Privacy Policy
Last updated: May 26, 2026
In plain language
- We collect your email and the data you choose to share.
- If you use the AI companion, your messages are sent to Anthropic for processing.
- We never sell your data. No ads. No data monetization.
- You can export or delete all your data at any time from Settings.
- The shloka explorer and courses work without sharing any personal data with AI providers.
1. Data Controller
Live Gita (“we,” “us,” “our”) is the data controller responsible for your personal data. Live Gita is an open-source project licensed under AGPLv3.
2. What We Collect
Account Data
When you create an account: email address, display name, date of birth (for age verification), and password hash (we never store your plaintext password).
AI Companion Data (only if you opt in)
If you enable the AI Spiritual Companion, your chat messages are sent to third-party AI providers for processing. This data may include your philosophical and spiritual reflections. Under GDPR Article 9, this constitutes special-category personal data (religious/philosophical beliefs). We process this data only with your explicit consent.
Course Progress & Bookmarks
Course enrollment, lesson completion, quiz scores, and bookmarked verses are stored in your account.
Reflections
If you write reflections on daily wisdom, these are stored in your account (or locally on your device if you choose local-only mode).
Technical Data
IP address (for rate limiting and security), browser user agent (for consent records). We do not use analytics cookies unless you opt in.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account management, courses, bookmarks | Contract (Article 6(1)(b)) |
| AI Spiritual Companion chat | Explicit consent (Article 9(2)(a)) |
| Reflection journal (cloud sync) | Explicit consent (Article 9(2)(a)) |
| Rate limiting, security | Legitimate interest (Article 6(1)(f)) |
4. Third-Party Processors
We share data with the following processors only as necessary:
| Processor | Purpose | Data Shared |
|---|---|---|
| Anthropic (US) | AI chat processing | Chat messages (only if AI consent granted) |
| OpenAI (US) | Embedding generation for search | Verse text (not user data) |
| Hosting provider | Infrastructure | All data (encrypted at rest) |
Both Anthropic and OpenAI process data in the United States. For EU users, transfers are covered by EU-US Data Privacy Framework certification and/or Standard Contractual Clauses.
5. Data Retention
- Chat messages: Retained for the lifetime of your account unless you delete them.
- Account data: Retained until you delete your account.
- Rate limiting data: Redis keys expire automatically (24 hours).
- Backups: Retained for 30 days, then permanently deleted.
6. Your Rights
GDPR (EU/EEA)
- Access: Request a copy of all your data (Settings → Export Data).
- Erasure: Delete your account and all data (Settings → Delete Account).
- Portability: Export your data as JSON.
- Withdraw consent: Disable AI chat or reflection cloud sync at any time in Settings.
- Object: Contact us to object to any processing based on legitimate interest.
CCPA/CPRA (California)
- We do not sell or share your personal information for cross-context behavioral advertising.
- You may request deletion of your data at any time.
- Religious beliefs and health data are sensitive personal information under CPRA.
DPDP Act (India)
- You may withdraw consent and request erasure at any time.
- Grievance officer contact: see Section 9 below.
7. Children
Live Gita requires users to be at least 16 years old (18 in India). We do not knowingly collect data from children below these age thresholds. If you believe a child has created an account, please contact us.
8. Security
We use encryption in transit (TLS), encrypted passwords (bcrypt), row-level authorization on all user data, and rate limiting to protect against abuse. The application runs in Docker containers with non-root processes and internal-only database networks.
9. Contact
For privacy inquiries, data access requests, or to exercise any of your rights:
- Email: privacy@livegita.org
- Grievance Officer (India): privacy@livegita.org
We respond to all requests within 30 days.
10. Changes
We may update this policy. Significant changes will be communicated via the app. Continued use after changes constitutes acceptance.