Privacy Policy
Last Updated: [DATE]
Effective Date: [DATE]
[COMPANY NAME], a [STATE] limited liability company ("Company," "we," "us," or "our"), operates StarBind, including our website at [URL], our mobile applications for iOS and Android, and all related services (collectively, the "Service").
This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Service. It also describes your rights and choices regarding your data.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy is incorporated into and forms part of our Terms of Service.
1. Data Controller
For the purposes of applicable data protection laws:
- Data Controller: [COMPANY NAME], [COMPANY ADDRESS], [COMPANY EMAIL]
- EU/EEA Representative (GDPR Article 27): [TO BE APPOINTED — required if you have EU users but no EU establishment. Services such as GDPR-Rep.eu or DataRep offer this for approximately EUR 100–300/month]
2. Information We Collect
2.1 Information You Provide
| Data Type | Purpose | Required |
|---|---|---|
| Email address | Account creation, authentication, communications | Yes |
| Password | Account security (stored as a salted hash, never in plaintext) | Yes |
| Date of birth | Natal chart calculation, Sun sign determination, daily horoscope, age verification (16+) | Yes |
| Time of birth | Natal chart calculation (Ascendant, house placements) | Optional |
| Place of birth | Natal chart calculation (geographic coordinates for house system) | Optional |
| Birth coordinates | Derived from place of birth for astronomical calculations | Derived |
| House system preference | Natal chart house system selection | Optional |
| Username / nickname | Display in profile and shared content | Optional |
| Referral code | Credit attribution for invite rewards | Optional |
| Acceptance of Terms and Privacy Policy | Legal record of consent (GDPR Art. 7) — version and timestamp stored | Yes |
2.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| IP address | Security, approximate geolocation, abuse prevention |
| Device information | OS type, version, device model — for compatibility and debugging |
| Device identifier | Stable per-install ID used to bind your account to the device that registered it |
| Device attestation token | Apple App Attest / Google Play Integrity attestation, used at signup and for in-app purchases to confirm requests originate from a genuine, unmodified app instance |
| App version | Troubleshooting, feature availability |
| Usage data | Pages visited, features used, session duration — for analytics and improvement |
| Crash reports | Identifying and fixing technical issues |
2.3 Information from Third Parties
We may receive information from:
- App stores — Apple App Store and Google Play share purchase, subscription, and refund events for the products you buy from us.
- Push notification providers — Firebase Cloud Messaging issues a device token we use to deliver notifications you have opted into.
We do not currently support third-party single sign-on (Google, Apple, Facebook, etc.). All accounts are created with email and password.
2.4 Information We Retain After Account Deletion
When you delete your account, we hard-delete all of the data above except for one record: a counter of how many StarBind accounts have been created from your physical device (via the device identifier in §2.2). We keep only the count — not your account or any of its contents — in a separate table that has no link back to you. We rely on this counter under GDPR Art. 6(1)(f) (legitimate interests) to limit account-creation abuse. We also retain anonymized audit-log entries (event type, hashed email, timestamp) sufficient to demonstrate that deletion and consent events occurred (GDPR Art. 5(2) accountability).
3. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the Service — calculate natal charts, generate horoscopes, deliver readings | Contract performance |
| Create and manage your account | Contract performance |
| Process payments for premium features | Contract performance |
| Generate AI-powered content — daily horoscopes and interpretive readings via LLM | Contract performance / Legitimate interest |
| Send transactional communications — account verification, password resets, subscription updates | Contract performance |
| Improve the Service — analyze usage patterns, fix bugs, develop new features | Legitimate interest |
| Limit account-creation abuse — count of accounts created per device (see §2.4) | Legitimate interest |
| Ensure security — detect fraud, prevent abuse, enforce our Terms | Legitimate interest |
| Comply with legal obligations — respond to lawful requests, meet regulatory requirements | Legal obligation |
We will never use your birth data to make automated decisions that produce legal or similarly significant effects on you.
4. AI and LLM Data Processing
We use third-party large language model (LLM) providers to generate personalized astrological content such as daily horoscopes and readings.
- What we send: Only de-identified astrological data (planetary positions, aspects, sign placements). We do not send your name, email, birth date, birth location, or any other directly identifying information to LLM providers.
- Data retention by LLM providers: We contractually require that LLM providers do not retain your data beyond the immediate processing request.
- No training: Your data is not used to train third-party AI models.
5. How We Share Your Information
We do not sell your personal information.
We may share your information with:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Cloud hosting providers | Infrastructure and data storage | All data (encrypted) |
| Payment processors | Subscription and purchase processing | Payment and transaction data |
| Analytics providers | Usage analysis and Service improvement | Anonymized/pseudonymized usage data |
| LLM providers | AI-generated horoscopes and readings | De-identified astrological data only |
| Law enforcement / regulators | When legally required or to protect rights | As required by law |
We require all third-party service providers to process your data only on our behalf and in accordance with our instructions and applicable data protection laws.
6. Cookies and Tracking Technologies
6.1 What We Use
| Technology | Purpose | Duration |
|---|---|---|
| Essential cookies | Authentication, session management, security | Session / persistent |
| Analytics cookies | Understanding usage patterns and Service performance | Up to 2 years |
6.2 Your Choices
- EU/EEA/UK users: We request your consent before placing non-essential cookies via a cookie consent banner. You may withdraw consent at any time.
- All users: You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.
6.3 Do Not Track
We currently do not respond to "Do Not Track" browser signals, as there is no industry-standard protocol for compliance.
6.4 Global Privacy Control (GPC)
We honor Global Privacy Control signals. If your browser sends a GPC signal, we will treat it as a valid opt-out of any data sharing covered by applicable state laws.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
| Data | Retention Period |
|---|---|
| Account data (email, name, birth data) | Until you delete your account |
| Generated natal charts and readings | Until you delete your account |
| Usage and analytics data | Up to 24 months (anonymized after) |
| Payment records | As required by tax and financial regulations (typically 7 years) |
| Server logs | Up to 90 days |
Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
8. Data Security
We implement industry-standard technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Salted password hashing (passwords are never stored in plaintext).
- Access controls limiting employee access to personal data on a need-to-know basis.
- Regular security assessments.
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your data is processed and stored on servers located in [COUNTRY/REGION]. If you access the Service from outside this region, your information may be transferred to and processed in a country with different data protection laws.
For EU/EEA/UK users: Where we transfer personal data outside the EU/EEA/UK, we rely on:
- EU-US Data Privacy Framework (if we are self-certified), or
- Standard Contractual Clauses approved by the European Commission.
You may request a copy of the applicable safeguards by contacting us.
10. Your Rights
10.1 For All Users
Regardless of your location, you may:
- Access your personal data through your account settings, including a full JSON export of everything we hold about you.
- Update or correct your information through your account settings.
- Delete your account and associated data through the Service. Deletion is hard — all account data is removed in a single transaction, except as described in §2.4.
10.2 For EU/EEA/UK Users (GDPR)
Under the General Data Protection Regulation, you have the following additional rights:
- Right of access — request a copy of all personal data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure ("right to be forgotten") — request deletion of your data.
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests, including profiling.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise these rights, contact us at [COMPANY EMAIL]. We will respond within 30 days.
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority.
10.3 For California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:
- Know what personal information we collect, use, and share.
- Delete your personal information.
- Opt out of the sale or sharing of your personal information. We do not sell your personal information.
- Non-discrimination — we will not discriminate against you for exercising your rights.
To submit a request, contact us at [COMPANY EMAIL]. We will verify your identity before processing your request.
10.4 For Residents of Other US States
If you reside in Colorado, Connecticut, Virginia, Utah, or other states with consumer privacy laws, you may have similar rights to access, delete, correct, and opt out of certain data processing. Contact us at [COMPANY EMAIL] to exercise your rights.
11. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [COMPANY EMAIL], and we will promptly delete such information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Posting the updated policy on the Service with a new "Last Updated" date.
- Sending you an email notification at least 30 days before the changes take effect.
Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: [COMPANY EMAIL]
- Address: [COMPANY ADDRESS]
For EU/EEA data protection inquiries:
- EU Representative: [EU REPRESENTATIVE NAME AND CONTACT — to be appointed]
This Privacy Policy was last updated on [DATE].