Privacy Policy

3.1 Information you provide directly

• Account information: email address; if you register with email and password, your password is hashed by Firebase Authentication and never stored in plain text. If you sign in with Google, we receive only the data you authorize (email, name, profile picture).
• Birth data: full name, birth date, birth time, and birth location (city, country, coordinates, timezone). This is used exclusively to compute your astrology chart.
• People you save: names and birth data of additional people you add to your account for report generation. You can delete these at any time.
• Communication data: messages or feedback you send to support@astroak.com.

3.2 Information collected automatically

• Device and browser information: user agent, language preference, screen size.
• Usage data: pages visited, features used, report generation events (no content of the report itself is logged separately, the report is stored as your data).
• Approximate location: derived from IP address for analytics only, not precise GPS.
• Server logs: IP address, request timestamps, error traces (retained briefly for security and debugging).

3.3 Information from third parties

• Google Sign-In: if you choose this method, Google shares your email, name, and avatar with us.
• Lemon Squeezy (payments): we receive a transaction confirmation, plan, and amount. We do NOT store your card details.
• Open-Meteo: when you type a place name in the chart form, we send only the place text to Open-Meteo to retrieve coordinates. No personal data is attached to that request.

4.1 Primary purposes

• Generate personalized natal, health, and synastry reports.
• Calculate accurate astronomical positions via the Celestia engine (Swiss Ephemeris).
• Maintain your account, star balance, and report history.
• Process star (virtual currency) purchases through Lemon Squeezy.
• Provide customer support when you contact us.

4.2 Service improvement

• Analyze aggregated usage patterns to improve features.
• Diagnose technical issues using error monitoring (Sentry).
• Develop new modules based on user demand.

4.3 Communication

• Service notifications: account verification, security alerts, transaction confirmations, report-ready notifications.
• Reply to your support inquiries via Resend (transactional email).
• Optional product updates only with your explicit opt-in.

5.1 Astronomical calculations

All chart calculations (planetary positions, houses, aspects, antiscia, fixed stars, Arabic parts, dignities) are performed on our own infrastructure using the Celestia engine, which wraps Swiss Ephemeris. Your birth data is NEVER sent to a third-party astrology service. Calculations happen on Render.com (EU regional deployment).

5.2 AI interpretation

Once the chart is computed, we send the structured chart data (planet positions, house placements, aspects, dignities) to Google Gemini 2.5 Flash to generate the narrative. Your name is included so the narrative can address you personally. Your email is NOT sent to Gemini.

5.3 What is sent to Gemini

• Chart structured data: planet longitudes, signs, houses, aspects, dignity scores.
• Person name (so the narrative reads naturally).
• Locale (en or tr) so the narrative is in your language.
• Module type (natal, health, synastry) and tier (basic or advanced).

5.4 Google Gemini data handling

According to Google's published policies, prompts sent via the Gemini API are not used to train Google's models when accessed through the paid API tier we use. Google may temporarily log requests for abuse detection. See ai.google.dev/gemini-api/terms for full details.

5.5 No automated decisions with legal effect

AstroAk does not make automated decisions that produce legal or similarly significant effects on you. Astrological narratives are entertainment and self-reflection content, not advice.

7.1 Where your data lives

• Authentication: Firebase Authentication (Google Cloud, EU region).
• Account data, reports, star balance: Firebase Firestore, region europe-west3 (Frankfurt, Germany). EU residency by design.
• Calculation engine: Render.com (EU deployment).
• Frontend: Vercel global CDN; user-facing pages are cached statically where possible.
• AI processing: Google Gemini API (US/EU regions per Google's routing). Prompts are not retained for model training.

7.2 How long we keep your data

• Account data: while your account is active, plus up to 30 days after deletion request to allow recovery from accidental deletion.
• Birth data and people: same lifecycle as your account.
• Generated reports: stored under your account until you delete them or your account.
• Star transaction history: retained 5 years for tax and accounting compliance after account deletion.
• Server logs: 30 days, then automatically rotated.
• Aggregated, anonymized analytics: up to 24 months.

7.3 After account deletion

When you delete your account from /account, all personal data, reports, people, star balance, and shared links are permanently and irreversibly removed within 30 days. Anonymized aggregate analytics may be retained.

9.1 Access and portability

Request a copy of all personal data we hold about you in a portable JSON format. Available as one-click export from your account page.

9.2 Rectification

Request correction of inaccurate or incomplete personal data. Most fields are editable directly from your account.

9.3 Erasure (right to be forgotten)

Delete your account at any time from /account. All personal data is removed within 30 days.

9.4 Restriction of processing

Request that we limit how we process your data in specific circumstances.

9.5 Object to processing

Object to processing based on legitimate interest, including direct marketing.

9.6 Withdraw consent

Withdraw consent at any time where processing is based on consent. Withdrawal does not affect prior lawful processing.

9.7 Lodge a complaint

You may lodge a complaint with your local data protection authority. We hope you contact us first so we can resolve the issue directly.

10.1 Data Controller

Pilavyer Software, Konya, Türkiye. Contact: privacy@astroak.com

10.2 Personal Data Processed

• Email and account credentials.
• Birth date, time, place.
• Generated reports and saved people.
• Star transaction history.

10.3 Purpose of Processing

Processing serves the purpose of generating personalized astrological reports and maintaining a secure user account.

10.4 Legal Basis

Processing is based on your explicit consent, granted when you create an account and use the Service, and on the necessity of performing the contract you enter into when purchasing star packages.

10.5 International Data Transfers

Data is stored in EU regions (Frankfurt, Germany) by default. AI processing through Google Gemini may involve transfer to US regions per Google's routing. International transfer is performed under your explicit consent in accordance with Article 9 of KVKK.

10.6 Your Rights Under KVKK (Article 11)

• Learn whether your personal data is being processed.
• Request information on how it is being processed.
• Learn the purpose of processing and whether the data is used in line with the purpose.
• Know the third parties to whom data is transferred at home or abroad.
• Request rectification of inaccurate or incomplete data.
• Request deletion or destruction.
• Object to results derived solely from automated analysis that adversely affect you.
• Claim compensation for damages arising from unlawful processing.

11.1 Right to know

Request the categories and specific pieces of personal information we collected about you in the past 12 months.

11.2 Right to delete

Request deletion of your personal information, subject to limited exceptions (legal compliance, security).

11.3 Right to correct

Request correction of inaccurate personal information.

11.4 Right to opt-out of sale or sharing

We do NOT sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.

11.5 Right to non-discrimination

We will not discriminate against you for exercising any of your CCPA rights.