Privacy Policy

Last updated: April 1, 2026

1. Who We Are

BirthChart ("we," "us," "our") operates the website birthchart.app and the BirthChart email reading service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or subscribe to our service.

For questions about this policy, contact us at privacy@birthchart.app.

2. Information We Collect

2.1 Information You Provide

• Account information: Email address and name when you create an account or subscribe.
• Birth data: Date of birth, time of birth, and location of birth. This information is essential to calculate your natal chart and provide personalized readings.
• Preferences: Timezone, email delivery preferences, and reading customization settings.
• Communications: Any messages you send to our support team.

2.2 Information Collected Automatically

• Usage data: Pages visited, time spent on site, referring URLs, and click patterns.
• Device information: Browser type, operating system, device type, and screen resolution.
• IP address: Used for timezone detection and fraud prevention. Not stored long-term.
• Email engagement: Open rates and click-through rates on reading emails to improve content quality.

2.3 Information We Do NOT Collect

• Payment card details: All payment processing is handled by Stripe. We never see, access, or store your credit card numbers, CVV, or billing address.
• Social media data: We do not connect to or import data from social media accounts.
• Health information: We do not collect health, medical, or biometric data.

3. How We Use Your Information

We use your information for the following purposes:

• Service delivery: Calculating your natal chart and generating personalized daily, weekly, and monthly readings.
• Email delivery: Sending your readings to the email address you provide at the times you prefer.
• Account management: Managing your subscription, processing billing through Stripe, and providing customer support.
• Service improvement: Analyzing aggregate usage patterns to improve reading quality, email deliverability, and user experience.
• Communication: Sending service-related announcements (e.g., pricing changes, feature updates, maintenance notices). These are rare and always relevant to your subscription.

4. How We Protect Your Information

• All data is encrypted at rest using AES-256 encryption.
• All data in transit is protected with TLS 1.3.
• Birth data is stored in an isolated, encrypted database separate from other account data.
• Access to personal data is restricted to essential personnel only, with full audit logging.
• We conduct regular security assessments and penetration testing.
• Our infrastructure is hosted on SOC 2 Type II certified providers.

5. Data Sharing & Third Parties

We share data only with the following service providers, strictly for operating our service:

• Stripe: Payment processing. Stripe receives your email and payment method directly. Stripe's privacy policy: stripe.com/privacy.
• Email delivery provider: Your email address is shared with our email service provider solely to deliver your readings. We use a provider compliant with GDPR and SOC 2.
• Analytics: We use privacy-respecting analytics (no Google Analytics) to understand aggregate site usage. No personal data is shared with analytics providers.

We may disclose information if required by law, court order, or governmental regulation.

6. Data Retention

• Active subscribers: We retain your data for the duration of your subscription plus 30 days after cancellation.
• After cancellation: Birth data is automatically deleted 30 days after your subscription ends. Email address is retained for 90 days for reactivation purposes, then deleted.
• Payment records: Transaction records are retained for 7 years as required by tax and financial regulations. These are stored by Stripe, not by us.
• Support communications: Retained for 12 months after resolution.

7. Your Rights (GDPR)

If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email privacy@birthchart.app. We will respond within 30 days.

Our legal basis for processing your birth data is contractual necessity — we need it to deliver the service you've subscribed to. For analytics and improvement, our legal basis is legitimate interest.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold.
• Right to delete personal information held by businesses.
• Right to opt-out of the sale of personal information. Note: We do not sell personal information.
• Right to non-discrimination for exercising your CCPA rights.

9. Australian Residents

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Australian residents may access and correct their personal information by contacting us at privacy@birthchart.app. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

10. Cookies

Our website uses minimal cookies:

• Essential cookies: Session management and authentication. Cannot be disabled.
• Preference cookies: Remembering your timezone and display preferences.
• Analytics cookies: Privacy-respecting, anonymized usage analytics. Can be opted out of.

We do not use advertising cookies, tracking pixels, or third-party cookies for ad targeting.

11. Children's Privacy

BirthChart is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete that information immediately. If you believe a child under 16 has provided us with personal data, please contact privacy@birthchart.app.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by sending an email to your registered address at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data: