top of page

Privacy Policy

Last Updated: June 2025

 

Introduction

 

Cosmic Connect India LLP, doing business as The Cosmic Connect (referred to as “TCC”, the “Company”, “we,” “us,” or “our”) is committed to protecting the privacy of our users and customers. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our services – both online (via our website and digital platforms) and offline (through in-person wellness sessions, courses, or events). We adhere to all applicable Indian laws, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000, and follow global data protection best practices to respect the privacy rights of our international users. By using The Cosmic Connect website or services, you agree to the practices described in this Policy. If you do not agree, please refrain from using our services. We may update this Policy from time to time and will notify you of any significant changes by posting the updated Policy with a new “Last Updated” date.

 

Personal Data We Collect

We collect personal data that you voluntarily provide to us, as well as some data automatically collected when you interact with our services. The types of personal data we collect include:

  • Identity and Contact Information: Your name, email address, telephone number, postal/billing address, and other contact details. This may be collected when you sign up on our website, book a session, make a purchase, or contact us for inquiries.

  • Birth and Demographic Information: Details such as your date of birth, time of birth, place of birth, gender, and nationality, especially when relevant to certain wellness or spiritual services (for example, astrology or personalized spiritual guidance).

  • Health and Spiritual Preferences: Information about your health conditions, wellness goals, spiritual or healing interests, and any preferences or responses you provide in questionnaires or intake forms. We only collect such sensitive information with your explicit consent and use it to tailor our services to you in alignment with legal requirements for sensitive data.

  • Payment and Transaction Data: Information needed to process payments for our products or services, such as credit/debit card details, UPI ID, bank information, or payment service details. Note: We use secure third-party payment processors (e.g. Cashfree, PhonePe, AirPay) to handle payment transactions, so we do not store your full financial account details on our systems. Payment data is processed in compliance with applicable security standards (PCI-DSS) by our payment partner.

  • Course and Service Enrollment Data: Details related to the courses you enroll in (e.g. on our Teachable or similar platform platform for online courses) or services you book, including session dates, attendance, progress in educational courses, and feedback or assignments you submit.

  • Minors’ Information: We do not knowingly collect personal data from individuals under 18 years of age without parental or guardian consent. If you are a parent/guardian providing data about a minor (such as the child’s name or birth details for a service), we collect that data only with your verified consent and strictly for the purposes disclosed. (See Children’s Privacy below for more information.)

  • Usage Data (Automatically Collected): When you interact with our website, we automatically collect certain technical data, including your IP address, browser type, device type, operating system, referring URLs, and browsing behavior on our site. We also collect data through cookies and similar tracking technologies as described in the Cookies and Tracking Technologies section of this Policy. This usage data helps us analyze how our website and services are used and improve your experience.

 

Most of the personal data we collect is provided directly by you. In some cases, we may receive information from third parties – for example, if you purchase our products through third-party platforms like Amazon, that platform may share with us the information needed to fulfill your order (such as your name and shipping address). We treat any information obtained from third-party sources with the same care as data you provide directly.

 

Optional or Required Data: You have choices about the personal information you provide. We will indicate when certain data is optional. If you choose not to provide certain required information (for example, data needed to process an order or book a session), we may not be able to provide you with that product or service.

 

Cookies and Tracking Technologies

Like most websites, we use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver relevant content. Cookies are small text files placed on your device when you visit our site. They help us remember your preferences and understand how you interact with our content. We use the following types of cookies on our site:

  • Essential Cookies: These are necessary for the website to function properly. For example, they allow you to add items to your cart, log into secure areas, or load site content faster. Without these cookies, certain services or features may not be available.

  • Analytics and Performance Cookies: These cookies collect information about how visitors use our website (e.g. which pages are visited most often, time spent on the site, any errors encountered). We use this information to improve our website’s functionality and user experience. For instance, we may use Google Analytics or similar tools to analyze aggregate usage patterns (we do not use these cookies to identify you individually).

  • Functional Cookies: These cookies remember your preferences and choices to provide a more personalized experience. For example, they might recall your language preference or the region you are in, so you don’t have to enter this information every time.

  • Advertising/Marketing Cookies: Currently, we do not display third-party ads on our website. If this changes in the future, any advertising cookies will be clearly disclosed and will only be used in accordance with applicable law and your consent where required.

 

When you first visit our site, you may be presented with a cookie notice or banner requesting your consent to non-essential cookies. You can choose to accept or reject those cookies. Additionally, most web browsers allow you to control cookies through their settings (for example, you can set your browser to block or delete cookies). Please note that disabling certain cookies may affect the functionality of our website and your ability to use some features.

 

We may also use similar technologies like web beacons (pixel tags) in our emails or on our site. These allow us to track when emails are opened or links are clicked, helping us tailor our communications and offerings. You can disable images in your email client if you prefer not to allow this tracking in emails.

 

How We Use Your Personal Data

We process your personal data only for legitimate purposes and in accordance with the law. We primarily rely on your consent and other lawful bases for processing, as appropriate. Under India’s DPDP Act, we obtain your consent before processing personal data, except in certain situations deemed as “legitimate uses” under the law. We also follow international principles to ensure we have a valid legal basis for each use of your data. The purposes for which we use personal data include:

  • Providing and Improving Services: We use your information to provide the services or products you have requested – for example, to schedule and conduct wellness sessions (online or offline), ship physical products you ordered, enroll you in courses, or provide customer support. This may include using your birth details or health/spiritual information to personalize your sessions or reports. Legal Basis: This processing is generally necessary to perform our contract with you (to deliver the service or product you purchased) or is based on your consent when you voluntarily provide information for a specific service.

  • Processing Payments and Orders: We use payment and contact information to process transactions, send order confirmations, invoices or receipts, and ensure fulfillment of your purchases. Legal Basis: Performance of a contract (sale of a product or service) and compliance with legal obligations (financial record-keeping). Payment data is handled via trusted payment gateways (like Cashfree, PhonePe, AirPay) for secure processing.

  • Communication: We use your contact details (email, phone number) to communicate with you about your bookings, course updates, session reminders, customer support responses, and important service-related notices. Legal Basis: Performance of contract (we need to inform you about the services you use) or legitimate interest in providing you with necessary information.

  • Marketing and Newsletters: With your consent, we may use your email or phone number to send you promotional content, newsletters, upcoming event announcements, or special offers from The Cosmic Connect. You can opt-out of marketing communications at any time by using the “unsubscribe” link in emails or contacting us. We will only send you marketing materials if you have given explicit consent (opt-in), as required by applicable law.

  • Personalization: We may use data such as your preferences, past services, or browsing behavior to personalize your experience. For instance, we might recommend certain courses or products that align with your interests, or customize content on our website to better suit your wellness journey. Legal Basis: Consent (where we rely on cookies or data you provide) or our legitimate interest in improving our offerings, balanced with your privacy rights.

  • Analytics and Service Improvement: We analyze usage data (including via cookies and analytics tools) to understand how our services are used, measure the effectiveness of our courses or content, troubleshoot issues, and make improvements. This helps us enhance the quality of our offerings (for example, improving website navigation or adding content that users find helpful). Legal Basis: Legitimate interests in managing and improving our business, and in some cases consent (for non-essential cookies or analytics, if required under law).

  • Legal Compliance and Protection: We may process your personal data to comply with applicable laws, regulations, legal processes, or government requests (for example, maintaining transaction records for tax/audit purposes, or verifying identity to prevent fraud). We also may use and share information as necessary to enforce our Terms & Conditions, to protect our rights, privacy, safety, or property, and that of our users or others, and to detect or prevent fraud, security, or technical issues. Legal Basis: Compliance with legal obligations and our legitimate interest in protecting our business and customers.

  • Other Purposes (with Notice to You): If we intend to use your data for any purpose not listed above, we will provide you with additional notice and obtain your consent if required. We will not use your personal data in a manner that is incompatible with the purposes for which it was collected without informing you and obtaining consent.

 

The legal basis we rely on for processing your information depends on the context. In many cases, your consent will be our primary legal basis (especially for sensitive personal data like health/spiritual details, or for optional data uses like marketing). You have the right to withdraw your consent at any time (see Your Rights section below). In other cases, we process data because it is necessary for a contract (e.g. to deliver a service or product you requested), or to comply with a legal obligation. In certain situations, we may rely on legitimate interests – either ours or a third party’s – but only where those interests are not overridden by your data protection rights. For example, improving our services or securing our platform may be considered our legitimate interests. We carefully consider and balance any potential impact on your rights before relying on legitimate interests as a basis.

 

Data Sharing and Disclosure

We treat your personal information with care and confidentiality. We do not sell your personal data to third parties. However, we may share your data with trusted third parties and service providers in the following circumstances, and only to the extent necessary for the purposes described in this Policy:

  • Service Providers and Partners: We share information with companies that help us run our business and provide services to you. This includes:

    • Payment Processors: For example, we share necessary order and billing information with Cashfree, PhonePe, AirPay (our payment gateway) to process your payments securely.

    • E-commerce and Delivery Partners: If you purchase physical products from us, we may share your contact and shipping details with fulfillment partners. For instance, some products may be sold or fulfilled via Amazon, in which case Amazon will receive and process your order information to deliver the product. We may also use courier or postal services to ship items to you.

    • Course Platforms: If you enroll in our online courses, we may use third-party learning platforms such as Teachable or similar platform. In those cases, your registration and course progress data may be processed by that platform to deliver course content and track your learning.

    • Analytics and Technology Providers: We may share certain usage data with analytics services (e.g. Google Analytics) to help us understand how users interact with our website. These analytics providers act on our behalf and are not allowed to use the data for other purposes.

    • IT and Infrastructure Providers: We use reputable cloud hosting and IT service providers to host our website and data. For example, our website or databases may be hosted on secure cloud servers (such as Amazon Web Services) which process data as needed to keep our services operational.

  • Business Transfers: If The Cosmic Connect undergoes a business transaction such as a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the successor or new owner as part of that transaction. In such cases, we will ensure that the new owner is bound by terms that protect your privacy consistent with this Policy.

  • Legal Requirements and Protection: We may disclose personal information if required to do so by law or in response to valid legal process (e.g., a subpoena, court order, or government request). We may also disclose information if we believe in good faith that it is necessary to investigate or prevent fraud, protect the safety of any person, or enforce our terms and policies.

  • With Your Consent: We will share your personal data with others outside of the above circumstances only with your explicit consent. For example, if you ask us to share a testimonial with your name on our website, or if you consent to our collaborating with another wellness practitioner on your case, we will share data in accordance with the consent you provide.

 

In all cases of data sharing, we strive to share only the minimum information necessary for the task. Our service providers and partners are contractually obligated to keep your data secure and use it solely for the purposes of providing the services to us (and to you). If the data we are sharing includes sensitive personal data (such as health or spiritual preference information), we will only share it with your consent or as otherwise permitted by law. We do not allow third parties to use your data for their own marketing or other purposes without your consent.

Please note that third-party services (such as Cashfree, PhonePe, AirPay, Amazon, Teachable or similar platform, etc.) have their own privacy policies. We recommend you review those policies, as any data you provide directly to those services will be governed by their terms. However, our agreements with such providers require them to protect your data in a manner consistent with applicable privacy laws.

 

Data Retention

We retain personal data for only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. This means:

  • If you are a customer or user of our services, we will keep your personal information for as long as your account is active, or as needed to provide you with services, and for a reasonable period thereafter. For example, we may retain your data while you are enrolled in a course or have an upcoming session booked with us.

  • Once you cease to use our services or request your account to be deleted, we will either delete or anonymize your personal data, or if that is not immediately feasible (e.g., stored in backups), we will securely isolate and protect it from further use until deletion is possible. We generally aim to not retain personal data longer than necessary for the purpose of collection.

  • In certain cases, we may need to retain some information for longer periods as required by law or for legitimate business purposes. For instance, financial transaction records may be kept for accounting and tax obligations, and any information relating to legal disputes or compliance matters may be retained as long as necessary to resolve those issues. During retention, we continue to ensure the security and confidentiality of the data.

  • We periodically review the data we hold. If we identify personal data that is no longer needed, we will erase or anonymize it. Additionally, to comply with emerging regulations, we may implement specific retention limits (for example, proposed rules in India may require deletion of inactive account data after 3 years). We will adhere to any such legal requirements once in force.

 

After the applicable retention period has ended, and we have no ongoing legitimate reason or legal obligation to keep your data, we will permanently delete or irreversibly anonymize your personal information. Anonymized data (which can no longer identify you) may be retained for analytics or statistical purposes without further notice.

 

Data Security Measures

We take the security of your personal data very seriously. The Cosmic Connect implements reasonable security practices and procedures to protect your information from unauthorized access, use, alteration, and destruction. These measures include technical, administrative, and physical safeguards appropriate to the sensitivity of the data:

  • Encryption & Secure Transmission: Our website is secured with SSL/TLS encryption, which means that any data you submit (such as through forms or payments) is encrypted in transit to prevent eavesdropping. We also encourage you to only use our site over secure networks.

  • Secure Storage: Personal data is stored on secure servers that are protected by firewalls and monitoring systems. We restrict access to personal information to authorized personnel who need it to operate our services, and such personnel are bound by confidentiality obligations.

  • Payment Security: As noted, we do not store sensitive payment card details on our own servers. Our payment partner (Cashfree, PhonePe, AirPay) handles your payment information using industry-standard security and encryption. This reduces the risk of payment data breaches on our end.

  • Access Controls: We maintain strict access controls and authentication measures to prevent unauthorized access to data. Only trained and authorized staff or contractors are permitted to access personal data, and only for permitted business functions.

  • Regular Audits and Training: We periodically review our data handling practices and security policies to ensure we maintain high standards. Our team members are trained on data protection principles and required to follow this Privacy Policy and our internal security guidelines.

  • Third-Party Security: When we share data with third-party service providers (as described above), we ensure through contracts that they also implement appropriate security measures to protect your information and comply with applicable data protection laws.

 

Despite our best efforts, please understand that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. In the event of any security breach that compromises your personal data, we will notify you and the appropriate authorities as required by law and take all necessary steps to address the issue.

 

By using our services, you acknowledge that you understand and accept the inherent risks of data transmission over the internet. We encourage you to also take precautions on your end, such as using strong passwords, keeping your login credentials confidential, and promptly informing us if you suspect any unauthorized access to your account or personal data.

 

Your Rights and Choices

We respect your rights over your personal data. As a user of our services, and especially if you are located in certain jurisdictions, you have various rights regarding the personal information we hold about you. These rights include:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data and to access or receive a copy of the data we hold about you. We will provide you with the relevant information, typically within a reasonable timeframe. This helps you understand what personal data of yours we have and how it is being used.

  • Right to Correction: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. We encourage you to keep your information up-to-date and will make corrections promptly upon verification of the new information.

  • Right to Deletion (“Right to be Forgotten”): You may request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (in cases where consent is the basis for processing), or if you object to processing and we have no overriding legitimate grounds to continue, or if the data was processed unlawfully. We will honor valid deletion requests and erase your data, unless we are required to keep it for legal reasons (in which case we will inform you).

  • Right to Withdraw Consent: Wherever we rely on your consent to process personal data, you have the right to withdraw that consent at any time. For example, you can opt out of marketing emails by clicking the “unsubscribe” link, or withdraw consent for a specific service by contacting us. Please note that withdrawing consent will not affect the lawfulness of processing done before the withdrawal. If you withdraw consent for a service that requires your data, we might not be able to continue providing that service to you.

  • Right to Object or Restrict Processing: In certain situations, you have the right to object to our processing of your data, particularly if we are processing it based on legitimate interests. You can also request that we temporarily restrict processing of your data if you contest its accuracy or have other concerns. For example, if you believe our records are incorrect, you can ask us to stop using the data until it is verified or corrected. We will evaluate such requests and comply if required by applicable law.

  • Right to Data Portability: To the extent required by law (e.g., under GDPR for EU users), you may have the right to request a copy of certain personal data in a structured, commonly used, and machine-readable format, and to have that information transmitted to another data controller, where technically feasible. This typically applies to data processed by automated means that you initially provided by consent or contract.

  • Right to Grievance Redressal: Under Indian law, you have the right to an effective grievance redressal mechanism. This means if you have any complaints or concerns about how we handle your data, you can contact our Grievance Officer (details provided in the Contact Us section below) and expect a timely response. We are committed to resolving complaints expediently – generally within 30 days of receipt, as mandated. If you are not satisfied with our response, you also have the right to escalate the matter to the appropriate data protection authority (such as the Data Protection Board of India, once operational, or a supervisory authority in your country of residence).

  • Additional Rights (Certain Jurisdictions): Depending on your location, you may have additional privacy rights. For example, Indian law specifically allows you to nominate a representative to exercise your data rights on your behalf in the event of your death or incapacity. If you are in the European Economic Area (EEA) or other regions with comprehensive data laws, you may also have the right to lodge a complaint with your local data protection authority, and rights such as not being subject to fully automated decision-making that significantly affects you. We extend our compliance to honor such rights to the extent applicable.

 

To exercise any of your rights, please contact us using the details in the Contact Us / Grievance Redressal section. We may need to verify your identity (to ensure that we do not disclose data to the wrong person) before fulfilling certain requests. We will respond to your request as soon as possible and in any event within any timeframes required by law.

 

There is no fee for exercising your rights, unless the requests are unfounded or excessive (in which case, we may charge a reasonable fee or refuse the request as permitted by law). We will inform you of any actions taken on your request, or if we need more information from you to process it.

 

Children’s Privacy (Minors)

Protecting the privacy of minors is especially important to us. In accordance with Indian law and global best practices, our services are not intended for use by children under the age of 18 without the involvement and consent of a parent or legal guardian. If you are under 18, please do not use our website or provide any personal data to us unless your parent/guardian has consented.

 

We define a “child” as an individual who is under 18 years old (or a higher age threshold if so defined by law in your country). If we know that a user is a child, we will require verifiable parental consent before collecting or processing any personal data from that child. For example, if a minor wishes to enroll in a meditation workshop or use our services, we will ask the parent or guardian to provide consent and perhaps to provide the data on the child’s behalf. We take steps to verify that the consent is genuine (such as by requiring a signed form or additional verification methods as appropriate).

 

Parental Involvement: If you are a parent or guardian and you provide consent for your minor child to use our services, we may collect personal data such as the child’s name, birth details, and any necessary information related to the service (e.g., health information for a healing session), solely for the purposes of delivering the service. As a parent/guardian, you have the right to review your child’s personal data, request its deletion, or withdraw consent at any time. Please contact us to exercise these rights on behalf of your child.

 

We do not use children’s data for any purpose other than to provide the requested services, and we certainly do not engage in any profiling, tracking, behavioral monitoring, or targeted advertising directed at minors. In fact, any form of processing that could have a detrimental effect on a child’s well-being is strictly avoided in line with the DPDP Act’s requirements. Our focus in processing a child’s data (with consent) is solely on positive purposes such as providing spiritual or wellness guidance requested by the parent/child.

 

If we become aware that we have collected personal data from a child under 18 without parental consent (for instance, if a child misrepresents their age), we will take immediate steps to delete the data and terminate any accounts that the child may have created. If you believe that a minor may have provided us personal data without proper consent, please notify us at info@thecosmicconnect.com, and we will investigate and promptly address the issue.

 

International Data Transfers

The Cosmic Connect is based in India, but we serve customers around the world. As a result, your personal data may be transferred to, stored in, or processed in India or other countries/regions outside of your home country. For example, if you are an international customer accessing our services, your data will be transferred to India where our servers or central database is located. Additionally, some of our third-party service providers may be located in other countries (for instance, our course platform or cloud service might operate from the United States or Europe).

 

Indian Law on Cross-Border Data: Under India’s Digital Personal Data Protection Act, personal data may be transferred outside India to most countries, except for any specifically restricted by the Indian government. The Indian government may designate certain jurisdictions as not permissible for data transfers; we will ensure we do not transfer your data to any such restricted locations. As of now, international transfers are broadly allowed, and we take measures to ensure that any overseas recipient of your data provides an adequate level of protection.

 

Safeguards for International Transfers: Whenever we transfer personal information across borders, we do so in accordance with applicable data protection laws. For users located in the European Union or other regions with data transfer restrictions, we will implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on other lawful transfer mechanisms to ensure that your data is protected. We only work with third parties that also commit to protecting personal data, regardless of where they are based.

 

By using our website or providing information to us, you acknowledge that your personal data may be transferred to India and other jurisdictions as necessary for the purposes described. We will handle that information as described in this Policy. Different countries may have different data protection laws; however, we will protect your data as described here, no matter where it is processed. If you have questions about international data transfers or require more information about the safeguards in place, please contact us.

 

Third-Party Websites and Services

Our website may contain links to third-party websites or integrate third-party services that are not operated by us (for example, links to our social media pages, external learning materials, or an Amazon storefront for our products). This Privacy Policy does not cover those external sites or services. If you click on a third-party link or use an external service, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site or service you interact with. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

 

However, if you have concerns about data that was shared with a third-party service as part of our service to you (for instance, data we passed to a payment gateway or course platform), please let us know. We will assist in resolving any issues related to such third-party processing to the extent we are able, and in line with the contracts we have with those providers.

 

Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will post the new policy on this page and update the “Last Updated” date at the top. If the changes are significant, we may also notify you by email (if we have your email on file) or by means of a prominent notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

 

Your continued use of our services after any changes to this Policy will be deemed acceptance of those changes. If you do not agree with any update, you should stop using our services and you may request that we remove your personal data as per your rights outlined above.

 

Contact Us / Grievance Redressal

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us. We have appointed a Grievance Officer (as required under Indian law) to address and resolve any privacy-related issues. You can reach out through any of the following contact points:

  • Grievance Officer: Puneet Mehta (Co-Founder)

  • Email: info@thecosmicconnect.com

  • Phone: +91 9599474758

  • Postal Address: GG1/5A, PVR Road, Vikaspuri, New Delhi – 110018, India

 

We will acknowledge and work to resolve your queries or complaints as quickly as possible. In general, we strive to provide a substantive response or resolution within 30 days of receiving your grievance. If you are not satisfied with our response, and you are in India, you may escalate the matter to the Data Protection Board of India (once it becomes operational) or any designated appellate authority under the DPDP Act. If you are in another jurisdiction, you have the right to contact your local data protection authority or privacy regulator.

 

Thank you for trusting The Cosmic Connect with your personal information. We value your privacy and are dedicated to safeguarding it. Please feel free to contact us with any questions or for further information about our privacy practices.

bottom of page