Privacy Policy

1. Information We Collect

To provide our Service, we collect the following types of information:

A. Information You Provide to Us

• Contact Information: Your email address, which we use to deliver your reports, send weekly forecasts (if subscribed), and communicate with you about your orders.
• Astrological Data: Birth dates, birth times (if provided), and birth locations for the individuals in the report. This data is essential for generating your personalized astrological analysis.
• Payment Information: Your payment card details. This information is provided directly to our payment processor, Stripe, and is never stored on our servers.

B. Information We Collect Automatically

• Log and Usage Data: Our servers automatically collect log data when you access our Service, which may include your IP address, browser type, operating system, referring URLs, and the dates and times of your access.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to operate and administer our site, improve your experience, and for analytics purposes. For more details, see Section 7.

2. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contract with you (e.g., generating and delivering your report).
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our services, fraud prevention), where not overridden by your rights.
• Consent: Where you have given explicit consent (e.g., subscribing to marketing emails).
• Legal Obligation: Processing necessary to comply with legal requirements.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our Service.
• To generate and deliver your personalized astrological reports and forecasts.
• To process your payment transactions securely.
• To communicate with you, including sending transactional emails and responding to your inquiries.
• To send you weekly forecasts and occasional marketing communications (with your consent), which you may opt out of at any time.
• To monitor and analyze usage to improve our Service's performance and functionality.
• To detect, prevent, and address technical issues, fraud, or security concerns.
• To comply with legal obligations and to protect our rights and the rights of others.

4. Data Sharing and Third-Party Services

We do not sell your personal information. We only share your data with trusted third-party service providers who help us operate our Service, under strict data processing agreements. These include:

• Payment Processor: We use Stripe to process payments securely. We do not store your full payment card information on our servers.
• AI Service Providers: We use third-party artificial intelligence services to generate the narrative content of your reports. Only the astrological data necessary for report generation (birth dates, times, locations) is shared with these providers. Your email address is not shared with AI providers.
• Email Service Provider: We use Resend to send transactional and marketing emails, such as report delivery and weekly forecasts.
• Audio Generation: We use ElevenLabs to generate audio versions of content. Only text content is shared; no personal identifiers are transmitted.
• Cloud Storage: We use DigitalOcean for secure file storage and hosting.
• Analytics Provider: We use Google Analytics to understand website traffic and user behavior. This service may collect your IP address and other usage data.
• Geocoding Service: We use Geoapify to convert birth locations into geographic coordinates (latitude/longitude) for astronomical calculations.
• Error Monitoring: We use Sentry to monitor and fix technical errors. Error logs may contain technical data but are not used to identify individuals.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.

5. International Data Transfers

Our servers are located in the United States (DigitalOcean). Some of our third-party service providers may also process data outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the service provider's compliance with applicable data protection frameworks.

By using our Service, you acknowledge and consent to the transfer, storage, and processing of your data in jurisdictions outside your country of residence, which may have different data protection laws.

6. Data Security

We implement appropriate technical and organizational security measures to maintain the safety of your personal information. These include:

• All data is transmitted over secure, encrypted channels (HTTPS/TLS).
• Access to personal data is strictly limited to authorized personnel.
• Regular security assessments and updates to our systems.
• Secure password hashing and authentication mechanisms.

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Necessary for the website to function properly (e.g., session management, security).
• Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics).
• Marketing Cookies: Used to deliver relevant advertisements (Facebook Pixel, Google Ads).

You can control cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Service.

8. Your Data Rights

Under the GDPR and other applicable laws, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data, subject to certain legal exceptions.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (in Latvia: Data State Inspectorate).

To exercise any of these rights, please contact us at the email address provided in Section 13. We will respond to your request within 30 days.

9. Data Retention

We retain your personal information for the following periods:

• Account and Order Data: Retained for as long as necessary to provide our services and for 7 years thereafter for legal and tax compliance purposes.
• Marketing Preferences: Retained until you unsubscribe or request deletion.
• Analytics Data: Retained in anonymized form for up to 26 months.
• Generated Reports: Stored for 30 days after generation, then automatically deleted from our servers.

You can request earlier deletion of your data as described in Section 8, subject to legal retention requirements.

10. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers promptly. If you believe we have collected data from a child under 16, please contact us immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt-out of the sale of personal information. We do not sell your personal information.
• The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us using the information in Section 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: