Security & Compliance
How Vedika protects your data, meets compliance requirements, and ensures enterprise-grade security for astrology API integrations.
Infrastructure Security
Vedika runs on Google Cloud Platform with multi-region deployment for reliability and low latency.
- Multi-region: US + India (Mumbai) for sub-100ms latency in India
- TLS 1.3: All API traffic encrypted in transit — HTTPS enforced, no HTTP fallback
- DDoS protection: Google Cloud Armor + custom rate limiting at multiple layers
- 99.9% uptime: Cloud Run auto-scaling with health checks every 30 seconds
- Automated backups: Database backups with point-in-time recovery
Data Handling & Privacy
Stateless Computation: Birth data is processed in-memory by Vedika Ephemeris, used for the AI response, and discarded. We do not store birth details after computation completes.
- No birth data storage: Astronomical calculations are stateless — input in, response out
- Conversation history: Optional — clients can disable via API parameter. If enabled, encrypted at rest
- No third-party sharing: Birth data is never shared with external services or partners
- Data deletion: Account deletion removes all associated data within 30 days
- Minimal PII: Only email and payment info stored — no names, addresses, or government IDs required
Authentication & Access Control
- API key authentication: Unique keys per client with prefix-based identification (
vk_live_*) - Per-key rate limits: Configurable per API key, per endpoint, and per time window
- IP allowlisting: Enterprise clients can restrict API access to specific IP ranges
- Key rotation: Revoke and regenerate API keys instantly via dashboard
- Audit logging: Every API call logged with timestamp, endpoint, response code, and billing status
GDPR Readiness
| GDPR Requirement | Vedika Implementation |
|---|---|
| Right to Access (Art. 15) | Export all account data via dashboard or API |
| Right to Erasure (Art. 17) | Full account deletion within 30 days of request |
| Data Minimization (Art. 5) | Stateless computation — birth data not stored |
| Purpose Limitation (Art. 5) | Data used only for requested astrological computation |
| Data Processing Agreement | Available for enterprise clients on request |
| Breach Notification (Art. 33) | 72-hour notification commitment |
Enterprise Security Features
Additional security controls available on Enterprise plans ($240/month):
- IP allowlisting: Restrict API access to your infrastructure IPs only
- Custom rate limits: Tailored rate limits per endpoint based on your usage patterns
- Dedicated support: Direct Slack/email channel with engineering team
- Audit logs: Detailed API usage logs exportable via admin dashboard
- White-label: Remove all Vedika branding from AI responses
- SLA guarantee: 99.9% uptime with financial credits for violations
Responsible AI
Vedika's AI astrologer includes safety guardrails that go beyond standard API practices:
- Crisis detection: Suicide/self-harm mentions trigger immediate helpline information — no astrology attempted
- Medical/legal/financial guardrails: AI discusses astrological indicators but always redirects to qualified professionals
- Precision-verified data: Proprietary validation engine ensures every astrological fact is mathematically computed, never AI-generated
- No fabricated predictions: All planetary positions, yogas, and aspects verified against Vedika Ephemeris astronomical data
- 97.2% domain accuracy: Validated against classical texts (BPHS, Phaladeepika, Saravali)
Questions About Security?
Our team is available to discuss compliance requirements, provide security documentation, or arrange a security review.
Contact Security Team Privacy Policy Terms of Service