrived from a Meta ad |
ML Kit detection runs entirely on-device. The Meta SDK is not initialised at app start. It only initialises after you have signed in. If you do not want any Meta SDK activity, sign out and uninstall the app.
4. Data Retention
- Account data and active consultations: retained while your account exists.
- Wallet ledger: retained while your account exists for audit purposes.
- Crash and analytics data: retained per Firebase defaults (typically 14–60 months depending on the dataset).
- Backups: image originals in Cloud Storage are retained until you delete the consultation or your account.
5. Account Deletion
- In-app: Profile → Delete Account → confirm. The app calls our
deleteAccountCloud Function, which removes your Firestore data, Cloud Storage files, FCM tokens, and Firebase Auth user. - Web: request deletion at https://vaastulokam.com/delete-account.html. We will process the request within 30 days and email you a confirmation.
A small amount of de-identified analytics data may remain in aggregate form and is no longer linkable to you.
6. Children
Vaastulokam is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has used the app, contact us to have the data removed.
7. Your Rights (GDPR, India DPDP, CCPA, etc.)
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data (“right to be forgotten”).
- Object to or restrict processing.
- Receive a copy of your data in a portable format.
- Withdraw consent (e.g. for analytics or notifications).
- Lodge a complaint with a supervisory authority.
To exercise these rights, contact us at the address below. We respond within 30 days.
8. Security
- All traffic between the app and our backend is encrypted in transit (TLS 1.2+).
- Firebase services encrypt data at rest using AES-256.
- Backend access is restricted via IAM roles and Firebase Security Rules.
- The app enforces App Check (Play Integrity) so only the genuine signed app can call our APIs.
- The app disables full-data ADB backups (
allowBackup=false) and restricts auto-backup to non-sensitive resources.
No system is perfectly secure. If you discover a vulnerability please report it responsibly to the contact below.
9. International Transfers
Firebase services may process data in regions outside your country (typically the United States and EU). Google’s Standard Contractual Clauses and equivalent transfer mechanisms apply.
10. Changes to this Policy
We will update this policy when we add features, change processors, or respond to regulatory changes. Material changes will be announced in-app or by email. Continued use of the app after the effective date constitutes acceptance.
11. Contact
- Email: privacy@vaastulokam.com
- Postal: Vaastulokam, Bengaluru, India
- Web: https://vaastulokam.com
If you are in the EU/UK and need to reach a representative under Article 27 GDPR, email the address above and we will route the request appropriately.