Mego

Effective Date: 2026/02/25 • Last Updated: 2026/03/24

Mego provides guidance for clarity and reflection. It is not medical, legal, or financial advice. Consult qualified professionals for decisions in those areas.

Privacy Policy Summary

This summary highlights the key points. The full policy follows below.

You can use Mego as a guest without creating an account. In guest mode, your birth inputs are processed on your device and are not stored on our servers.
Birth inputs (date of birth, optional birth time, birth place) are saved locally on your device in encrypted storage so you do not need to re-enter them.
If you create an account, we store your profile data on our servers to enable backup and multi-device sync. You can delete your account and all associated server-side data at any time from Settings.
We do not sell your personal data. We do not share your raw birth inputs with third parties for their own purposes.
We use trusted service providers (listed in Section 5.2) who process data on our behalf under contractual safeguards.
If AI-based features are used (e.g., "Ask Mego"), we send only derived or computed outputs and your question to AI providers - not your raw birth inputs.
We use Google Play Integrity to verify that the app is running on a genuine device. This involves exchanging a cryptographic attestation token with Google - no personal data is shared in this process.
We generate a random device identifier (not linked to your hardware) for session management and abuse prevention. This identifier is stored locally on your device.
We do not collect precise device location (GPS), contacts, photos, files, or data from other apps.
We do not knowingly collect data from children under 16.
You have the right to access, correct, and delete your data. Contact us at privacy@mego.ai.

Full Privacy Policy

1. Who We Are

Mego is a mobile and web application operated by GIAS VENTURES PRIVATE LIMITED, a company incorporated in India. Mego is available at https://mego.ai and through mobile app stores. Throughout this policy, "we," "us," and "our" refer to GIAS VENTURES PRIVATE LIMITED.

Mego provides daily "Protect / Adjust / Act" guidance and a 10-minute plan to help you navigate uncertainty. The app uses astrology-based timing algorithms (rooted in Vedic computation methods) to generate computed outputs that inform your daily guidance. We present this as a clarity and decision-support tool - not as a prediction of the future.

2. What Data We Collect

2.1 Birth Inputs (Required for Core Functionality)

To compute your daily guidance, we collect the following inputs:

Date of birth - required.
Birth time - optional; you may indicate that your birth time is unknown or approximate.
Birth place - a city name selected through our city search feature. We do not request device GPS or location permissions to collect this. City search queries are proxied through our servers to protect your privacy; your search terms are not shared directly with third-party mapping services from your device.

These inputs are used to generate your computed outputs (see Section 4 for details on how we process them).

2.2 Account Information (Optional)

You can use Mego as a guest. If you choose to create an account, we collect:

Authentication credentials - your email address and name (via Google Sign-In), depending on the login method available. We do not receive or store your Google password.
Optional profile fields - such as your preferred tone (gentle or direct), focus areas (e.g., money, work, love), and display preferences. These are never required beyond onboarding.

2.3 Derived and Computed Data

From your birth inputs, we generate derived attributes and computed outputs (e.g., daily posture signals, timing assessments, confidence scores, and personalised plans). These are the processed results of our algorithms and do not include your raw birth inputs in their stored form.

2.4 Usage and Technical Data

Like most apps, we may automatically collect:

Device type, operating system, and app version.
Interaction data such as screens viewed, features used, and session duration.
Crash logs and performance diagnostics.

This data is collected in aggregate or pseudonymised form and is used to improve Mego's stability and user experience. We do not use this data to identify you personally or for advertising purposes.

2.5 Device and Session Data

To provide a secure and stable experience, we collect:

Device identifier - a randomly generated ID (UUID) created on first app launch. This is not your hardware ID, advertising ID, or IMEI. It is stored in your device's encrypted storage and is used solely for session management and abuse prevention. It is deleted if you uninstall the app.
Device integrity signals - on Android, we use the Google Play Integrity API to verify that the app is running on a genuine, unmodified device. This helps protect against automated abuse. The integrity check does not reveal your identity or personal data to us - it produces a cryptographic pass/fail verdict.
Session tokens - short-lived cryptographic tokens that authenticate your device's requests to our servers. These are rotated automatically and stored in encrypted device storage.
Push notification token - if you enable daily reminders, notifications are scheduled locally on your device. We do not store push notification tokens on our servers.

2.6 In-App Purchase Data

If you subscribe to Mego Pro, the purchase is processed entirely by the platform's app store (Google Play or Apple App Store). We receive a purchase token from the store to verify your subscription status. We do not receive or store your payment card details, billing address, or financial information.

2.7 Data We Do Not Collect

We do not collect:

Precise device location (GPS)
Contacts, call logs, or SMS
Photos, camera, or microphone data
Files or data from other apps on your device
Hardware identifiers (IMEI, MAC address, advertising ID)
Biometric data

3. How We Use Your Data

We use the data described above for the following purposes:

Providing core functionality: processing your birth inputs to generate daily guidance, timing signals, and personalised plans.
Account services: if you create an account, enabling backup, multi-device sync, and profile management.
Ask Mego (AI chat): when you ask a question, we send your question along with derived astrological context (posture, confidence, plan details) to our AI provider to generate a personalised response. Your raw birth inputs are not sent to the AI provider.
Cloud backup control for chats: you can choose whether Ask Mego conversations are backed up to our servers. If you disable cloud backup, new chats remain on your device only, and you can delete any previously stored server-side chat history.
Improvement and analytics: understanding usage patterns (in aggregate) to improve the app, fix bugs, and develop new features.
Security: device attestation, session management, and rate limiting to protect against abuse and unauthorised access.
Communications: responding to your support inquiries or sending essential service-related notifications (e.g., daily clarity reminders, which you can change or disable in Settings). We do not send marketing emails unless you opt in.
Safety and compliance: protecting against fraud, abuse, and legal obligations.

4. How We Process Birth Inputs

This section explains how your birth inputs are handled, depending on whether you use Mego as a guest or as a logged-in user.

4.1 Guest Mode (No Account)

When you use Mego without an account, your birth inputs (date of birth, birth time, birth place) are processed as follows:

On-device computation: astrological calculations are performed locally on your device using our computation engine. Your raw birth inputs do not need to leave your device for core functionality.
Encrypted local storage: the app saves your birth inputs locally on your device using AES-256 encrypted storage backed by the Android Keystore (hardware-backed on supported devices) or iOS Keychain, so that you do not need to re-enter them. This data remains on your device and is under your control.
No server-side profile: in guest mode, no user profile or account record is created on our servers.
Derived outputs: the computed results are cached on your device for performance. On the server side, we may retain aggregated, de-identified analytics derived from usage patterns, but these cannot identify you.

4.2 Account Mode (Logged In)

If you create an account and log in, we may store your birth inputs and derived outputs on our servers to provide:

Profile backup, so your data is not lost if you change or lose your device.
Multi-device sync, so your guidance is consistent across devices.
AI-powered features (Ask Mego) that require server-side processing.

Server-side data is encrypted in transit (TLS 1.2+) and stored with access controls. You can delete your account and all associated server-side data at any time (see Section 9).

5. Sharing and Service Providers

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to any third party. We have never sold user data and have no plans to do so.

5.2 Service Providers

We work with trusted service providers who process data on our behalf to operate and improve Mego:

Provider	Purpose	Data Shared
Google Firebase (Auth, Analytics, Crashlytics)	Authentication, analytics, crash reporting	Email (for sign-in), anonymised usage events, crash logs
Vercel	Backend hosting (API servers)	API request data (encrypted in transit)
New Relic	Performance monitoring	Anonymised performance metrics, crash data
OpenAI	AI-powered "Ask Mego" feature	Your question + derived astrological context (not raw birth inputs)
Google Play Integrity	Device attestation	Cryptographic attestation token only (no personal data)
Google Places API	City search during onboarding	City search queries (proxied through our server - not sent directly from your device)

Each service provider is bound by contractual obligations to:

Process your data only as instructed by us.
Maintain appropriate security measures.
Not use your data for their own independent purposes (including, in the case of AI providers, model training).

5.3 AI-Powered Features

The "Ask Mego" feature uses AI (large language model) services to generate personalised responses. When you use this feature:

We send your question text, your current posture (Protect / Adjust / Act), confidence score, plan details, and focus areas to the AI provider.
We do not send your raw birth inputs (date, time, place of birth) to the AI provider.
AI providers process data under contractual terms that restrict them from using your data to train their models or for any purpose beyond fulfilling our requests.
Ask Mego requires sign-in and may require a Pro subscription, depending on usage limits.

5.4 Legal and Safety Disclosures

We may disclose data if required to do so by law, regulation, legal process, or governmental request, or where necessary to protect the safety, rights, or property of Mego, our users, or the public.

6. Data Retention

Data Type	Guest Mode	Account Mode
Raw birth inputs	Not stored on our servers. Encrypted on your device. Cleared on uninstall.	Stored on servers (encrypted). Removed from active databases when you delete your account; encrypted backup retained for up to 180 days.
Derived / computed outputs	Cached on your device. No server-side storage tied to you.	Stored on servers alongside your profile. Removed from active databases when you delete your account; encrypted backup retained for up to 180 days.
Account info (email, name)	Not applicable.	Retained while your account exists. Removed from active databases when you delete your account; encrypted backup retained for up to 180 days.
Ask Mego conversations	Not applicable (requires sign-in).	Stored on our servers only if cloud backup is enabled (encrypted in transit and at rest), and may be cached on your device. If you disable cloud backup, new chats stay on-device and you can clear previously stored server chat history from Settings. Removed from active databases when you delete your account; encrypted backup retained for up to 180 days.
Device identifier (UUID)	Stored on your device only. Cleared on app uninstall.	Same. Not linked to your account on our servers.
In-app purchase data	Not applicable.	Purchase token retained while subscription is active. Removed from active databases when you delete your account; encrypted backup retained for up to 180 days.
Usage and technical data	Aggregated and de-identified. Retained for up to 26 months for analytics.	Same as guest mode.

We retain personal data only as long as reasonably necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, it is deleted or de-identified.

Post-deletion retention: When you delete your account, all personal data is removed from our active databases immediately. However, we may retain a secure, encrypted backup of your data in an access-restricted archive for up to 180 days for purposes such as fraud prevention, security monitoring, dispute resolution, and compliance with legal obligations. Within this archive:

Your identity is pseudonymized — your account identifier is replaced with a one-way cryptographic hash that cannot be reversed to identify you, but allows us to locate the archive if needed during a verified fraud or legal investigation.
The archived data is encrypted at rest using AES-256-GCM encryption with a server-side key. It is unreadable without the decryption key, which is held only by authorized personnel.
After the 180-day retention period, the archive is permanently and irreversibly deleted.

Fully anonymized and aggregated data (such as total usage counts) that cannot be linked back to any individual may be retained indefinitely for analytics and service improvement.

7. Security

We implement administrative, technical, and physical safeguards to protect your data:

Encryption in transit: all data exchanged between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at rest (on-device): birth inputs and sensitive data are stored in AES-256 encrypted storage backed by the Android Keystore (hardware-backed on supported devices) or iOS Keychain.
Encryption at rest (server-side): server data is encrypted at rest using the security controls of our hosting provider.
Deletion archives: when an account is deleted, any retained backup data is encrypted using AES-256-GCM with a dedicated encryption key, and the account identifier is replaced with an irreversible cryptographic hash. These archives are stored separately from active data with restricted access controls.
Device attestation: Google Play Integrity verifies that the app is running on a genuine, unmodified device, helping prevent automated abuse.
Session security: short-lived access tokens (15 minutes) bound to your specific device, with automatic rotation. Even if a token is intercepted, it cannot be used from a different device.
Access controls: strict limits on who within our organisation and among our service providers can access personal data.
Rate limiting: API endpoints are rate-limited per device and per IP address to prevent abuse.
Secure headers: our servers enforce strict HTTP security headers (HSTS, content type protection, clickjacking prevention).

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. If you become aware of a security issue, please contact us at security@mego.ai.

Data Breach Notification: in the event of a data breach that affects your personal data, we will notify affected users and relevant authorities within the timeframe required by applicable law.

8. Children's Privacy

Mego is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under this age, we will take reasonable steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@mego.ai.

9. Your Rights and Controls

9.1 In-App Controls

Edit your profile: update or remove optional fields such as focus areas, tone, or birth data at any time from Settings.
Clear local data: you can clear locally stored birth inputs and cached outputs from within the app (Settings → Delete My Data) or by clearing the app's data through your device settings.
Delete your account: if you have an account, you can delete it from within the app (Settings → Delete My Data). This will remove your profile, stored birth inputs, and all associated data from our active databases. A secure, encrypted backup may be retained for up to 180 days for fraud prevention and legal compliance, after which it is permanently deleted (see Section 6 for details).
If you cannot access the app: you can submit an account deletion request via the public delete page (/delete-account) or by emailing privacy@mego.ai with your account email. We process verified deletion requests within up to 30 days.
Manage notifications: you can change or disable daily reminder notifications from Settings → Daily Reminder.
Cloud chat backup: you can enable or disable cloud backup for Ask Mego conversations from Settings. If you disable it, new chats remain offline on your device and you can clear previously stored server-side chat history.
Sign out: you can sign out of your account at any time from Settings. Your local data remains on your device.

9.2 Privacy Rights by Location

Depending on where you live, you may have certain rights regarding your personal data under applicable law. These may include the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data ("right to be forgotten").
Object to or restrict certain processing of your data.
Request portability of your data in a structured, machine-readable format.
Withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at privacy@mego.ai with sufficient detail for us to verify your identity and process your request. We will respond within the timeframe required by applicable law (typically 30 days).

9.3 Indian Data Protection Rights

If you are based in India, you may have rights under the Digital Personal Data Protection Act, 2023 (DPDPA). These include the right to access information about processing, the right to correction and erasure, the right to grievance redressal, and the right to nominate another person to exercise your rights on your behalf. You may exercise these rights by contacting us at privacy@mego.ai.

Grievance Officer: For the purposes of the DPDPA, you may contact our Grievance Officer at privacy@mego.ai. We will acknowledge your grievance within 48 hours and resolve it within the timeframe prescribed by applicable law.

9.4 European Economic Area (EEA) and UK

If you are in the EEA or UK, your data is protected under the General Data Protection Regulation (GDPR) or UK GDPR respectively. You may exercise all rights listed in Section 9.2. Our legal bases for processing are described in Section 14.

10. International Data Transfers

GIAS VENTURES PRIVATE LIMITED is based in India. Your data is primarily processed in India. However, our service providers may process data in other jurisdictions:

Vercel (backend hosting): may process data in the United States or EU.
Google (authentication, analytics, integrity, Places): may process data globally.
OpenAI (AI features): processes data in the United States.
New Relic (monitoring): may process data in the United States.

When data is transferred outside your country of residence, we rely on contractual safeguards (including standard contractual clauses where applicable) and the security measures of our service providers to ensure an adequate level of protection.

11. Cookies and Local Storage

The Mego website (mego.ai) may use cookies and similar technologies for essential functionality (e.g., maintaining session state) and analytics. The mobile app uses:

Encrypted local storage (backed by Android Keystore / iOS Keychain) for sensitive data including birth inputs and session tokens.
Shared preferences for non-sensitive settings such as theme, language, and notification preferences.

We do not use cookies or local storage for advertising or behavioural targeting.

12. Third-Party Links

Mego may contain links to third-party websites or services (e.g., Google Play Store for ratings, our website for policy documents). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy.
Where appropriate, provide notice through the app or by email.

We encourage you to review this policy periodically. Your continued use of Mego after a change becomes effective constitutes your acknowledgement of the updated policy. If you disagree with any changes, you should stop using Mego and, if applicable, delete your account.

14. Legal Basis for Processing

We process your personal data on the following legal bases, as applicable under the laws of your jurisdiction:

Performance of a service: processing your birth inputs is necessary to provide you with the core functionality of Mego.
Consent: where you voluntarily create an account, initiate AI-powered features (Ask Mego), or enable push notifications.
Legitimate interests: analysing aggregated, de-identified usage data to improve Mego; device attestation and rate limiting to ensure security and prevent abuse; session management.
Legal obligations: where we are required to process or retain data to comply with applicable laws.

15. Notifications

Mego may send local push notifications to remind you to check your daily clarity. These notifications:

Are scheduled locally on your device - they do not come from our servers.
Contain only generic reminder text (e.g., "Daily Clarity for uncertainty") - no personal data is included in notification content.
Can be changed or disabled at any time from Settings → Daily Reminder.
Require your explicit permission on Android 13+ and iOS before they are enabled.

16. In-App Purchases

Mego offers a Pro subscription through the Google Play Store (and in future, the Apple App Store). When you make a purchase:

The transaction is handled entirely by the platform's billing system (Google Play Billing / Apple StoreKit). We do not collect or store your payment card details.
We receive a purchase token from the platform to verify your subscription status. This token does not contain payment instrument details.
Subscription management (cancellation, refunds) is handled through the respective app store.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General support: support@mego.ai
Privacy inquiries and data rights: privacy@mego.ai
Security issues: security@mego.ai
Company: GIAS VENTURES PRIVATE LIMITED, India
Website: https://mego.ai

This privacy policy was last reviewed and updated on March 24, 2026.