Privacy Policy

1. Information We Collect

We collect the following types of information to provide and improve our services:

Information You Provide

• Birth data: Date of birth, time of birth, and place of birth, which are required to generate accurate natal charts and compatibility reports.
• Account information: Email address and password when you create an account using email/password sign-up.
• Google profile data: When you sign in with Google OAuth, we receive your name, email address, and profile picture from your Google account.
• Payment information: When you subscribe to a paid plan, payment details are collected and processed by Stripe. We do not store your credit card number on our servers.
• AI-derived information: When you chat with Marie, our AI astrologer, we may extract and store key facts from your conversations (such as your name, partner's name, communication preferences, and relationship topics) to personalize future interactions. You can view and delete this stored information at any time from your dashboard settings.

Information Collected Automatically

• Usage data: Pages visited, features used, compatibility checks performed, and interaction patterns.
• Device information: Browser type, operating system, screen resolution, and device identifiers.
• IP address: Used for rate limiting on free compatibility checks and general security purposes.

2. How We Use Your Information

We use the information we collect to:

• Calculate natal charts, synastry charts, and composite charts using precise astronomical data from the Swiss Ephemeris.
• Generate AI-powered horoscopes, compatibility reports, and personalized astrological readings.
• Provide the Marie chat feature for premium subscribers.
• Process payments and manage your subscription through Stripe.
• Save your birth profiles so you can quickly run compatibility checks without re-entering data.
• Enforce rate limits on free-tier usage (e.g., three free compatibility checks per 24 hours).
• Improve our services, fix bugs, and develop new features based on aggregated usage patterns.
• Communicate with you about account-related matters, service updates, and security alerts.

3. Data Storage & Security

We take the security of your data seriously and implement appropriate technical and organizational measures:

• Your data is stored in a PostgreSQL database hosted on Supabase, which provides enterprise-grade infrastructure with encryption at rest.
• All connections between our application and the database use encrypted TLS/SSL connections.
• Passwords are hashed using bcrypt with 12 salt rounds and are never stored in plain text.
• Authentication sessions are managed using secure JSON Web Tokens (JWT).
• All traffic to and from our website is encrypted via HTTPS.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach.

4. Third-Party Services

We integrate with the following third-party services, each of which has its own privacy policy:

• Google OAuth: Used for single sign-on authentication. We receive your basic profile information (name, email, profile picture) from Google. We do not access your Google contacts, calendar, or other Google services. See Google's Privacy Policy.
• Stripe: Handles all payment processing for Premium and Annual subscriptions. Your payment card details are sent directly to Stripe and never touch our servers. See Stripe's Privacy Policy.
• AI Providers (Anthropic & OpenAI): Power our AI-generated compatibility readings and the Marie chat. Your birth data and chart information are sent to these providers' APIs to generate personalized readings. Neither provider uses API data to train their models. See Anthropic's Privacy Policy and OpenAI's Privacy Policy.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Data Retention

We retain your data as follows:

• Account data: Retained for as long as your account is active. If you delete your account, your personal data will be permanently removed within 30 days.
• Birth profiles: Stored as long as your account exists. You may delete individual profiles at any time.
• Compatibility reports: Stored as long as your account exists, so you can revisit previous readings.
• Chat sessions: AI Marie chat histories are retained for the duration of your subscription. They are deleted when you cancel your subscription or delete your account.
• Chat memories: Information extracted by Marie from your conversations (such as names, preferences, and relationship topics) is retained until you manually delete it from your dashboard settings, or until your account is deleted.
• Analytics data: Anonymized usage data is retained for up to 12 months for analytics and service improvement purposes.

6. Your Rights

You have the following rights regarding your personal data:

• Access: You can request a copy of all personal data we hold about you, including your birth profiles, compatibility reports, and account information.
• Correction: You can update or correct your personal data at any time through your account settings or by contacting us.
• Deletion: You can request the deletion of your account and all associated data. We will process deletion requests within 30 days.
• Data export: You may contact us to request your data.
• Withdraw consent: You may withdraw your consent for data processing at any time by deleting your account or contacting us.

To exercise any of these rights, please contact us at privacy@chartchemistry.com.

7. Your Rights Under GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to data portability: Request your personal data in a structured, commonly used, and machine-readable format.
• Right to restriction of processing: Request that we limit the processing of your personal data under certain circumstances.
• Right to object: Object to the processing of your personal data for direct marketing or where processing is based on legitimate interest.

Legal Basis for Processing

• Consent: For AI features (including Marie chat and memory extraction), marketing emails, and analytics.
• Legitimate interest: For service operation, security, fraud prevention, and service improvement.
• Contractual necessity: For account management, payment processing, and delivering the services you have subscribed to.

International Data Transfers

Your data may be transferred to and processed in the United States by our service providers (Anthropic, OpenAI, Stripe, Supabase). These transfers are protected by Standard Contractual Clauses approved by the European Commission.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority in the EU member state where you reside or work.

8. Your Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, and the purposes for which it was collected.
• Right to delete: Request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to opt-out of sale: You have the right to opt out of the sale of your personal information.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Do Not Sell My Personal Information: We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. As such, ChartChemistry does not offer an opt-out mechanism for the sale of personal information because no such sale occurs.

To exercise any of your CCPA rights, please contact us at privacy@chartchemistry.com. We will verify your identity before processing any request and respond within 45 days as required by law.

9. Cookies & Analytics

We use a minimal set of cookies and tracking technologies:

• Authentication cookies: Essential cookies used by NextAuth to maintain your login session. These are strictly necessary and cannot be disabled.
• Analytics: We may use privacy-focused analytics (such as Umami) to understand how our service is used. These tools do not use cookies for tracking and do not collect personally identifiable information.

We do not use third-party advertising cookies or cross-site tracking technologies.

10. Children's Privacy

ChartChemistry is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13 without verified parental consent, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal data, please contact us at privacy@chartchemistry.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification. We encourage you to review this page periodically to stay informed about how we protect your data.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@chartchemistry.com
• Website: chartchemistry.com