Privacy Policy

Last Updated: 2/16/2026

1. Introduction

Aura ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our automated astrology services. We operate globally with users in the EU, UK, and US, and we comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. What Personal Data We Collect

We collect the following categories of personal data to provide our astrology services:

  • Birth Information: Date, time, and place of birth for astrological calculations
  • Account Information: Email address, username, and password (hashed)
  • Profile Data: Reading history, preferences, saved charts, and subscription status
  • Payment Information: Processed securely through third-party payment providers (e.g., Stripe). We do not store credit card details on our servers
  • Usage Data: Information about how you interact with our services, including features used and reading types accessed
  • Technical Data: IP address, browser type, device information, and cookies (as described in our Cookie Policy)

3. Purpose of Data Processing

We process your personal data for the following purposes:

  • To generate natal charts, astrological readings, and personalized insights using software-based calculations and algorithmic processes
  • To create and manage your account and provide access to our services
  • To process payments and manage subscriptions through third-party payment providers
  • To communicate with you about your account, service updates, and important notices
  • To improve our services, algorithms, and content generation methods
  • To ensure security, prevent fraud, and comply with legal obligations
  • To analyze usage patterns and service performance (using aggregated, anonymized data)

We do not use your personal data for marketing purposes without your explicit consent.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: To fulfill our contract with you (providing astrology services)
  • Legitimate Interests: To improve our services, ensure security, and prevent fraud
  • Consent: Where you have provided explicit consent (e.g., for marketing communications)
  • Legal Obligation: To comply with applicable laws and regulations

5. Automated Processing and Profiling

Aura uses automated systems, software-based analysis, and algorithmic processes to generate all readings and interpretations. This includes:

  • Automated calculation of astrological positions and chart generation
  • Algorithmic interpretation of birth chart data
  • Software-based analysis for compatibility assessments
  • Automated content generation for horoscopes and forecasts

All content is generated through automated systems without human astrologers or personal advisors. You have the right to object to automated processing that produces legal effects or significantly affects you, where applicable under GDPR.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for authentication, session management, and service functionality
  • Analytics Cookies: To understand how users interact with our services (with your consent)
  • Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings. Essential cookies are necessary for the service to function and cannot be disabled. We do not use tracking cookies or third-party analytics without your explicit consent.

7. Third-Party Services and Data Sharing

We use trusted third-party services to operate our platform. We share data only as necessary:

  • Payment Processing: Stripe processes payments securely. Payment data is handled by Stripe according to their privacy policy
  • Database and Hosting: Supabase (PostgreSQL) stores user profiles and reading data securely
  • Content Generation: Automated systems and algorithms process your birth data to generate readings
  • Analytics and Infrastructure: We may use third-party services for analytics and infrastructure (with appropriate data protection measures)

We do not sell your personal data. We share data only with service providers who are contractually obligated to protect your data and use it solely for the purposes we specify.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure:

  • Adequate safeguards are in place (e.g., Standard Contractual Clauses approved by the European Commission)
  • Data is processed in accordance with GDPR requirements
  • Appropriate security measures are maintained

By using our services, you consent to the transfer of your data to countries outside the EEA as described in this policy.

9. Data Retention Periods

We retain your personal data for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Retention Details:

  • Account Data: Retained while your account is active and for up to 3 years after account deletion (for legal compliance)
  • Reading History: Retained while your account is active. You can delete individual readings at any time
  • Payment Records: Retained for 7 years as required by financial regulations
  • Technical Logs: Retained for up to 12 months for security and troubleshooting purposes

You can request deletion of your account and data at any time, subject to legal retention requirements.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal requirements
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us through your account dashboard or email support. We will respond to your request within one month (or inform you if we need more time).

11. How to Exercise Your Rights

To exercise your GDPR rights, you can:

  • Access your data: View your profile, reading history, and account information through your account dashboard
  • Update your data: Modify your profile information and preferences in your account settings
  • Delete your account: Use the account deletion feature in your settings (subject to legal retention requirements)
  • Export your data: Request a data export through your account dashboard or by contacting support
  • Contact us: Reach out through your account dashboard or email support for any privacy-related requests

12. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data is encrypted in transit (HTTPS) and at rest
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Secure Infrastructure: Data is stored on secure servers with regular security updates
  • Payment Security: Payment processing is handled by PCI-DSS compliant providers (Stripe)
  • Regular Audits: We conduct regular security assessments and updates

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

13. Children's Privacy

Aura is intended for adults only. We do not knowingly collect personal data from individuals under 18 years of age. If you are under 18, you must not use our services. If we become aware that we have collected data from someone under 18, we will take steps to delete that information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Email notification to your registered email address
  • Notice displayed through the service
  • Updating the "Last Updated" date at the top of this page

We encourage you to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Information

For privacy-related questions, to exercise your rights, or to report a data protection concern, please contact us:

  • Through your account dashboard
  • Via email support (contact information available in your account settings)

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g., your country's Data Protection Authority in the EU).