Privacy Policy
We respect your privacy and comply with GDPR and applicable data protection laws.
Effective date: May 12, 2026
1. Who We Are & How to Contact Us
The data controller is Astrokolo, operating the service at astrokolo.com. For privacy enquiries and exercising your rights, contact us at: info@astrokolo.com. We respond to requests within 30 calendar days.
2. What Data We Collect & Why
Account data: email and hashed password — required for registration and authentication. Astrological data: date, time and place of birth (yours or of persons you enter) — necessary for chart calculation; stored in your account. Subscription data: plan, status, renewal date — for access management. Technical data: IP address, device and browser type, language settings — for security, diagnostics and Service improvement. Communications: messages you send us — for support and product improvement.
3. Legal Basis for Processing (GDPR)
We process your data on the following legal grounds: contract performance (Art. 6(1)(b) GDPR) — to provide the paid Service and manage subscriptions; legitimate interests (Art. 6(1)(f) GDPR) — to secure the Service, prevent fraud and improve the product; explicit consent (Art. 6(1)(a) GDPR) — to send marketing emails; legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable law.
4. How We Use Your Data
Service provision & personalisation: chart calculations, saved results, language and theme settings. Account management: registration, authentication, account recovery. Communications: transactional emails (payment confirmation, technical notices), support replies. Marketing: newsletter — only with your explicit consent; unsubscribe any time via the link in the email. Security: detecting and preventing unauthorised access and fraud. Product improvement: analysis of aggregated, anonymised usage statistics.
5. Sharing Your Data with Third Parties
We do not sell or rent your personal data. Your data may be shared with: Paddle / LemonSqueezy — payment providers acting as Merchant of Record; they receive your email and subscription details for payment processing and invoicing. Anthropic / OpenAI / Google — AI providers; they receive anonymised planetary positions and aspects for generating interpretations — your name and contact details are never sent. Hetzner Cloud — hosting provider, EU/EEA; stores all data on secure servers. Email provider — for sending transactional emails; receives email address only. All third parties are required to maintain data protection standards no less stringent than ours and have signed DPA agreements.
6. International Data Transfers
Your data is stored and processed on servers within the European Union or European Economic Area (Hetzner Cloud, Finland/Germany). Where data is transferred outside the EEA — for example, to AI providers — we apply appropriate safeguards: Standard Contractual Clauses (SCCs) and Schrems II compliance checks.
7. Data Retention
Account data is retained until you delete your account or for 3 years from your last activity, whichever comes first. Astrological charts are retained until deleted by you or your account is closed. Payment and invoice data — 7 years in accordance with Ukrainian accounting law. Technical logs — 90 days.
8. Your Rights as a Data Subject
Under GDPR you have the right to: access — receive a copy of your data; rectification — correct inaccurate data; erasure — request deletion of your data ("right to be forgotten"); restriction — pause processing in certain circumstances; objection — object to processing based on legitimate interests or for marketing; portability — receive your data in a structured, machine-readable format; withdrawal of consent — withdraw marketing consent at any time. To exercise any right, send a request to info@astrokolo.com — we will respond within 30 days.
9. Cookies & Tracking
Essential cookies: authentication session (JWT), language preferences — deleted on browser close or after 7 days. Analytics: we may use anonymised, aggregated data to analyse traffic. Marketing cookies: not used without your explicit consent. You may disable cookies in your browser settings; essential cookies will affect login functionality.
10. Data Security
We apply technical and organisational measures: HTTPS/TLS encryption for all connections; bcrypt password hashing (cost factor 12); short-lived JWT tokens with revocation capability; regular backups; least-privilege access for staff. In the event of a data breach posing risk to your rights and freedoms, we will notify you without undue delay.
11. Changes to This Policy
We may update this Policy. Material changes will be communicated by email or on-site notice at least 14 days before they take effect. Continued use of the Service after notice constitutes acceptance of the updated Policy. The current version is always available on this page.
12. Complaints
If you believe your rights have been violated, you have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights or with the supervisory authority in your country of residence (for EU residents). We ask that you contact us first — most issues can be resolved quickly: info@astrokolo.com.