In the Adi Tantra tradition, the relationship between Guru and Shishya is held in absolute sacred confidence.
That which is received in initiation is never spoken of in the marketplace. The mantra, the teaching, the inner experience — these are between you and the Divine, transmitted through your Guru. This is Guhya — the sacred secret that protects the power of the transmission.
Diksha mantras given in initiation. Your private journal of inner experiences — dreams, visions, kriyas, insights. Your Inner World data — fears, habits, aspirations. Personal guidance written for you alone.
Your profile, sadhana log, course progress, questions you have asked. Visible to your assigned Guru and the temple administrators who hold the system in trust.
Your first name only, and the fact that you have practiced today. Nothing more. You may opt out of the Sangha entirely from your profile.
Where your data lives. All records are stored on AWS infrastructure in London (eu-west-2 region), encrypted at rest and in transit. Daily database backups are retained for seven days.
Who has access. Only the temple administrators (SUPER_ADMIN) and your assigned Guru (GURU_ADMIN) can read your data, scoped to their role. Other Gurus cannot see devotees they have not been assigned to. No employee of any third-party service has access to your personal records.
Your rights. You may request a copy of all data we hold about you, ask for corrections, or request permanent deletion of your account at any time. Write to your Guru or to the temple administration.
What we never do.
The container is the practice. We hold this space as a sacred trust.
Data controller. MahaVidya Academy. For all data matters, write to contact@mahavidya.academy.
What we collect. Name, email, phone, age, city and country, birth details (if you choose to share them), your spiritual background and preferences, your practice logs and course progress, the questions you ask your guide, and any journal entries or private experiences you record.
Legal basis. We process your data under legitimate interest (running a private spiritual community) and explicit consent (ticked on signup) for UK-GDPR Article 6(1)(a) and 6(1)(f). You can withdraw consent at any time by deleting your account.
Who processes your data. AWS (hosting + database, London region), SendGrid (transactional email), Twilio (SMS one-time codes), Stripe (dakshina, when enabled). Each provider operates under their own GDPR-compliant terms and only receives the minimum data needed for their function.
International transfers. Our database lives in London (eu-west-2). Our devotees live in India, the UK, the EU, and beyond. Where data crosses borders it is covered by Standard Contractual Clauses with our processors.
How long we keep your data. Until you delete your account, or two years after your last sign-in (whichever is sooner). Financial records (dakshina receipts) are kept for seven years to meet tax and accounting law.
Your rights. You have the right to access, rectification, erasure, portability, restriction, and objection. The most common two are ready for you today:
For any other request (correction, restriction, objection) write to contact@mahavidya.academy.
Cookies. We use one strictly-necessary cookie to keep you signed in (an HTTP-only JWT session cookie). We do not use tracking cookies or analytics. No cookie consent banner is needed under GDPR / PECR because the cookie is essential to the service you asked for.
Complaints.You can complain to the UK Information Commissioner's Office at ico.org.uk, or to your own country's data-protection authority.
Last updated: 15 April 2026.