Privacy Policy
Last updated: July 5, 2026
1. Who we are
Ishan Parihar (operating as "Ishan Parihar | Professional Services") is a solo practice based in Bengaluru, India, offering digital products, courses, coaching, consulting, and a newsletter on consciousness studies, life-systems design, and civilizational research. For any privacy question, write to privacy@ishanparihar.com.
2. What data we collect
We collect only what is necessary to operate the service you asked for: • Account data: name, email address, hashed password (via Supabase Auth), and OAuth identifiers when you sign in with Google. • Profile data: optional fields you choose to fill in (bio, display name, avatar). • Transaction data: order history, subscription plan, billing address, and payment instrument last-four (full card data is handled by Razorpay - we never see or store it). • Communication data: messages you send via the contact form, chat conversations with our AI assistant, and email sequence engagement events (opens, clicks). • Usage data: pages visited, reading events, content bookmarks, and similar interactions collected via first-party analytics. • Technical data: IP address, browser type, device type, and referrer - collected from request headers and Cloudflare.
3. Legal bases for processing (GDPR)
We process personal data under one or more of the following lawful bases: • Contract: to deliver the product, course, coaching engagement, or subscription you purchased. • Consent: for the newsletter, marketing emails, non-essential cookies, and AI chat - opt-in, revocable at any time. • Legitimate interest: for security logging, fraud prevention, and aggregated product analytics that do not disproportionately affect your privacy. • Legal obligation: to maintain tax and financial records as required by Indian law.
4. Third-party processors
We share specific categories of data with the following processors, each under a data-processing agreement: • Supabase (auth, database, storage) - account, profile, and content data. • Razorpay (payments) - order, billing, and payment instrument data. • Google OAuth (sign-in) - only your name and email, retrieved on consent. • Resend (transactional + newsletter email) - your email address and the emails we send you. • Google Gemini (AI chat) - chat messages you submit to the assistant. • Telegram (admin notifications) - anonymous conversation-start signals only; we never send your chat content to Telegram. • Cloudflare Turnstile (bot protection) - a bot-risk score for form submissions. • Botpress (optional webchat widget) - only loaded if you grant marketing consent. • Google Analytics (aggregated traffic analytics) - only loaded if you grant analytics consent.
5. How long we keep your data
• Active accounts: kept while your account exists. • Deleted accounts: hard-deleted after a 30-day grace period during which you can reactivate. • Orders and invoices: retained for 7 years to comply with Indian tax law. • Newsletter subscribers: until you unsubscribe (one-click link in every email). • Chat messages: retained for 12 months for service-quality review, then anonymized. • Server logs: 30 days, then rotated.
7. Your rights
If you live in the EU, UK, or California (CCPA), you have the right to: • Access the personal data we hold about you. • Correct inaccurate data. • Delete your account and associated data (subject to legal record-keeping). • Export your data in a portable JSON format. • Object to or restrict certain processing. • Withdraw consent at any time (without affecting processing done before withdrawal). • Lodge a complaint with your local data-protection authority. To exercise any of these rights, email privacy@ishanparihar.com. We respond within 30 days.
8. Children's data
Our services are intended for adults (18+). We do not knowingly collect data from children. If you believe we have collected a child's data in error, contact privacy@ishanparihar.com and we will delete it.
9. Security
We use industry-standard measures: TLS in transit, at-rest encryption at the database layer, scoped service-role keys, CSRF protection on all state-changing requests, rate limiting, and audit logging. No system is perfectly secure; we notify affected users within 72 hours of any confirmed breach involving personal data.
10. Changes to this policy
We will update this page when our practices change. Material changes will be announced via email to active subscribers at least 7 days before they take effect. The "Last updated" date below always reflects the most recent revision.
11. Contact
Questions about this policy or your data? Email privacy@ishanparihar.com or write to: Ishan Parihar, Bengaluru, India. We aim to respond within 5 business days.
Manage your cookie preferences
Reopen the consent banner to change which cookie categories are active in your browser.