Privacy Policy

We collect information that you provide directly to us, as well as information collected automatically when you use our Services. Personal Information You Provide: - Account information: email address, display name, and password when you create an account - Birth data: date of birth, time of birth, and city of birth (used to generate personalized astrological readings) - Profile information: zodiac sign, language preference - Payment information: processed securely through Stripe; we do not store your credit card numbers - Community content: posts, comments, and likes you submit to our community features - Camera images: photos of your palm, face, or eyes when you use our vision-based reading features (processed in real-time and not permanently stored on our servers) - Contact information: any information you provide when contacting our support Information Collected Automatically: - Device information: device type, operating system, unique device identifiers - Usage data: pages visited, features used, time spent on the app, reading history - Push notification tokens: device tokens for delivering push notifications (stored in our database) - IP address and approximate location: used for language detection and currency selection - Cookies and similar technologies: session cookies, preference cookies, and analytics cookies (see Section 4)

We use the information we collect for the following purposes: - To provide and personalize our Services: generating astrological readings, natal charts, tarot readings, and other divination content based on your birth data - To process transactions: handling payments for premium subscriptions and shop purchases through Stripe - To send push notifications: daily horoscope reminders and admin-initiated notifications (only with your permission) - To improve our Services: analyzing usage patterns to enhance features and user experience - To communicate with you: responding to inquiries, sending service-related announcements - To ensure security: detecting and preventing fraud, abuse, or unauthorized access - To comply with legal obligations: responding to legal requests and preventing harm - To display relevant advertisements: showing ads through Google AdSense (only with your cookie consent)

We do not sell your personal information. We may share your information with the following categories of third parties: - Service providers: companies that help us operate our Services, including: - Supabase (database hosting and authentication) - Stripe (payment processing) - Expo / Firebase Cloud Messaging (push notification delivery) - Groq / xAI (AI-powered reading generation — only anonymized prompts are sent, never your email or identity) - Google Analytics (website analytics, only with cookie consent) - Google AdSense (advertising, only with cookie consent) - RevenueCat (in-app purchase management for mobile app) - Vercel (website hosting) - Legal requirements: we may disclose information if required by law, court order, or governmental authority - Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred - With your consent: we may share information for any other purpose with your explicit consent

Our website uses cookies and similar tracking technologies. We provide a cookie consent banner that allows you to control your preferences. Types of cookies we use: - Necessary cookies: required for the website to function (authentication, session management). Always active. - Analytics cookies: Google Analytics tracking to understand how visitors use our website. Only activated with your consent. - Marketing cookies: Google AdSense for displaying relevant advertisements. Only activated with your consent. You can change your cookie preferences at any time through the cookie consent banner or by clearing your browser cookies. The mobile app uses local storage (AsyncStorage) to store your preferences, session data, and notification settings. This data remains on your device.

We implement appropriate technical and organizational security measures to protect your personal information, including: - SSL/TLS encryption for all data in transit - Row-Level Security (RLS) policies on our database ensuring users can only access their own data - Secure authentication via Supabase Auth with support for email/password, Apple Sign-In, and Google Sign-In - API rate limiting to prevent abuse - Environment variables for all sensitive credentials (never exposed in client-side code) - Regular security reviews of our codebase While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide you with our Services. - Account data: retained until you delete your account - Reading history: retained until you delete individual readings or your account - Community posts: retained until you delete them or your account is terminated - Push notification tokens: automatically removed when you sign out; stale tokens are cleaned up when delivery fails - Payment records: retained as required by applicable tax and financial regulations - Analytics data: aggregated and anonymized data may be retained indefinitely for statistical purposes You can request deletion of your account and associated data at any time by contacting us.

Depending on your jurisdiction, you may have the following rights regarding your personal data: - Right of access: request a copy of the personal data we hold about you - Right to rectification: request correction of inaccurate personal data - Right to erasure: request deletion of your personal data ("right to be forgotten") - Right to restrict processing: request that we limit the processing of your data - Right to data portability: request your data in a structured, machine-readable format - Right to object: object to processing of your data for certain purposes - Right to withdraw consent: withdraw your consent at any time for processing based on consent (e.g., analytics cookies, push notifications) For users in the European Economic Area (EEA), these rights are guaranteed under the General Data Protection Regulation (GDPR). For California residents, the California Consumer Privacy Act (CCPA) provides similar rights. To exercise any of these rights, please contact us at the email provided in Section 14.

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action.

Our Services may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. Key third-party services we integrate with: - Supabase (supabase.com): database and authentication — governed by Supabase's privacy policy - Stripe (stripe.com): payment processing — governed by Stripe's privacy policy - Google (google.com): Analytics and AdSense — governed by Google's privacy policy - Apple (apple.com): Sign-In with Apple — governed by Apple's privacy policy - Expo (expo.dev): push notifications — governed by Expo's privacy policy - RevenueCat (revenuecat.com): in-app purchases — governed by RevenueCat's privacy policy We encourage you to review the privacy policies of any third-party services before providing your information.

The AstroSky mobile app (available on iOS and Android) collects and uses information as described in this policy, with the following additional details: - Camera access: required for palm reading, face reading, and eye reading features. Photos are processed by AI in real-time and are not permanently stored on our servers. Camera access is only requested when you choose to use these features. - Push notifications: the app may send daily horoscope reminders (scheduled locally on your device) and admin-sent notifications. You can disable notifications at any time through your device settings. - Local storage: the app stores your preferences, session data, and cached content locally on your device using AsyncStorage. - In-app purchases: premium subscriptions are managed through the App Store (iOS) or Google Play Store (Android) via RevenueCat. Payment processing follows the respective platform's privacy policies. - Haptic feedback: the app uses device vibration for enhanced user experience. No data is collected from this feature.

We use push notifications to deliver important updates and daily horoscope reminders. - We request your permission before sending any push notifications - Your device's push token is stored in our database to enable notification delivery - Push tokens are automatically removed when you sign out - You can disable push notifications at any time through your device settings or app settings - Admin-sent notifications are broadcast to all registered devices and may include promotional content - We use Expo Push API and Firebase Cloud Messaging (Android) / Apple Push Notification Service (iOS) for delivery - We do not share your push tokens with any third parties other than the notification delivery services mentioned above

Your information may be transferred to and processed in countries other than your country of residence. Our servers and service providers are located in various countries, including the United States and the European Union. When we transfer data internationally, we ensure appropriate safeguards are in place, including: - Standard Contractual Clauses (SCCs) approved by the European Commission - Data processing agreements with all service providers - Compliance with applicable data protection frameworks By using our Services, you consent to the transfer of your information to these countries.

We may update this Privacy Policy from time to time. We will notify you of any material changes by: - Posting the updated policy on our website with a new "Last updated" date - Sending a push notification to mobile app users (for significant changes) - Displaying an in-app notice Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us at: Astrology Sky Email: support@astrologysky.app We will respond to your request within 30 days.