Privacy Policy

1. Who This Policy Applies To

This Policy applies to visitors, registered users, and subscribers worldwide. Some rights and disclosures below apply only in certain jurisdictions (for example, the EEA, UK, Switzerland, and certain US states). Where local laws require additional disclosures, we will provide them in this Policy or through in-product notices.

2. Information We Collect

We collect information you provide, information collected automatically when you use the Service, and (where applicable) information from payment and support partners. We do not intentionally collect data from children and the Service is not directed to children.

• Account Information: Name (if provided), email address, authentication credentials, subscription status, and account preferences required to create and manage your account.
• Third-Party Sign-In Data (Google OAuth): If you sign up or log in using Google, we collect your name, email address, language preference, and profile picture URL as provided by Google. We do not receive or store your Google password.
• Astrological Chart Data: Birth date, birth time, and birth place (for example, city and country). This information is personal data. It is not a GDPR special category by default, but we treat it as sensitive-in-context because it can be highly personal. If you upload or enter data about other individuals (for example, clients), you confirm you have lawful permission to do so.
• Content You Submit: Notes, saved charts, interpretations you generate or store, prompts, feedback, and support requests.
• Transaction and Billing Data (via Dodo Payments): Purchase history, subscription plan, billing country, tax status, and payment-related records. Payments are processed by Dodo Payments, our Merchant of Record. We do not receive or store your full payment card details. Dodo Payments processes payment data under its own privacy policy and obligations.
• Usage and Device Data: Log data and analytics such as IP address, device identifiers, browser type, pages viewed, feature usage, timestamps, error logs, and similar diagnostic data.
• Cookies and Similar Technologies: Identifiers stored in cookies or local storage that are necessary for the Service to function and, if you consent, for analytics or personalization. See our Cookie Policy for details.

3. Purposes and Legal Bases for Processing (GDPR)

Where the GDPR (or similar laws) apply, we process personal data only when we have a valid legal basis. Depending on how you use the Service, the legal bases include contract performance, legitimate interests, consent, and compliance with legal obligations.

• To Provide and Operate the Service (Contract): Create and manage accounts, generate charts and outputs based on the data you input, provide core features, and deliver customer support.
• To Provide AI Interpretations (Contract): When you use AI features, we process chart data and your prompts to generate astrological interpretations using third-party AI models.
• To Manage Subscriptions and Billing (Contract and Legal Obligation): Enable subscription purchase, renewal, invoicing, tax handling, and payment administration through Dodo Payments as Merchant of Record, including handling chargebacks, fraud prevention, and required accounting records.
• To Improve and Secure the Service (Legitimate Interests): Maintain, troubleshoot, monitor performance, prevent abuse, detect fraud, and protect the security and integrity of the Service.
• To Send Service Communications (Contract and Legitimate Interests): Send essential messages such as security alerts, billing notices, policy updates, and information about changes to the Service.
• Marketing (Consent or Legitimate Interests Where Permitted): If you opt in where required, we may send newsletters or product updates. You can opt out at any time using the unsubscribe link or your account settings.
• Cookies and Analytics (Consent Where Required): Set non-essential cookies or similar technologies only when required consent has been obtained under applicable law.

4. How We Share Information

We share personal data only as needed to provide the Service, comply with law, and protect our rights. We do not sell personal data in the traditional sense.

• Service Providers (Processors): Hosting, content delivery, database infrastructure, logging/monitoring, email delivery, customer support tools, and analytics providers. They process data on our behalf under contractual confidentiality and security obligations. See Section 4a below for the current list of specific sub-processors.
• AI Model Providers (Processors): We route AI interpretation requests through OpenRouter (openrouter.ai), which may forward them to underlying model providers (such as DeepSeek, OpenAI, Anthropic, or Google, depending on the model selected). We direct these providers not to use your data to train their models.
• Payments (Dodo Payments as Merchant of Record): When you purchase a subscription, Dodo Payments (dodopayments.com) processes payment and billing data as Merchant of Record and is responsible for payment compliance, taxes, refunds, and chargebacks under its own terms of service and privacy policy. We receive limited transaction information needed to provision your subscription.
• Legal and Safety: If required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, safety, and security of Astrologer Studio, our users, or others.
• Business Transfers: If we undergo a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

4a. Third-Party Sub-Processors

The following is the current list of third-party services that process personal data on our behalf or as independent controllers. This list may be updated from time to time as the Service evolves.

• Hosting and Infrastructure: Railway Corp. (railway.app) — Application hosting and container orchestration. Servers located in the US and EEA regions depending on deployment configuration.
• Database: PostgreSQL hosted via managed database services. Connection details and region depend on the deployment configuration.
• Payments: Dodo Payments (dodopayments.com) — Merchant of Record for subscription billing, tax handling, refunds, and chargebacks.
• AI Interpretations: OpenRouter (openrouter.ai) — API gateway for AI model access. Underlying model providers may include DeepSeek, OpenAI, Anthropic, or Google depending on configuration.
• Geocoding and Location Lookup: GeoNames (geonames.org) — Used to resolve city names, coordinates, and timezones from birth place data entered by users.
• Email (Transactional): SMTP-based email delivery (currently Zoho Mail) — Used to send password reset emails, account verification, and service notifications. We do not use your email for marketing unless you have opted in.
• Analytics: Umami (umami.is) — Privacy-focused, cookieless web analytics. Umami does not collect personal data, does not use cookies, and does not track users across sites. Analytics can be disabled entirely by the instance operator.
• Anti-Abuse: Google reCAPTCHA (google.com/recaptcha) — Used during registration and sensitive actions to prevent automated abuse. Google may set cookies and collect usage data subject to Google’s Privacy Policy.
• CDN and Static Assets: Statically CDN (statically.io) — Used to deliver static image assets.

5. International Data Transfers

We may process and store information in the EEA and other countries. Where we transfer personal data from the EEA/UK/Switzerland to countries that do not provide an equivalent level of protection, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses, and where relevant additional measures.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy. The specific retention periods are as follows:

• Account Data (name, email, preferences): Retained for as long as your account is active. Upon account deletion or closure request, account data is permanently deleted from our production databases within 30 days.
• Astrological Chart Data (birth date, birth time, birth place, saved charts): Retained for as long as your account is active. You may delete individual subjects and charts at any time. Upon account deletion, all chart data is permanently deleted within 30 days.
• AI Interpretation Cache: AI-generated interpretations are cached server-side to improve performance. Cached entries are considered stale after 24 hours and are not served beyond that period; stale entries are periodically purged during maintenance. Your browser may also cache interpretations locally for up to 7 days. You can clear local caches at any time from your account settings. All cached interpretations, both server-side and client-side, are permanently deleted when your account is deleted.
• Billing and Transaction Records: Retained for as long as required by applicable tax and accounting laws (typically up to 10 years in the EU) even after account deletion, as mandated by law. These records are managed by Dodo Payments as Merchant of Record.
• Server Logs and Security Data: IP addresses, error logs, and security event logs are retained for up to 90 days for security monitoring and abuse prevention, then automatically deleted.
• Backups: Encrypted backups that may contain personal data are rotated and permanently deleted within 30 days of creation. After account deletion, your data will be purged from all backup cycles within this 30-day window.

7. Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. Measures may include encryption in transit, access controls, logging, and least-privilege practices. No method of transmission or storage is 100 percent secure, and we cannot guarantee absolute security.

8. Your Rights (EEA/UK and Similar Laws)

Depending on your location, you may have rights over your personal data. These rights are not absolute and may be subject to legal limitations.

• Right of Access: You can request confirmation of whether we process your personal data and obtain a copy of it.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of personal data in certain circumstances.
• Right to Restrict Processing: You can request that we limit processing in certain circumstances.
• Right to Data Portability: You can request a copy of certain data in a structured, commonly used, machine-readable format, and to transmit it to another controller where technically feasible.
• Right to Object: You can object to processing based on legitimate interests, and you can object at any time to direct marketing.
• Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Lodge a Complaint: If you are in the EEA/UK, you have the right to lodge a complaint with your local data protection supervisory authority.
• Rights of Third-Party Data Subjects: If you believe that an Astrologer Studio user has entered your personal data (such as your birth details) into our Service without your consent, please contact us at admin@astrologerstudio.com. Because our user is the Data Controller of this information, we will notify them of your request and assist in fulfilling your right to erasure by removing your data from our systems.

9. Additional Disclosures for Certain Regions (Global)

If you reside outside the EEA/UK, you may have similar rights under local laws (for example, rights to access, delete, or correct personal information). Where applicable, you may also have rights to opt out of certain targeted advertising or "sale"/"sharing" concepts as defined by local law. We do not provide astrology outputs for the purpose of making decisions about employment, housing, credit, insurance, or similar high-stakes outcomes.

10. Automated Processing

Astrologer Studio generates charts and interpretations using software logic based on the birth and preference data you provide. We do not engage in automated decision-making that produces legal effects or similarly significant effects about you within the meaning of GDPR Article 22.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last Updated" date. If changes are material, we will provide an additional notice, such as an in-app notification or email, where required.