Privacy Policy
Version 1.1 · Last updated: 27 June 2026 · Data Fiduciary: 93 Communications, Plot No 20, Block H-1/A, Sec-63, Noida, UP 201301
Table of contents
1. Introduction
This Privacy Policy explains how 93 Communications (“Fliyp”, “we”, “us”, “our”) — the Data Fiduciary/Controller — collects, uses, shares, and protects your personal data when you use the Fliyp application, website, and related services (the “Service”).
Fliyp provides personalised astrology-based insights delivered via calendar events, push notifications, and email. WhatsApp is used for transactional messages only (OTP verification, plan-renewal reminders, GST invoices, opt-in confirmations, and important account-state changes) — not for daily content delivery.
This Policy should be read together with our Terms of Service.
2. Definitions
- “Personal Data” means any data about you that identifies you or can be used to identify you.
- “Processing” means any operation performed on Personal Data (collection, use, storage, sharing, deletion).
- “You” means the individual using the Service, also referred to as a Data Principal under the DPDP Act and a data subject under the GDPR.
3. Information We Collect
- Identity data: Name.
- Contact data: Email address; phone number (for OTP/login verification, SMS, and WhatsApp transactional messages).
- Birth data: Date of birth, time of birth, and place of birth. (This is the core data used to generate your readings.)
- Derived data: Zodiac sign, birth-chart details (moon sign, ascendant, nakshatra, dasha), and numerology insights — computed from your birth data.
- Subscription data: Plan type, subscription status, and payment history (payments are processed by Razorpay; we do not store your full card details).
- Usage data: Pages and features used, session activity.
- Technical data: IP address, browser, and device information.
- Communication data: Messages you send to support.
- Reflection data: Private notes you voluntarily write in response to in-app “wisdom” prompts. Optional — you are never required to write one. We save your wisdom reflections so you can revisit them — these are private to your account.
- Consent records: Your marketing, analytics, advertising, and WhatsApp opt-in/opt-out preferences.
4. How We Use Your Data, and Our Lawful Basis
We process your data only for the purposes below, on the lawful bases indicated (under the DPDP Act 2023 and, for users in the EEA/UK, the GDPR):
| Purpose | Lawful basis |
|---|---|
| Deliver personalised astrology insights and daily content; create and manage calendar events | Performance of our contract with you |
| Process subscriptions, payments, and issue invoices | Performance of our contract; compliance with legal/tax obligations |
| Send service-related and transactional notifications (incl. WhatsApp/OTP) | Performance of our contract |
| Send marketing communications | Your consent (which you may withdraw at any time) |
| Analytics, advertising measurement, and attribution | Your consent |
| Improve product performance using aggregated, anonymised data; ensure security and prevent misuse | Our legitimate interests, balanced against your rights |
We do not sell your personal data.
5. AI and Automated Processing
We use AI systems — primarily OpenAI (GPT-4o), with Anthropic (Claude) as a fallback — to generate horoscope and life-intelligence Content from your birth details and preferences.
- This involves automated processing and profiling to produce your personalised readings and scores.
- These readings are provided for entertainment only and produce no legal or similarly significant effect on you. They are not used to make any decision that materially affects you.
- We may use anonymised, aggregated data to improve our systems. Data obtained via Google APIs or Microsoft APIs is never used to train AI or machine-learning models.
- Your wisdom reflections are never used to train AI models, never shown to other users, and never used for advertising.
6. Google User Data
If you connect your Google account, we may access limited Google user data (such as calendar access). We comply strictly with the Google API Services User Data Policy, including its Limited Use requirements. We confirm that Google user data is:
- Used only to provide core, user-requested functionality (e.g., creating horoscope calendar events);
- Never used for advertising;
- Never sold;
- Never used to train AI or machine-learning models;
- Never shared with third parties except as required to deliver the feature;
- Never used for profiling or marketing.
7. Microsoft User Data
If you connect your Microsoft account, we may access limited Microsoft user data (such as Outlook calendar access) via Microsoft APIs. We confirm that Microsoft user data is:
- Used only to provide core, user-requested functionality (e.g., creating and managing calendar events);
- Never used for advertising, sold, used to train AI/ML models, or used for profiling or marketing;
- Never shared with third parties except as required to deliver the feature.
8. How We Share Your Data (Sub-Processors)
We share data only with trusted service providers (“Data Processors”) necessary to operate the Service:
- AI providers — content generation: OpenAI (GPT-4o), and Anthropic (Claude) as a fallback.
- Hosting — Railway.app (infrastructure).
- Email — Resend (transactional and marketing email).
- Payments — Razorpay (subscription billing and payment mandates).
- Messaging — Meta Platforms (WhatsApp Business API; your phone number is shared to deliver OTP and transactional WhatsApp messages).
- Push notifications — Google (Firebase Cloud Messaging, Android) and Apple (Apple Push Notification service, iOS).
- Maps & geocoding — Google (Places / Geocoding, to resolve your place of birth).
- Analytics & attribution — PostHog (product analytics), Google (Google Analytics 4 via Google Tag Manager), Meta Platforms (Pixel and Conversions API, for ad measurement), and Kochava (mobile install attribution).
International transfers. Some providers process and store data outside India (including in the United States). Where we transfer your data internationally, we rely on appropriate contractual safeguards — including the data-processing terms offered by these providers and, where applicable, Standard Contractual Clauses — and use your data only for the purposes described in this Policy.
We require all providers to follow strict data-protection standards. We do not sell or rent your data.
10. Data Retention
- Active accounts: Retained while your account is active and for up to 2 years after subscription expiry.
- Deleted accounts: Removed within 30 days of a deletion request (subject to the legal-retention exception below).
- Payment records: Retained as required by Indian financial and tax law (up to 7 years).
- Wisdom reflections: Retained until you delete them or delete your account, after which they are permanently removed.
- Anonymised data: May be retained indefinitely, as it can no longer identify you.
11. Your Rights
Subject to applicable law, you have the right to:
- Access your data — download a copy via Account Settings → Your Data → Download my data;
- Correct your data — update your profile, birth details, and contact information at any time in Account Settings;
- Erase your data — request deletion via Account Settings → Your Data → Delete my account;
- Withdraw consent — withdraw marketing, analytics, advertising, or WhatsApp consent at any time (withdrawal is as easy as giving consent and does not affect processing already carried out lawfully);
- Restrict or object to certain processing in defined circumstances;
- Nominate (DPDP Act 2023): nominate another individual to exercise your rights on your behalf in the event of your death or incapacity — email [email protected] to register a nominee;
- Complain to a regulator — lodge a complaint with the Data Protection Board of India (under the DPDP Act) or, if you are in the EEA/UK, your local supervisory authority.
To exercise any right, email [email protected]. We respond within 30 days.
U.S. State Privacy Rights (California and other states)
If you are a resident of California or another U.S. state with a comprehensive consumer-privacy law, you have the following additional rights, subject to your state's law:
- Know / access the categories and specific pieces of personal information we have collected, used, and disclosed (the categories are listed in Section 3);
- Correct inaccurate personal information;
- Delete your personal information;
- Opt out of the “sale” or “sharing” of your personal information for cross-context behavioural (targeted) advertising;
- Limit the use and disclosure of sensitive personal information (such as precise geolocation);
- Non-discrimination — we will not deny service, charge a different price, or provide a lower quality of service because you exercised a right.
We do not sell your personal information for monetary value. We do “share” limited identifiers and usage data with our advertising partner (Meta) for cross-context behavioural advertising and ad measurement — and only when our advertising cookies are enabled.
How to exercise these rights:
- Opt out of sale/sharing and targeted advertising: use the “Do Not Sell or Share My Personal Information” link in our website footer or in Settings, or reject advertising cookies in Cookie Preferences. We treat the Global Privacy Control (GPC) browser signal as a valid opt-out and confirm when it has been applied.
- Access, correct, delete, or limit sensitive data: use Account Settings → Your Data, or email [email protected].
You may use an authorised agent to submit a request on your behalf; we will verify your identity before acting on it.
12. WhatsApp Communication
We send WhatsApp messages only with your explicit consent, and only for transactional purposes. You can opt out at any time by:
- Account Settings → Phone Number & WhatsApp → Disable, or
- Replying STOP to any message you receive from us.
13. Security and Breach Notification
We implement industry-standard safeguards, including:
- HTTPS/TLS encryption for data in transit;
- Hashed password storage (passwords are never stored in plain text);
- Access controls limiting internal access to your data;
- Regular security reviews of our code and infrastructure.
No system is perfectly secure. In the event of a personal-data breach likely to affect you, we will notify you and the Data Protection Board of India (and, where applicable, the relevant supervisory authority) as required by the DPDP Act 2023 and applicable law.
14. Children's Privacy
The Service is intended for users aged 18 and above. We do not knowingly collect data from anyone under 18, and we do not undertake tracking or targeted advertising directed at children. If you believe we have inadvertently collected data from someone under 18, contact [email protected] and we will delete it promptly.
15. International Users
If you access the Service from the EEA or UK, the GDPR/UK GDPR apply to our processing of your data, and you have the rights described in Section 11. The Service is operated from India; by using it you understand your data will be processed as described in this Policy.
16. Legal Compliance
We comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable international data-protection laws, including the GDPR for users in the European Economic Area and the UK GDPR for users in the United Kingdom.
17. Changes to This Policy
We may update this Policy from time to time. For material changes, we will notify you by email at least 14 days before the change takes effect, display a notice in the app, and — where the law requires — obtain your renewed consent.
18. Grievance Officer and Contact
For any privacy query, request, or complaint, contact our Grievance Officer:
Email: [email protected]
Post: Grievance Officer, 93 Communications, Plot No 20, Block H-1/A, Sec-63, Noida, Uttar Pradesh 201301, India
Response time: Within 30 days of receipt.
19. Version History
This Privacy Policy is versioned for compliance audit-trail purposes. Each version represents the policy in force at that effective date. When a new version is published, existing users are prompted to review and re-accept under the consent-renewal flow (DPDP Act §6 informed-consent requirement).
Version 1.1 · effective 27 June 2026 · current
Counsel-grade revision. Adds: a DPDP Act 2023 lawful-basis mapping; a full sub-processor list (OpenAI, Anthropic, Railway, Resend, Razorpay, Meta/WhatsApp, Google/Apple push, Google Places, PostHog, Google Analytics, Meta Pixel/CAPI, Kochava); international-transfer safeguards; U.S. State Privacy Rights (CCPA/CPRA) including Do-Not-Sell/Share and Global Privacy Control; the DPDP nominee right; a named Grievance Officer; breach-notification commitments; and an entertainment-only AI/profiling disclosure. Payment processor corrected to Razorpay.
Version 1.0 · effective 1 January 2024
Initial Privacy Policy. Standard data collection notice covering birth details, phone, email, and usage patterns. WhatsApp transactional-only delivery. Cookie consent (3-category granularity). In-app account deletion with 30-day grace period (DPDP §11 + GDPR Art.17 right-to-erasure). DPDP §8(5) + GDPR Art.33 breach-notification commitment. Records of Processing Activity (ROPA) maintained per GDPR Art.30.
