Loading...
Last Updated: February 19, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Astrologer Studio ("Processor", "we", "us") and you ("Controller", "you"), and governs our processing of personal data relating to third parties (such as your clients or subjects) that you input into the Service to generate astrological charts.
This DPA is entered into pursuant to Article 28 of the EU General Data Protection Regulation (GDPR) and equivalent provisions under UK GDPR. It applies only to personal data for which you are the Data Controller and we act as your Data Processor. For personal data relating to your own account (such as your email, credentials, and billing information), we act as the Data Controller and our Privacy Policy applies directly.
"Personal Data", "Data Controller", "Data Processor", "Data Subject", "Processing", "Sub-Processor", and "Supervisory Authority" have the meanings given to them in the GDPR (or equivalent terms under applicable data protection law). "Client Data" means Personal Data relating to third-party individuals (such as your clients or subjects) that you input into the Service.
You, the Controller, determine the purposes and means of processing Client Data. We process Client Data solely on your documented instructions and only to the extent necessary to provide the Service to you.
The subject matter and purpose of processing is the generation of astrological charts, transit calculations, synastry analyses, and related outputs based on the birth data you provide. Processing includes storage, retrieval, computation, display, caching, export, and deletion of Client Data within the Service.
You represent and warrant that you have a lawful basis to process the Client Data and to instruct us to process it on your behalf. You are responsible for providing any required notices to, and obtaining any necessary consents from, the individuals whose data you input into the Service.
You are responsible for the accuracy, quality, and legality of the Client Data you provide. You agree not to input special categories of personal data (as defined in GDPR Article 9) into the Service unless explicitly supported and permitted.
We will process Client Data only on your documented instructions, including with regard to transfers of personal data to a third country, unless required to do so by applicable law, in which case we will inform you of that legal requirement before processing (unless prohibited by law).
We ensure that persons authorized to process Client Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as described in Section 6 of this DPA.
We will assist you, insofar as this is possible and by appropriate technical and organizational measures, in fulfilling your obligation to respond to requests from data subjects exercising their rights under applicable data protection law.
We will assist you in ensuring compliance with your obligations regarding security, breach notification, data protection impact assessments, and prior consultations with supervisory authorities, taking into account the nature of processing and the information available to us.
You provide general authorization for us to engage sub-processors to assist in providing the Service. The current list of sub-processors is set out in Section 4a of our Privacy Policy.
We will inform you of any intended addition or replacement of sub-processors, giving you a reasonable opportunity to object. If you object on reasonable data protection grounds and we cannot accommodate your objection, either party may terminate the affected part of the Service.
We impose data protection obligations on each sub-processor by way of a contract that provides at least the same level of protection as this DPA. We remain liable for the acts and omissions of our sub-processors.
We implement and maintain technical and organizational measures designed to protect Client Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include, as applicable:
In the event of a personal data breach affecting Client Data, we will notify you without undue delay after becoming aware of the breach. The notification will include, to the extent available, the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to mitigate the breach.
We will cooperate with you and take reasonable steps to assist in the investigation, mitigation, and remediation of any such breach.
Client Data may be processed in the EEA and in other jurisdictions where our infrastructure or sub-processors operate. Where Client Data is transferred to a country outside the EEA/UK that does not benefit from an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, and any additional measures necessary to ensure an adequate level of protection.
You may delete individual subjects and charts at any time through the Service interface. Upon deletion, the data is permanently removed from our production databases.
Upon termination of your account or upon your written request, we will delete all Client Data from our production systems within 30 days. Client Data in encrypted backups will be purged within the backup rotation cycle (up to 30 days). We may retain data to the extent required by applicable law (for example, billing records), but such retained data will be limited to what is legally required and will not be used for any other purpose.
Upon your request, and where technically feasible, we will provide you with a copy of your Client Data in a structured, commonly used, machine-readable format before deletion.
We will make available to you, on reasonable request, information necessary to demonstrate compliance with this DPA and applicable data protection law.
You (or a mandated, independent auditor subject to confidentiality obligations) may conduct audits or inspections, no more than once per calendar year and upon reasonable advance written notice, to verify our compliance with this DPA. Audits shall be conducted during normal business hours and in a manner that minimizes disruption to our operations. You shall bear the costs of any such audit unless the audit reveals a material breach of this DPA by us.
Because you are the Controller of Client Data, data subjects should direct their rights requests (access, rectification, erasure, restriction, portability, objection) to you in the first instance.
If we receive a request from a data subject directly regarding Client Data, we will promptly redirect the data subject to you and notify you of the request, unless prohibited by law. We will not respond to such requests directly unless instructed by you or required by applicable law.
We will provide you with reasonable technical assistance to fulfill data subject requests to the extent they relate to Client Data processed within the Service.
This DPA takes effect when you first input Client Data into the Service and remains in effect for as long as we process Client Data on your behalf. The obligations regarding confidentiality, data deletion, and cooperation survive termination.
This DPA automatically terminates upon deletion of your account and completion of the data deletion processes described in Section 9.
This DPA is governed by the same law that governs the Terms of Service. Where the GDPR applies, this DPA shall be interpreted in accordance with the GDPR regardless of the governing law of the Terms.
For questions about this DPA or to exercise your rights as a Controller, contact us at:
Email: admin@astrologerstudio.com