Privacy Policy
Effective: 25 May 2026
This policy explains what information Astrolomia ("we", "us") collects when you use the site at astrolomia.com, how we use it, who we share it with, and what rights you have. Plain English: we collect what we need to give you a personalised reading, attribute our ads, and bill you if you subscribe — nothing else.
1. What we collect
You give us
- Account info — your email address and a password (if you sign up with email), or your email + name + profile picture (if you sign up with Google).
- Birth data — date, time, and city of birth for yourself and anyone you add to your circle. Used to calculate your zodiac, life path, and matches. Stored against your account.
- Optional notes — any text you write about people in your circle.
We collect automatically
- Usage data — pages you visit, features you use, when you last signed in, broad country (derived from your IP address). Used to make the product better and to know which features matter.
- Technical data — your IP address, browser type, device type, referring URL. Standard server logs.
- Cookies — a single httpOnly cookie keeps you signed in (a JWT that expires after 60 days). Meta Pixel sets two first-party cookies (`_fbp`, `_fbc`) used for ad attribution — these are not visible to other websites.
From third parties
- Google sign-in — if you sign in with Google, we receive your email, name, profile picture, and a stable Google user ID. We never receive your Google password.
- Stripe — if you subscribe, Stripe handles your card details (we never see them). We receive a customer ID, subscription status, and the plan you chose.
2. How we use it
- To create and run your account, and to keep you signed in.
- To calculate and display personalised readings, matches, and forecasts.
- To bill you (only if you subscribe).
- To send you transactional emails about your account (signup confirmation, payment receipts, subscription changes).
- To measure how our ads perform — specifically by sending hashed copies of your email address, IP, user agent, and our Pixel cookies to Meta Platforms Inc. via the Meta Conversions API. Meta uses this only to attribute conversions, not to identify you to third parties.
- To prevent abuse and secure the service (rate-limiting, fraud detection).
3. Who we share it with
We do not sell your personal information. We share limited information with the following service providers, who are contractually bound to use it only for the purposes we instruct:
- Stripe, Inc. — payment processing. Stripe privacy policy
- Meta Platforms, Inc. — ad attribution (hashed identifiers only). Meta privacy policy
- Google LLC — sign-in only, if you choose Google sign-in. Google privacy policy
- Railway Corp. — hosting infrastructure where the application runs.
4. How long we keep it
We keep your account information and circle data for as long as your account is active. If you delete your account (via the in-app delete or by emailing us), we delete all your personal data within 30 days, except where we are legally required to retain payment records (Stripe retains receipts per applicable law).
5. Your rights
Wherever you live, you can:
- Access a copy of the information we hold about you
- Correct anything that's wrong
- Delete your account and all data we hold about you
- Export your data in a portable format
- Withdraw consent for marketing communications at any time
To exercise any of these, email frogusgoated@gmail.com with "Privacy request" in the subject line and we'll respond within 30 days.
If you are in the European Economic Area, the UK, or California, you have additional rights under the GDPR, UK GDPR, or CCPA respectively, including the right to lodge a complaint with your local data-protection authority.
6. Cookies and tracking
We use cookies for the following purposes only:
- Authentication — one httpOnly cookie that keeps you signed in. Cannot be read by JavaScript. Expires after 60 days of inactivity.
- Advertising attribution — Meta Pixel sets `_fbp` (browser identifier, all visitors) and `_fbc` (click identifier, only if you arrived from a Meta ad). These let us measure ad performance.
You can clear cookies in your browser at any time. Doing so will sign you out and reset ad attribution.
7. Security
We follow current security best practice: HTTPS everywhere, hashed passwords (bcrypt), server-side session revocation, parameterised database queries, and strict content security policy. No system is perfect — if you suspect a security issue, please email frogusgoated@gmail.com with "Security" in the subject line.
8. Children
Astrolomia is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect information from anyone in those age groups. If you believe we have, please contact us and we will delete it.
9. International transfers
Astrolomia runs on infrastructure in North America. If you access the service from outside North America, your information will be transferred to and processed in countries with different data protection laws than your own. We rely on standard contractual clauses where required.
10. Changes to this policy
If we make material changes, we'll update the "Effective" date at the top and notify subscribers by email. Continued use after the effective date constitutes acceptance.
11. Contact
Email: frogusgoated@gmail.com
Subject lines we monitor: "Privacy request", "Security", "Account deletion"