Introduction
This Privacy Policy describes how asuraa.ai ("asuraa.ai", "we", "us", or "our") collects, uses, stores, and protects information when you use our creator booking platform — including the website, dashboards, public creator profiles, and any related services (collectively, the "Platform").
By creating an account, signing in with Google, or booking a session, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.
Information we collect
We collect only the information that's necessary to operate the booking experience:
- Account data — your name, email address, profile photo, username, and (if you are a creator) your bio, services, pricing, category, and timezone.
- Authentication data — when you sign in with Google, we receive your Google account ID, email, name and profile picture. We do not see or store your Google password.
- Booking & session data — buyer name & email, the service booked, the scheduled date/time, meeting link, and any review you submit after the session.
- Payment metadata — amount, currency, payment status, and the transaction ID returned by Razorpay (or another payment processor). We do not collect or store your card number, CVV, UPI PIN or bank credentials.
- Technical data — IP address, browser type, device type, pages visited and timestamps. We use this to keep the Platform secure and to diagnose problems.
- Communications — content of emails you send to support and any feedback you submit through the Platform.
Google OAuth & Sign-In
asuraa.ai uses Google OAuth 2.0 to let you sign in with your Google account. When you choose "Continue with Google", we ask Google for the following scopes:
- email, profile, openid — to identify you and create your asuraa.ai account.
- https://www.googleapis.com/auth/calendar.events — to read free/busy availability and create booking events on your calendar (creator accounts only).
Specifically:
- Google user data is used solely to provide or improve user-facing features of asuraa.ai.
- We do not use Google user data (including email, profile, or calendar data) for advertising, profiling, or marketing purposes.
- We do not sell, transfer, or share Google user data with third parties except as necessary to provide the requested platform functionality or as required by law.
- Google user data is never used to train, fine-tune, evaluate, or improve artificial intelligence (AI) or machine learning (ML) models.
- Humans do not access Google user data unless required for security purposes, legal compliance, or with explicit user consent.
You can revoke asuraa.ai's access to your Google account at any time from your Google Account → Security → Third-party access, or by disconnecting Google Calendar from your asuraa.ai dashboard under Settings → Integrations.
Google Calendar permissions
asuraa.ai accesses Google Calendar data only for:
- Checking creator availability and busy/free slots.
- Creating booking events with Google Meet links.
- Sending scheduling reminders and managing confirmed bookings.
We do not use Google Calendar data for:
- Advertising or ad targeting.
- Selling or transferring to third parties.
- AI/ML model training.
- Analytics unrelated to core booking functionality.
- Profiling or unrelated data processing.
Google Calendar access can be revoked at any time from Google Account → Security → Third-party access or from Dashboard → Settings → Integrations. Disconnecting will stop new events from syncing but will not delete past booking history.
Google API Limited Use Disclosure
asuraa.ai uses Google APIs only to provide user-requested authentication, scheduling, booking, and calendar synchronization features.
In accordance with Google's API Services User Data Policy and Limited Use requirements:
- Google data is never sold to third parties.
- Google data is never used for advertising purposes.
- Google data is never used to train or improve AI/ML models.
- Google data is used only for the specific features enabled by the user.
- Human access to Google data is restricted to security, legal compliance, or explicit user consent scenarios.
Payment information handling
Payments on asuraa.ai are processed by Razorpay, a PCI-DSS certified payment service provider. When you check out:
- Card / UPI / wallet details are entered directly into Razorpay's secure checkout. They do not pass through asuraa.ai servers, and we never see, log or store them.
- We store only the booking amount, currency, payment status and the Razorpay payment ID/order ID returned by Razorpay's webhook — enough to verify your booking and issue payouts.
- Refunds, chargebacks and dispute resolution are governed by Razorpay's policies. See Razorpay's Privacy Policy.
For creators receiving payouts, we collect the bank account / UPI ID you submit through the Earnings dashboard solely to remit your earnings. This information is stored encrypted at rest and used only for payout processing.
How we use your data
We use the information we collect for the following purposes:
- To create and manage your account and creator profile.
- To process bookings, payments, payouts, and post-session reviews.
- To send transactional emails — welcome, booking confirmations, reminders, review prompts and password resets.
- To prevent fraud, abuse and unauthorised account access.
- We analyse only aggregate and anonymised usage information necessary to improve platform stability, performance, and user experience. Google user data is never included in analytics, advertising systems, profiling systems, or AI/ML services.
- To comply with applicable laws and respond to lawful requests.
No AI/ML training on your booking, calendar or review data. asuraa.ai does not use the contents of your bookings, calendar events, session reviews, or any other personal data to develop, improve, or train generalised artificial intelligence (AI) or machine learning (ML) models.
Third-party integrations
asuraa.ai integrates with a small number of trusted service providers, each governed by their own privacy policies:
- Google — OAuth sign-in, Calendar sync, Meet links. See Google Privacy Policy.
- Razorpay — payment processing (India). See Razorpay Privacy.
- Stripe — international payment processing where applicable. See Stripe Privacy.
- Resend — transactional email delivery. See Resend Privacy.
- MongoDB Atlas — encrypted database hosting.
- Cloudflare — DNS, CDN, and DDoS protection.
We share with these providers only the minimum information they need to perform their service. We do not use cross-site advertising networks or behavioural ad trackers.
How we protect your data
- All traffic to asuraa.ai is encrypted in transit using TLS 1.2 or higher.
- Passwords are hashed using bcrypt with per-user salts; we never store plain-text passwords.
- OAuth refresh tokens and payout bank details are stored encrypted at rest.
- Database access is restricted to a small set of named engineers via mutually-authenticated VPN.
- We log administrative actions and review them regularly for unusual activity.
No system is perfectly secure. If you discover a vulnerability, please report it responsibly to security@asuraa.ai. We aim to acknowledge reports within 48 hours.
Data retention & deletion
We retain personal data for as long as your account is active and as needed to provide the Platform. You can request deletion of your account at any time by emailing support@asuraa.ai.
On deletion, we permanently remove your profile, services, calendar tokens and preferences within 30 days. We may retain anonymised transaction records and tax-related financial data for the period required by applicable Indian tax and accounting law (typically 7 years).
Your rights
Depending on your jurisdiction, you have rights to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Request deletion of your data (subject to legal retention obligations).
- Withdraw consent to data processing or to Google Calendar access.
- Export your data in a portable, machine-readable format.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email support@asuraa.ai from the address on your account. We respond to verified requests within 30 days.
International transfers
Our infrastructure and database systems are hosted using secure cloud infrastructure providers serving users in India and other supported regions. Appropriate technical and organisational safeguards are implemented to protect user data regardless of processing location.
Children's privacy
asuraa.ai is not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal data to us, please contact support@asuraa.ai and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you by email or via a prominent notice in the dashboard at least 7 days before the change takes effect.
Continuing to use asuraa.ai after the effective date means you accept the revised policy.
Contact us
If you have questions about this Privacy Policy, want to exercise a data right, or have spotted something we should fix, please get in touch:
- Email: support@asuraa.ai
- Security disclosures: security@asuraa.ai
- Registered business address: available upon verified request by contacting support@asuraa.ai.
We're a small team and we read every email. Reach us at any time and we'll get back to you within 2 business days.
support@asuraa.ai →