Privacy Policy
Last updated: March 20, 2026
Data Controller
The data controller responsible for your personal information is Astro Engine, contactable at astroengineweb@gmail.com.
Astro Engine ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard your personal information.
1. Information We Collect
| Data Type | Purpose | Stored |
|---|---|---|
| Email address | Account creation, login, communication | Yes |
| Display name | Personalization (optional) | Yes |
| Password | Authentication (stored as bcrypt hash only) | Hash only |
| Birth date, time, location | Astrological chart calculations | If saved |
| API usage statistics | Rate limiting, billing | Yes |
| Payment information | Subscription billing via Stripe | No (Stripe only) |
2. How We Use Your Information
- To provide and maintain the astrological calculation service
- To manage your account and subscription
- To enforce usage limits and prevent abuse
- To send essential service communications (password resets, account alerts)
- To improve the service based on usage patterns (aggregated, anonymized)
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Payment Processing
All payment processing is handled by Stripe. We never store, process, or have access to your full credit card numbers. We only store a Stripe customer ID to manage your subscription.
4. Data Storage & Security
- All data is stored in encrypted databases
- Passwords are hashed using bcrypt (never stored in plain text)
- API keys are stored as SHA-256 hashes
- All connections use TLS/HTTPS encryption
- Access tokens are short-lived JWTs (30 minutes)
5. Cookies & Local Storage
Astro Engine uses browser localStorage to store authentication tokens (access and refresh tokens) for session management.
In addition, the following third-party services may set cookies or collect data through our site:
- Google AdSense — We display advertisements served by Google AdSense. Google and its advertising partners may use cookies (including the DoubleClick cookie) and similar technologies to serve ads based on your prior visits to this site and other websites. You may opt out of personalized advertising by visiting Google Ads Settings or aboutads.info.
- Umami Analytics — We use Umami, a privacy-focused analytics tool, to understand how visitors use our site. Umami does not use cookies and does not collect personally identifiable information. It records anonymized page views and referrer data.
6. Third-Party Services
- Stripe — Payment processing (Stripe Privacy Policy). Stripe is PCI DSS Level 1 certified. We never store, process, or transmit your full credit card number on our servers.
- SMTP provider — Transactional email delivery (password resets, verification)
- Google/Apple OAuth — Optional social login (only if you choose to use it)
- Google Fonts — We load typefaces from Google Fonts. When you visit our site, your browser connects to Google servers to download font files. This transmits your IP address to Google. See the Google Privacy Policy for details.
- Google AdSense — Advertising network. See Section 5 above for cookie details. (Google Advertising Policies)
7. Data Retention
- Account data is retained while your account is active
- Deleted accounts: data is purged within 30 days
- API usage logs are retained for 90 days
- Backups may contain data for up to 30 days after deletion
8. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract Performance — Processing necessary to provide the Astro Engine service, manage your account, and fulfill your subscription (Article 6(1)(b) GDPR).
- Legitimate Interest — Processing for fraud prevention, security, service improvement based on aggregated analytics, and enforcement of our terms (Article 6(1)(f) GDPR).
- Consent — Processing for optional features such as marketing communications, personalized advertising via Google AdSense, and optional social login. You may withdraw consent at any time (Article 6(1)(a) GDPR).
- Legal Obligation — Processing required to comply with applicable laws, such as tax and financial record-keeping requirements (Article 6(1)(c) GDPR).
9. Your Rights (GDPR & Similar)
Regardless of your location, you have the right to:
- Access — Request a copy of all personal data we hold about you
- Rectification — Correct inaccurate personal data
- Deletion — Request deletion of your account and associated data
- Export — Download your data in a machine-readable format (data portability)
- Restriction — Request we limit processing of your data
- Objection — Object to specific types of data processing
- Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at astroengineweb@gmail.com. We will respond within 30 days (or within any shorter period required by applicable law). If you are in the EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:
- Right to Know — You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete — You may request deletion of your personal information, subject to certain exceptions.
- Right to Correct — You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing — We do not sell your personal information. Google AdSense may constitute "sharing" under the CPRA for cross-context behavioral advertising purposes. You may opt out by adjusting your cookie preferences or visiting Google Ads Settings.
- Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.
To submit a request, email astroengineweb@gmail.com with "CCPA Request" in the subject line. We will verify your identity before processing your request and respond within 45 days.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by law
- Notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Document all breaches, including their effects and the remedial actions taken
12. Children's Privacy
Astro Engine is not intended for children under 13 years old (or under 16 in the European Economic Area). We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete such information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the service. The "Last updated" date at the top indicates when the policy was last revised.
14. Contact Us
For privacy-related inquiries, please contact:
Astro Engine
Email: astroengineweb@gmail.com