Summary: Gotra Guru is invite-gated. We store genealogical and identity data only for verified members. We do not sell, share, or expose your data to any third party. Contact information is encrypted and never visible to other members.
1. What data we collect
We collect the following categories of data for members who have been invited and verified:
- Identity data: Full name (English + Devanagari), birth year, birth place, ancestral city/village, gender.
- Lineage data: Gotra, Pravara, Veda, Shakha, Sutra, Kuladevata, Kulaguru — the six sacred lineage layers.
- Family relationships: Parent, sibling, and child relationships, as entered by you or your introducer.
- Contact data: Mobile number and email address, used only for authentication and critical platform notifications.
- Authentication data: A hashed PIN, OTP codes (never stored after use), and session tokens.
- Usage logs: Login timestamps and IP addresses, for security audit only.
2. How data is stored
- All data is stored in a PostgreSQL database hosted on cPanel shared hosting in India.
- Mobile numbers and email addresses are encrypted at rest using AES-256 (pgcrypto). Unencrypted values are never written to disk.
- PIN values are hashed using bcrypt and are never stored in plaintext. PINs are never logged at any level.
- The database is not exposed to the public internet — access is restricted to the application server.
- Backups are encrypted. Backup files are accessible only to the platform operator.
3. Who can see your data
- Other members: Can see your name and Gotra only. No contact information is ever visible to other members.
- Community admins: Can see masked mobile (last 4 digits). Cannot see full mobile, email, or PIN.
- Super admin (platform operator): Can see full data for platform operations. Bound by this policy.
- Third parties: None. We do not sell, share, license, or otherwise transfer your data to any third party.
- Law enforcement: We will comply with lawful orders from Indian courts or competent authorities. We will inform you where legally permitted.
4. Data retention and deletion
Your data is retained for as long as you or your introduced family members hold an active account. If you wish to have your personal data deleted:
- Contact us at rajyogdelhi@gmail.com with the subject line "Data Deletion Request".
- We will process deletion requests within 30 days.
- Note: Lineage records connected to other living members may be retained in anonymised form to preserve family tree integrity.
5. Cookies and tracking
We use only a single server-side session cookie for authentication. We do not use third-party analytics cookies, advertising pixels, or tracking scripts. The Google Fonts CSS link loads fonts from Google's CDN — this is the only third-party request the platform makes.
6. Contact for privacy queries
For any privacy-related questions, data access requests, or deletion requests, contact us at rajyogdelhi@gmail.com or via the contact form.