Privacy Policy

Last Updated: April 16, 2026

This Privacy Policy explains how AstroCodex (“we”, “us”, the “Controller”) collects, uses, discloses and protects personal data of users of the AstroCodex platform and related services (the “Service”). By using the Service you acknowledge the practices described below.

1. Data Controller & Contact

The data controller is AstroCodex. For any privacy-related inquiry, including exercise of your rights, write to privacy@astrocodex.ai.

2. Personal Data We Collect

  • Account data: email address, hashed password, Google OAuth identifier, Telegram login identifier, profile display name, language preference.
  • Astrological input: date, time and place of birth, gender (optional), subjective questions you submit to the AI.
  • Derived data: computed natal chart (planetary positions, houses, aspects), AI-generated interpretations, archetype/rating results.
  • Chat history: conversations with the AI assistant and Telegram Bot, including timestamps and token usage.
  • Payment metadata: plan, amount, currency, transaction identifier, status. We do not receive or store full card numbers — these are handled by the payment processor.
  • Technical data: IP address, user-agent, device type, approximate geolocation derived from IP, referrer, session identifiers, error logs.
  • Cookies & analytics identifiers: as described in our Cookie Policy.

3. Purposes & Legal Bases

  • Provide the Service (account creation, natal chart calculation, AI interpretation) — performance of a contract (GDPR Art. 6(1)(b)).
  • Process payments, issue fiscal receipts, prevent fraud — contract performance and legal obligation (GDPR Art. 6(1)(b)(c)).
  • Service security, abuse prevention, system integrity — legitimate interest (GDPR Art. 6(1)(f)).
  • Analytics, product improvement — consent where required (GDPR Art. 6(1)(a)), otherwise legitimate interest.
  • Marketing communications — only with your explicit opt-in (GDPR Art. 6(1)(a)), withdrawable at any time.
  • Compliance with legal requests — legal obligation (GDPR Art. 6(1)(c)).

4. Payment Processors

We do not store payment card data ourselves. Transactions are processed by the following processors acting as independent controllers for fraud-prevention and fiscal purposes:

  • Paddle.com Market Ltd — Merchant of Record for international card, wallet and local-method payments.
  • Telegram Stars (Telegram FZ-LLC) — in-Telegram purchases.

5. AI Sub-processors

To produce astrological interpretations and chat responses we transmit prompts (including your birth data and questions) to the following AI providers acting as sub-processors under data-processing agreements:

  • OpenAI, L.L.C. (USA)
  • Anthropic, PBC (USA)
  • Google LLC — Gemini API (USA)
  • DeepSeek (Hangzhou DeepSeek Artificial Intelligence Co., Ltd.)
  • OpenRouter, Inc. (USA) — model routing aggregator
  • YandexGPT (Yandex LLC)

We require sub-processors not to use your data for training their foundation models. Where a provider offers such controls, we use the zero-retention / no-training API tier.

6. Data Retention

  • Account data — for the lifetime of your account, plus 90 days after deletion for backup rotation.
  • Chat history — up to 24 months, or until you delete it from your account.
  • Payment records — 5 years (tax and accounting law).
  • Server and security logs — up to 12 months.
  • Analytics identifiers — up to 14 months (see Cookie Policy).

7. Your Rights

Depending on your jurisdiction you may have the right to: access, rectification, erasure (“right to be forgotten”), restriction, objection, data portability, withdrawal of consent, and the right to lodge a complaint with a supervisory authority. Users in California may exercise CCPA rights (know, delete, correct, opt-out of “sale/share” — we do not sell personal data).

To exercise any right, email privacy@astrocodex.ai. We respond within 30 days.

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from minors under this age. If you believe a child has provided us data, contact privacy@astrocodex.ai and we will delete it promptly.

9. Security

We apply industry-standard technical and organisational measures including TLS 1.2+ in transit, encryption at rest, hashed passwords (bcrypt/argon2), role-based access, audit logs, DDoS protection and regular backups. No online service can guarantee absolute security; you are responsible for keeping your credentials confidential.

10. International Data Transfers

Our servers and sub-processors may be located outside your country of residence, including in the United States and the European Economic Area. Where required we rely on Standard Contractual Clauses (EU) or equivalent safeguards to protect your data during cross-border transfers.

11. Cookies

We use strictly necessary cookies and, subject to your consent where required, analytics cookies. Full details, cookie names, providers and retention periods are given in our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email or an in-app notice at least 14 days before taking effect. The “Last Updated” date at the top always reflects the current version.

13. Complaints

If you believe we have mishandled your personal data, first contact privacy@astrocodex.ai. You may also lodge a complaint with your local data-protection authority (e.g. the Irish Data Protection Commission for EU/EEA users, the ICO in the United Kingdom, or the California Privacy Protection Agency in California).