Privacy Policy
Effective date: 27 May 2026 Version: 1.0
This Privacy Policy explains how Hryhorii Fedorovskyi (Einzelunternehmer) ("AstroNum", "we", "us") processes your personal data when you use the AstroNum mobile application ("Mobile App"), the AstroNum web application ("Web App"), and any related services (together, the "Services").
We act as the data controller under the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK Data Protection Act 2018 / UK GDPR, the Swiss Federal Act on Data Protection ("FADP"), the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Brazilian Lei Geral de Proteção de Dados ("LGPD"), the Personal Information Protection and Electronic Documents Act of Canada ("PIPEDA"), the Australian Privacy Principles ("APP"), the Singapore Personal Data Protection Act ("PDPA"), the South African Protection of Personal Information Act ("POPIA"), and any other privacy law applicable in your jurisdiction.
1. Quick summary
If you read nothing else, know this:
- We collect what we need to deliver an astrological + numerological reading: your email, your name, your birth date and time, your birth location, optionally your gender, and any guests (e.g. partners) you add.
- We do not sell your personal data, ever.
- We use a small set of third-party processors (Supabase for storage, Anthropic for AI text generation, Stripe for web payments, Apple/RevenueCat for mobile in-app purchases, PostHog for product analytics on EU servers, Sentry for crash diagnostics) — listed in §5.
- You can export, correct, or delete your data at any time — instructions in §8.
- Contact us at hello@astronum.me for any privacy question.
The detailed policy below is the legally-binding version.
2. Who we are
Hryhorii Fedorovskyi (Einzelunternehmer) Registration number: Steuernummer pending (Gewerbeanmeldung filed 2026-05-07; Finanzamt assignment in progress) Registered address: Loewestr. 7, 40721 Hilden, Germany Email: hello@astronum.me Data Protection contact: hello@astronum.me
3. What we collect and why
3.1 Account data
- Email address — to create your account, authenticate you, and send transactional notifications (purchase receipts, password resets). Lawful basis: contract performance (GDPR Art. 6(1)(b)).
- Display name — shown in the app, used in personalized AI text. Lawful basis: contract performance.
- Authentication tokens — issued by our auth provider Supabase, stored in secure device storage. Lawful basis: contract performance.
3.2 Astrology profile data
- Date of birth, time of birth (if known), place of birth — required to compute your natal chart and numerology vibrations. These are the core inputs to every reading.
- Gender (optional) — affects pronoun choice and a few archetypal interpretations; you can leave it blank.
- Guest profiles — when you add a partner / friend / family member for compatibility readings, we collect the same fields about them. By adding a guest you confirm you have the right to share their information for personal use.
Lawful basis: contract performance (GDPR Art. 6(1)(b)). Some jurisdictions classify date / time of birth as quasi-sensitive when combined with location; we treat all profile fields with the same care as account data.
3.3 Generated content
The AI-generated readings, daily briefings, journal entries you save, reflections you write, Oracle chat conversations, and reports you purchase. We retain these so you can re-open them, search them, and share them.
Lawful basis: contract performance.
3.4 Purchase / subscription data
- Mobile (iOS/Android) — handled by Apple App Store / Google Play via RevenueCat (our subscription middleware). We receive: product identifier, purchase status, expiration time, receipt validation result. We do not receive your full payment card details.
- Web — handled by Stripe. We receive: product identifier, charge amount, payment success/failure. Stripe holds the payment card; we never see it.
Lawful basis: contract performance + legal obligation (tax records).
3.5 Device + usage data
- Device identifiers — for push notifications (Apple Push Notification service / Firebase Cloud Messaging token). Lawful basis: consent — granted by enabling notifications in iOS/Android settings; can be withdrawn the same way.
- Diagnostic logs (Sentry) — when the app crashes, we receive a stack trace, device model, OS version, and a hash of your user ID so we can de-duplicate reports. We disable Sentry's "default PII" capture, so we do not transmit your IP address or full URLs by default. Lawful basis: legitimate interest (GDPR Art. 6(1)(f)) — fixing crashes that affect you and other users.
- Product analytics (PostHog) — events like "opened paywall", "started purchase flow", "completed reading" so we can understand what works and what's broken. We host PostHog on its EU servers (Frankfurt) so this data stays within the European Economic Area. The only properties we attach to your PostHog profile are your internal user ID, your premium status (boolean), and your app locale — we do not send PostHog your raw email, name, birth data, or any free-text content you produced. Lawful basis: consent (GDPR Art. 6(1)(a)) — analytics is opt-in, off by default; you grant or withdraw consent under Profile → Privacy → Anonymous analytics.
3.6 Communications
If you contact support via email, we retain that correspondence to help you and improve our docs.
4. What we do NOT collect
- Your full payment card number — handled exclusively by Stripe / Apple / Google.
- Your contacts, photos, microphone, camera — none of these permissions are requested.
- Your precise device location — we use the birth location you type in; we do NOT request iOS/Android Location permission.
- Health data — we do not integrate with HealthKit / Google Fit.
- Biometrics — we do not collect or use Face ID / Touch ID data beyond what iOS/Android handles internally for unlocking the app.
5. Third-party processors
We rely on the following processors. Each is bound by a Data Processing Agreement (DPA) compatible with GDPR Art. 28.
| Processor | Purpose | Country | Legal basis for transfer |
|---|---|---|---|
| Supabase, Inc. | Authentication + database | USA / EU | EU Standard Contractual Clauses + supplementary measures |
| Anthropic PBC | LLM text generation (we send: your astrology context, prompt template; we receive: generated text) | USA | EU SCCs |
| Apple Inc. | Mobile in-app purchases | USA | EU-US Data Privacy Framework |
| RevenueCat, Inc. | Subscription management middleware | USA | EU SCCs |
| Stripe, Inc. | Web payments | USA / Ireland | EU SCCs + Stripe BCRs |
| PostHog Inc. | Product analytics (EU instance) | EU (Frankfurt) | EU-internal — no transfer |
| Functional Software, Inc. ("Sentry") | Crash diagnostics | USA | EU SCCs |
| Railway Corporation | Backend hosting | USA | EU SCCs |
| Expo / EAS | Mobile build + push delivery | USA | EU SCCs |
| Google LLC (Firebase Cloud Messaging) | Android push delivery (when applicable) | USA | EU-US Data Privacy Framework |
We do not use Google Analytics, Facebook Pixel, TikTok Pixel, Meta Audiences, or any advertising network — there is no advertising in AstroNum.
6. International data transfers
When we transfer your personal data outside the EEA / UK / Switzerland, we rely on:
- The EU-US Data Privacy Framework for processors certified under it (e.g. Apple, Google).
- Standard Contractual Clauses (Decision 2021/914) for processors in the USA without DPF certification.
- Supplementary measures — encryption in transit (TLS 1.2+) and at rest, principle of data minimization, vendor selection on the basis of EU presence where possible.
You may request a copy of the relevant SCCs by emailing hello@astronum.me.
7. Retention
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account, then 30 days for backup recovery + accounting records as required by tax law (typically 7 years in EU/US) |
| Astrology profile | Same as account |
| Generated content (readings, reports) | Same as account |
| Purchase / subscription records | 10 years (tax + dispute window) |
| Diagnostic logs (Sentry) | 90 days |
| Product analytics events (PostHog) | 12 months |
| Support email correspondence | 3 years |
| Push notification tokens | Until you disable notifications or delete the app |
When the retention period expires, data is either anonymized (aggregated for product metrics) or fully deleted.
8. Your rights
You have the rights below. We respond to requests within 30 days (GDPR Art. 12(3)).
8.1 Access (Art. 15 GDPR / §1798.110 CCPA)
Request a copy of all personal data we hold about you. Email hello@astronum.me with subject "Data access request".
8.2 Rectification (Art. 16 GDPR)
Most fields are editable in-app: Profile → Edit. For fields you cannot edit, email us.
8.3 Erasure / "right to be forgotten" (Art. 17 GDPR / §1798.105 CCPA)
You can delete your account and all associated data from Profile → Delete Account in the Mobile App, or by emailing hello@astronum.me.
Deletion processes within 30 days. Some records may be retained longer where required by law (e.g. tax records of purchases).
8.4 Restriction (Art. 18 GDPR)
You may ask us to suspend processing while a dispute is investigated. Email hello@astronum.me.
8.5 Portability (Art. 20 GDPR)
Receive your data in JSON format suitable for transfer to another service. Email hello@astronum.me.
8.6 Object / opt-out (Art. 21 GDPR / §1798.120 CCPA)
You can opt out of:
- Push notifications — iOS/Android Settings, or in-app under Profile → Notifications.
- Product analytics — Profile → Privacy → "Anonymous analytics" toggle (off by default; turning it off stops PostHog event capture for your account immediately and resets the local distinct ID).
- Marketing emails — unsubscribe link in every email; we do not currently send marketing emails.
- "Sale" / "sharing" of personal information (CCPA/CPRA) — we do not sell or share your data for cross-context behavioral advertising. There is nothing to opt out of, but we honor any opt-out signals (Global Privacy Control) you send.
8.7 Lodge a complaint (Art. 77 GDPR)
You may complain to the supervisory authority in your country of residence. EU/EEA: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK: ICO at https://ico.org.uk/concerns/. Other countries: see your national data-protection regulator.
We hope you'll contact us first at hello@astronum.me so we can fix the issue directly.
9. CCPA / CPRA-specific disclosures (California residents)
Categories of personal information collected in the past 12 months:
- Identifiers (email, internal user ID)
- Customer records (name, account profile)
- Commercial information (purchase history)
- Internet/network activity (app interaction events)
- Geolocation — not collected (we use the birth location you type)
- Sensory data — not collected
- Professional / employment / education — not collected
- Inferences (the AI-generated personalized readings, derived from your inputs)
Sources: directly from you. Disclosed to: third-party processors listed in §5. Sold: no. Shared for cross-context behavioral advertising: no.
You have the right to know, delete, correct, and limit use of sensitive personal information; to opt out of sale/sharing (we don't sell/share); and to non-discrimination for exercising these rights.
To exercise any CCPA right, email hello@astronum.me with subject "CCPA request" and identify yourself with the email associated with your account. We may verify identity by sending a code to that email.
10. LGPD-specific disclosures (Brazilian residents)
You have the rights enumerated in LGPD Art. 18: confirmation, access, correction, anonymization, blocking, deletion, portability, information about sharing, information about non-consent consequences, revocation of consent. Exercise via hello@astronum.me. We will respond within 15 days (Art. 19).
The legal basis for processing under LGPD is execution of the contract you have with us (Art. 7, II) plus legitimate interest for analytics/crash diagnostics (Art. 7, IX) and consent for push notifications (Art. 7, I).
11. Children
AstroNum is not directed at children. We do not knowingly process data from children under 16 (or the relevant local minimum: 13 in the US under COPPA, 14 in some EU member states, 16 in others; we adopt 16 as a global minimum).
If you believe a child under 16 has created an account, email hello@astronum.me and we will delete the account and any data we hold.
12. Sensitive data note
Date and time of birth, when combined with location, can in some jurisdictions be considered sensitive personal data because they may reveal religious belief (astrology), gender identity (if self-reported gender differs from official records), or be considered biometric quasi-identifiers. We treat astrology profile data with the same safeguards as account data — encrypted in transit and at rest, access-controlled, and never sold. We do not use it for any purpose other than producing the readings you request.
13. Cookies and similar technologies
The Mobile App does not use cookies (it uses platform-native secure storage). The Web App uses:
- Strictly necessary cookies — for authentication and session state. Cannot be disabled.
- Functional cookies — for language preference, theme.
- Analytics cookies — PostHog (EU instance). Disabled by default until consent.
- Payment cookies — Stripe sets cookies during checkout for fraud prevention.
See cookie-policy.en.md for the full cookie list with retention
periods.
14. Changes to this policy
We may update this Privacy Policy. Material changes will be notified in-app and (if you opted in to email) via email at least 30 days before taking effect. Non-material changes (typos, clarifications) will be reflected by bumping the version number.
15. AI-generated content notice
AstroNum uses Anthropic Claude to generate the textual portions of your readings. The astrology context (your birth chart numbers, planetary positions, etc.) is sent to Anthropic via authenticated API call. Anthropic does not train its models on our API traffic per its Commercial Terms (which we accept). Generated readings are returned to us, stored under your account, and displayed only to you.
The readings are for entertainment and self-reflection purposes; they are not medical, legal, financial, or professional advice. See the Terms of Service §6 for the full disclaimer.
16. Contact
For any privacy question, request, or complaint:
Email: hello@astronum.me Postal: Hryhorii Fedorovskyi (Einzelunternehmer), Loewestr. 7, 40721 Hilden, Germany
If you are an EU resident and feel we have not adequately resolved a privacy concern, you may also contact your national supervisory authority (see §8.7).
This Privacy Policy is provided in English as the master version. Translations into Russian, Ukrainian, and German are provided for convenience; in case of conflict, the English version controls.