Privacy Policy

Astralora ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes exactly what information we collect through the Astralora mobile application and the website at astralora.com ("Services"), how we use it, how we protect it, and the choices you have. By using our Services, you agree to the practices described here.

If you have questions at any point, contact us at privacy@astralora.com.

1. Information You Provide to Us

1.1 Birth Information

To generate your astrological chart and readings, you provide your date of birth, time of birth (optional), and city of birth. This information is stored locally on your device only using encrypted on-device storage. It is not transmitted to our servers unless you explicitly use a profile sync feature. Your birth date and birth location are used solely to perform astronomical calculations — we do not use this data for advertising, profiling, or any purpose other than providing the Service to you.

Under certain privacy frameworks (including GDPR and CCPA), birth date may constitute personal data. We treat it as such and apply appropriate protections accordingly.

1.2 Your Name

The display name you enter during onboarding is stored locally on your device. It is used only to personalise how your home screen greets you and is never transmitted to third parties.

1.3 Support Communications

If you contact us by email, we receive your email address and the contents of your message. We use this information solely to respond to your inquiry. Support emails are retained for 24 months and then deleted.

2. Information Collected Automatically

2.1 Device Identifier

On first launch, Astralora generates a random UUID ("device ID") and stores it locally. This identifier is used to authenticate requests to our server (for example, to verify your subscription status). It is not linked to your name, Apple ID, Google account, email address, or any information that personally identifies you to us. It cannot be used to track you across other apps or websites.

2.2 Crash and Diagnostic Data

If the app crashes, limited diagnostic information (device model, operating system version, app version, and a crash trace) may be collected automatically to help us fix bugs. This information does not include your birth data, name, or any reading content.

2.3 Subscription and Purchase Status

We verify your subscription status by communicating with Apple's App Store Server API or Google Play's Developer API. We receive confirmation of whether a valid subscription exists and when it expires — we do not receive or store your payment card details, bank information, or billing address. All payment processing is handled entirely by Apple or Google.

3. How Readings Are Generated

Daily, monthly, and yearly readings are generated by sending a request to one or more AI language model APIs (currently DeepSeek; OpenAI may also be used). The request contains:

• Your Western sun sign name (e.g., "Scorpio") — not your birth date
• Computed planetary positions for the relevant date or period, derived from established astronomical calculations performed on-device
• The date or period the reading is for

Your name, birth date, birth time, birth location, and device ID are never sent to any AI provider. The prompt these providers receive contains no information that would identify you as an individual. Each provider processes data under their own privacy policy — DeepSeek: deepseek.com/privacy; OpenAI: openai.com/policies/privacy-policy.

4. Third-Party Services

We use the following third-party services. Each has their own privacy policy governing their data practices:

• RevenueCat — manages subscription entitlement status. RevenueCat receives your device ID and subscription product identifiers. They do not receive your birth data or name. Privacy policy: revenuecat.com/privacy
• Apple App Store — processes iOS payments and provides subscription verification. Governed by Apple's privacy policy: apple.com/legal/privacy
• Google Play — processes Android payments and provides subscription verification. Governed by Google's privacy policy: policies.google.com/privacy
• DeepSeek / OpenAI — one or both may be used to generate reading text from anonymised sign-and-transit prompts. No personally identifiable information is included in these prompts. Privacy policies: DeepSeek · OpenAI

We do not use advertising SDKs, social login providers, or third-party analytics services that track individual users. We do not sell your personal information to any third party. We do not share personal information with third parties for the purpose of targeted or cross-context behavioural advertising.

5. How We Use Your Information

We use the information we collect only for the following purposes:

• To compute your astrological birth chart and generate your readings
• To verify that you have a valid subscription before granting access to premium features
• To respond to support requests you initiate
• To diagnose and fix crashes and technical issues
• To comply with legal obligations

We do not use your information to serve advertisements, to build a profile for resale, or for any purpose not listed above.

6. Data Storage and Security

Your birth data and profile are stored locally on your device using platform-provided secure storage (iOS Keychain / Android Keystore-backed shared preferences). Reading cache data is stored in an encrypted local database and automatically pruned after 3 days.

Any information transmitted between the app and our servers (for example, subscription verification requests) is transmitted over HTTPS using TLS 1.2 or higher. Server-side receipt verification is performed using authenticated API calls to Apple and Google.

No security system is impenetrable. In the unlikely event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

7. Data Retention

• Birth data, name, profile — stored on your device only. Deleted when you uninstall the app or clear app data. If you have synced a profile to our servers, it is retained until you request deletion.
• Reading cache — retained on-device for a maximum of 3 days, then automatically purged.
• Device ID — retained on-device until app uninstall. Server-side association with subscription status is retained for the life of your subscription plus 90 days.
• Support emails — retained for 24 months from the date of your last message, then deleted.
• Crash diagnostics — retained for 90 days, then deleted.

8. Children's Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@astralora.com and we will delete the information promptly. If you are under 16, please do not use the Services.

9. Your Rights — EEA, UK and Switzerland (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent applicable law:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate personal data.
• Right to erasure — you may ask us to delete your personal data, subject to certain exceptions required by law.
• Right to restriction of processing — you may ask us to limit how we use your data in certain circumstances.
• Right to data portability — you may request your personal data in a structured, machine-readable format.
• Right to object — you may object to our processing of your personal data where we rely on legitimate interests as our legal basis.
• Right to withdraw consent — where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Our legal bases for processing are: (a) performance of our contract with you, for computing your chart and delivering your subscription; (b) our legitimate interests, for crash diagnostics and fraud prevention; and (c) legal obligation, where required by applicable law.

To exercise any of these rights, email privacy@astralora.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Your Rights — California and Other U.S. States (CCPA/CPRA)

If you are a California resident or a resident of another U.S. state with applicable privacy legislation, you may have the following rights:

• Right to know — the categories of personal information we have collected, the purposes for collection, and whether we have sold or disclosed it.
• Right to delete — to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to correct — to request correction of inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell personal information, nor do we share it for cross-context behavioural advertising. There is nothing to opt out of, but you may contact us to confirm.
• Right to limit use of sensitive personal information — we do not use sensitive personal information (including birth date) for any purpose beyond providing the Service.
• Right to non-discrimination — we will not discriminate against you for exercising any privacy right.

To exercise any right, email privacy@astralora.com with "Privacy Request" in the subject line. We will verify your identity before processing your request and respond within 45 days (with one possible 45-day extension).

11. International Data Transfers

Astralora is operated from [your country]. If you are located outside this jurisdiction, certain data (such as subscription verification requests routed through Apple or Google, and reading generation requests routed through our AI providers, currently DeepSeek and/or OpenAI) may be processed in servers located in other countries, including the United States. Where required, we rely on applicable transfer mechanisms (such as standard contractual clauses under GDPR) to ensure your data receives an adequate level of protection.

12. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any information to them.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, provide notice within the app or by email. Your continued use of the Services after notice of changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

14. Contact Us

For any privacy-related questions, requests, or concerns:

• Email: privacy@astralora.com
• General support: support@astralora.com

We aim to respond to all privacy enquiries within 5 business days.