1. Introduction

AstroWhispers ("we," "our," or "us"), operated from San Francisco, California, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered astrology and ASMR wellness platform.

By using AstroWhispers, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Data Categories

• Birth Information: Date of birth, time of birth, and location of birth (city, state/country) for astrological calculations
• Account Information: Email address, username, and password (encrypted)
• Profile Data: Name (optional), zodiac preferences, and personalization settings
• Usage Data: Horoscope readings accessed, ASMR content played, feature interactions
• Technical Data: IP address, browser type, device information, operating system
• Communication Data: Support inquiries, feedback, and survey responses

2.2 Sensitive Data Notice

Birth date, time, and location are considered sensitive personal data under certain regulations. We handle this information with enhanced security measures and only use it for providing astrological services.

3. How We Use Your Information

3.1 Primary Purposes

• Generate personalized astrological readings and birth charts
• Provide daily, weekly, and monthly horoscopes
• Deliver customized ASMR content for wellness and relaxation
• Calculate planetary positions and astrological transits
• Create compatibility reports and relationship insights
• Send notifications about astrological events (with consent)

3.2 Legal Bases for Processing (GDPR)

• Consent: For marketing communications and optional features
• Contract: To provide our core astrology and ASMR services
• Legitimate Interests: For service improvements and security
• Legal Obligations: To comply with applicable laws

4. Data Security & Encryption

4.1 Encryption Standards

• In Transit: TLS 1.3 encryption for all data transmissions
• At Rest: AES-256 encryption for stored personal data
• Password Security: Bcrypt hashing with salt rounds
• Database Security: Encrypted connections and access controls

4.2 Security Measures

• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access
• Intrusion detection and prevention systems
• Regular backups with encryption
• Employee training on data protection

5. Data Retention

6. Third-Party Subprocessors

We use carefully selected third-party services to operate AstroWhispers:

• Amazon Web Services (AWS): Cloud infrastructure and data storage (US-East-1 region)
• Cloudflare: Content delivery network and DDoS protection
• Stripe: Payment processing (PCI DSS compliant)
• SendGrid: Transactional email delivery
• Google Analytics: Anonymous usage analytics (with IP anonymization)
• Sentry: Error tracking and monitoring

All subprocessors are contractually bound to protect your data and comply with applicable privacy laws.

7. Your Privacy Rights

7.1 Rights Under GDPR (European Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit processing of your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing activities
• Automated Decision-Making: Opt-out of solely automated decisions

7.2 Rights Under CCPA (California Users)

• Know: Information about data collection and sharing practices
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of privacy choices

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@astrowhispers.com or use the in-app privacy settings. We will respond to your request within 30 days (45 days for complex requests).

8. Children's Privacy

AstroWhispers is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we discover that we have collected data from a child under 16, we will delete it immediately.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. For users in the European Economic Area (EEA), we ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) with data processors
• Adequacy decisions where applicable
• Technical and organizational measures to protect data

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know categories and specific pieces of personal information collected
• Right to know purposes for collection and sharing
• Right to request deletion of personal information
• Right to opt-out of sale (we do not sell personal information)
• Right to limit use of sensitive personal information
• Right to correct inaccurate personal information

11. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or in-app notification.

12. Contact Information

13. Supervisory Authority

If you are located in the European Economic Area and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.