What we collect
- —Email address: newsletter, booking confirmations, transactional.
- —Name: when you book or apply.
- —Reading question and notes: kept in confidence and never shared.
- —Payment information: handled entirely by Razorpay; we do not store card or UPI details.
- —Analytics: Google Analytics 4 (GA4) for aggregate page-view counts and traffic source attribution. IP addresses are anonymised by GA4 before storage. No Meta pixel, no retargeting cookies, no cross-site tracking.
How we use it
Strictly for the purpose given. We do not sell data. We do not share with third parties for marketing.
Your rights
Request what we hold, request correction or deletion, unsubscribe any time. Write to legal@trikaala.com.
In detail: what we collect, when, and why.
We collect personal data only at three specific moments in the relationship with the practice. First, when you subscribe to the new moon dispatch — at this point we collect your email address and (optionally) your first name. Second, when you book a session or apply to an academy cohort — at this point we collect your name, email, phone number (if you provide one), the written question you bring to the reading, and the payment metadata that Razorpay returns to us (transaction ID, amount, card last-four; we never see the full card number, CVV, UPI PIN, or net-banking password). Third, when you write to us by email — we keep the correspondence as long as it is useful to the matter at hand, then archive or delete it.
We use Google Analytics 4 (GA4) to count aggregate page views and understand which content people are reading. GA4 anonymises IP addresses by default before they are stored. The analytics property is configured with Google Signals disabled, so we do not receive demographic or interest inferences about you, and your visit is not joined with your Google account profile. We do not pass any personally identifiable parameters (your name, email, booking details) to GA4. We do not use the Meta pixel, the LinkedIn Insight Tag, or any other ad-tech tracking framework. We do not retarget or remarket.
If you prefer to block GA4 entirely, every modern browser supports this — turn on the “Do Not Track” signal in your browser settings, install a tracker-blocking extension such as uBlock Origin or Privacy Badger, or use a privacy-first browser (Brave, Firefox with Enhanced Tracking Protection on Strict, Safari with Intelligent Tracking Prevention). We honour the request; GA4 simply does not record your visit, and nothing about your use of the site changes.
How long we keep it.
Email addresses on the new moon dispatch list are kept until you unsubscribe. Booking records — including the written question and the reflection brief — are kept for six months after the session, then permanently deleted from our systems. Payment metadata is kept for seven years as required by Indian accounting and tax law. Email correspondence is kept until it is no longer useful to the matter, with most correspondence archived or deleted within twelve months.
Your rights under the DPDP Act 2023.
Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to personal data we hold: (a) the right to access and obtain a summary of the data we hold about you; (b) the right to correction or update of inaccurate data; (c) the right to erasure of data we hold (subject to limited exceptions for legal and accounting records we are required to retain); (d) the right to grievance redressal; (e) the right to nominate someone to exercise these rights on your behalf in the event of your incapacity or death.
To exercise any of these rights, write to legal@trikaala.com with the subject line “DPDP request — [type of request].” We respond within seven working days, and complete the requested action within thirty days of the original request.
Cookies.
We use the minimum cookies necessary for the site to function. There is a session cookie for the booking flow (clears when you close the browser tab). Google Analytics 4 sets first-party cookies (named _ga and _ga_YZXFPP6X71) for aggregate page-view counting and traffic-source attribution; these cookies do not contain personally identifiable information and are not shared cross-site. The GA4 cookies expire after 13 months. We do not use third-party advertising cookies, retargeting cookies, or cross-site tracking cookies of any kind.
Children.
The Trikaala practice is intended for adults aged eighteen and over. We do not knowingly collect personal data from anyone under eighteen. If you believe we have inadvertently collected data from a minor, write to legal@trikaala.com and we will delete the data immediately.
Cross-border data transfer.
Trikaala operates from India and stores data on servers located in India and the European Union via our hosting provider. For non-Indian clients, data may be processed in the United States by downstream services (Razorpay’s international gateway, Cal.com, our email service). All cross-border processing follows the conditions of the DPDP Act 2023 for transfers to permitted jurisdictions; for clients in the European Union, we rely on Standard Contractual Clauses where applicable.
Updates to this policy.
We update this policy as the practice evolves and as the regulatory framework changes. Substantive changes are notified by email to new-moon-dispatch subscribers. The policy at the top of this page always shows the current “last updated” date.