Privacy Policy

We do not sell your personal data. We do not share it with advertising networks. We do not run third-party analytics. The only parties that receive your data are the services we directly need to run the product, listed below.

Account information

When you create an account: your email address, a password hash (we never see your plaintext password), and optionally a display name you choose.

Chart data

To cast your natal chart we need your birth date, birth time, and birth location (city name and approximate latitude/longitude). This data is stored only if you are signed in, and only for the purpose of producing your chart and its derived readings (transits, solar return, synastry).

Subscription status

A single boolean indicating whether your Inner Circle subscription is currently active. We do not store credit card numbers, Apple ID details, or any payment information ourselves.

Device signals (iOS only)

Apple's StoreKit provides us with a signed receipt when you subscribe, renew, or cancel. This contains a transaction ID tied to your Apple ID but does not include your name, email, credit card, or other personally-identifying financial details.

We do not collect or use:

• Precise location data (we only use the coordinates you voluntarily enter when casting a chart; we do not read your device's GPS).
• Contacts, photos, microphone, or camera.
• Browsing history outside of Crystal Astrology.
• Advertising identifiers (IDFA, web cookies beyond what's strictly functional).
• Biometric data.
• Third-party analytics events. No Google Analytics, Mixpanel, Amplitude, Firebase Analytics, or equivalents are integrated.

• To compute your chart. Birth details feed the astronomical engine that produces your natal positions, aspects, houses, and derived readings.
• To sync between devices. Signed-in users can cast on iOS and view on the web, or vice versa.
• To authenticate you. Email + password (or magic link) verify it is you signing in.
• To grant access to Inner Circle. The subscription flag gates paid features.
• To respond to support requests. If you email us.

We rely on three third-party services to run Crystal Astrology. None of them are advertising networks, and none of them receive data beyond what is strictly necessary for their function.

Supabase

Hosts our database (your account record and chart data) and provides authentication. Subject to Supabase's privacy policy.

Apple

Processes in-app purchases and subscription billing for the iOS app. We never see your credit card or Apple ID details. Subject to Apple's privacy policy.

Photon (OpenStreetMap)

When you type a city name into the chart form, the text is sent to Photon (photon.komoot.io), a public OpenStreetMap geocoding service, to return matching city suggestions with coordinates. Only the text you type in the city field is transmitted; we do not send your name, account, or any identifier. Subject to Komoot's privacy policy.

Your account data and chart are retained until you delete your account. When you delete your account (iOS app → You tab → Delete Account, or by emailing us), we immediately remove your row from our database. Backups are rotated out within 30 days.

Local copies of your chart stored on your device are removed when you delete the app or explicitly clear them from within the app.

Regardless of where you live, you have the following rights over your personal data:

• Access. Email us for a copy of the data we hold about you.
• Correction. Re-cast your chart at any time to correct birth details, or email us to update your name.
• Deletion. Delete your account from within the iOS app, or email us.
• Portability. Email us for an export of your data in a portable format (JSON).
• Objection. Stop using the service and request deletion.

If you reside in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the GDPR. If you reside in California, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We respond to verified requests within 30 days.

We do not sell or share personal information for cross-context behavioral advertising, as those terms are defined under the CPRA.

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, please contact us and we will delete it.

The web version of Crystal Astrology uses only strictly-necessary cookies to keep you signed in (Supabase session cookies). We do not use tracking cookies, advertising cookies, or non-essential analytics cookies. No consent banner is required because no non-essential tracking is performed.

Data is transmitted over HTTPS. Passwords are hashed with bcrypt by Supabase Auth; we never see plaintext passwords. Database access is restricted by Row-Level Security so a given user can only read or modify their own row. We do not store financial information ourselves.

We may revise this Privacy Policy from time to time. Material changes will be announced at least 14 days before they take effect, via email (if you have an account) or a banner on the Site. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

Questions, access requests, deletion requests, or general privacy concerns:

privacy@crystalastrology.com