Privacy Policy

1. Information We Collect

When you use Astrotical, we collect the following categories of information:

1.1 Account Information

• Name and email address
• Profile image (if provided via Google OAuth)
• Authentication credentials (encrypted)
• Account creation date and last login

1.2 Birth Data and Personal Information

• Date, time, and place of birth
• Geographic coordinates (derived from birth location)
• Birth sex
• Partner information (if provided for compatibility analysis)
• Generated astrological data (kundali, planetary positions, dashas)

1.3 Usage Data

• Chat history and conversation content with our AI
• Feature usage patterns and interactions
• Pages visited and time spent on the service
• Search queries and preferences
• Journal entries and mood tracking data

1.4 Technical Information

• IP address and approximate location
• Browser type, version, and language
• Device type, operating system, and screen resolution
• Cookies and similar tracking technologies
• Referral source (how you found our website)
• Log files and error reports

1.5 Payment Information

• Payment method information (processed securely by Stripe)
• Billing address
• Transaction history
• Note: We do NOT store your full credit card numbers or sensitive payment data

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Generate personalized astrological insights, predictions, and recommendations based on your birth chart
• Account Management: Create and maintain your account, authenticate users, and provide customer support
• Service Improvement: Analyze usage patterns to improve our AI models, features, and user experience
• Communication: Send important updates, notifications, security alerts, and customer support messages
• Payment Processing: Process subscription payments and manage billing
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Analytics: Understand how users interact with our service to optimize performance
• Marketing: Send promotional communications (only with your consent)

3. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your data only in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our service:

• Insforge: Backend infrastructure, database hosting, and authentication services
• Minimax AI: AI model provider for generating astrological predictions (your birth data and conversation context are processed)
• Stripe: Payment processing and subscription management
• Google: OAuth authentication (if you choose to sign in with Google)
• Vercel: Website hosting and content delivery

All service providers are bound by strict confidentiality agreements and are prohibited from using your data for any other purpose.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, law enforcement).

3.3 Business Transfers

If Astrotical is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

4. Your Rights and Choices

You have the following rights regarding your personal information:

4.1 Access and Download

You have the right to access and download all personal data we hold about you. You can request a copy of your data by contacting us at privacy@astrotical.com.

4.2 Correction and Update

You can update your account information, birth data, and preferences at any time through your account settings.

4.3 Deletion

You have the right to request deletion of your account and all associated data. Once deleted, this action cannot be undone. Some information may be retained for legal or legitimate business purposes as required by law.

4.4 Opt-Out of Marketing

You can opt out of receiving promotional emails at any time by clicking the "unsubscribe" link in the email or by updating your notification preferences in your account settings.

4.5 Cookie Management

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the service.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Secure Authentication: Passwords are hashed using bcrypt; session tokens are HTTP-only and secure
• Access Controls: Strict access controls limit who can access user data internally
• Regular Security Audits: We conduct regular security assessments and penetration testing
• Secure Infrastructure: Our hosting providers maintain SOC 2 Type II compliance
• Monitoring: We monitor for suspicious activity and security threats

While we implement strong security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

6.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and basic functionality
• Preference Cookies: Remember your settings (theme, language)
• Analytics Cookies: Help us understand how users interact with our service
• Session Cookies: Maintain your logged-in state during your visit

6.2 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers accept cookies automatically, but you can modify your browser settings to decline cookies. Disabling cookies may affect your ability to use certain features.

6.3 Do Not Track

Currently, there is no industry-wide standard for recognizing "Do Not Track" signals. We do not respond to Do Not Track browser signals at this time.

7. International Users and GDPR Compliance

7.1 International Data Transfers

Astrotical is based in the United States. If you access our service from outside the United States, your information will be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using Astrotical, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

7.2 European Union Users (GDPR)

If you are located in the European Union (EU), European Economic Area (EEA), or United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request confirmation of whether we process your personal data and receive a copy
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Service improvement, fraud prevention, and security
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws

7.4 Data Retention

We retain your personal data only as long as necessary to provide our services and for legitimate business purposes. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

8. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

8.1 Your CCPA Rights

• Right to Know: Request information about what personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (Note: We do NOT sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

8.2 Categories of Personal Information

In the last 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, IP address)
• Personal information (birth date, birth location, birth time)
• Internet activity (browsing history, chat interactions)
• Commercial information (subscription history, purchases)
• Geolocation data (approximate location from IP)
• Inferences (astrological profiles, preferences)

8.3 How to Exercise Your Rights

To exercise your CCPA rights, contact us at privacy@astrotical.com with "California Privacy Request" in the subject line. We will verify your identity and respond within 45 days.

8.4 We Do Not Sell Personal Information

Astrotical does NOT sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

9. Children's Privacy (COPPA)

Astrotical is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18 without verifiable parental consent.

If you are under 18, you must have your parent or legal guardian's permission to use Astrotical. Parents or guardians who believe we may have inadvertently collected information from a child under 18 should contact us immediately at privacy@astrotical.com, and we will promptly delete such information.

If we learn that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

10. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy. Specific retention periods include:

• Account Data: Retained while your account is active
• Chat History: Retained while your account is active
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Audit Logs: Retained for 2 years for security and compliance
• Deleted Account Data: Permanently deleted within 30 days (except where legally required)

We may retain anonymized or aggregated data indefinitely for analytics and service improvement purposes.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Effective Date" at the top of this page
• Material changes will be communicated via email or prominent notice on our website
• Your continued use of Astrotical after changes are posted constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days (45 days for CCPA requests).