Privacy Policy

Effective Date: January 6, 2025

Last Updated: January 6, 2025

1. Introduction

Welcome to Sidereal Chart ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal data transparently and securely.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services at siderealchart.com (the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

Key Points:

  • • We are registered with the UK Information Commissioner's Office (ICO)
  • • We process special category data (health and belief information) with your explicit consent
  • • You have full control over your data, including rights to access, export, and delete
  • • We never sell your data to third parties
  • • We use your data solely to provide the Service you've requested

2. Who We Are

Data Controller:

Sidereal Chart

Location: United Kingdom

Email: privacy@siderealchart.com

We are the data controller responsible for your personal information. If you have any questions about this policy or our data practices, please contact us at the email above.

3. What Data We Collect

3.1 Account Information (Required for Service)

When you create an account, we collect:

  • Email address (for login and communication)
  • Password (stored as an encrypted hash using bcrypt)
  • Birth date, time, and location (latitude, longitude, timezone) for natal chart calculations
  • Subscription status (free or premium tier)

Legal Basis: Processing is necessary to perform our contract with you (Article 6(1)(b) UK GDPR).

3.2 Assessment Responses (Optional - Special Category Data)

When you choose to complete psychological assessments, we collect your responses to:

  • Personality assessments (Big Five, Enneagram-inspired types)
  • Health and wellbeing questions (physical health, emotional wellbeing, sleep, activity)
  • Spiritual wellbeing questions (meaning, peace, faith)
  • Other psychological frameworks (attachment patterns, values, identity, decision-making)

Data Classification: These responses constitute special category data under Article 9 UK GDPR because they relate to health (physical and mental wellbeing) and religious or philosophical beliefs (spiritual wellbeing, life meaning).

Legal Basis: We process this data only with your explicit consent (Article 6(1)(a) + Article 9(2)(a) UK GDPR). Consent is:

  • • Freely given (you can use the Service without completing assessments)
  • • Specific (requested separately for each assessment category)
  • • Informed (we explain what data we collect and how we use it)
  • • Unambiguous (requires an active opt-in)

You can withdraw consent at any time from your account settings.

3.3 Usage and Technical Data

We automatically collect:

  • Access logs (IP address, browser type, device type, pages visited)
  • Usage analytics (features used, time spent, interactions)
  • Cookies and similar technologies (with your consent for non-essential cookies)

Legal Basis: Legitimate interests (Article 6(1)(f)) for essential analytics to improve the Service, or consent for non-essential analytics and marketing cookies.

3.4 Payment Information

For premium subscriptions, we collect:

  • Stripe customer ID (linked to your email)
  • Subscription status and history

Important: We never store your credit card details. All payment processing is handled securely by Stripe. We only receive confirmation of successful payments and subscription status.

Legal Basis: Processing is necessary to perform our contract with you (Article 6(1)(b)).

4. How We Use Your Data

4.1 Core Service Delivery

We use your data to:

  • Generate your sidereal natal chart using your birth details
  • Calculate and display assessment scores from your questionnaire responses
  • Show current astrological transits relative to your natal chart
  • Create visualizations (charts, graphs, radars) of your data
  • Track changes over time in your assessment scores (longitudinal data)
  • Enable data export so you can download your information

What We Do NOT Do:

  • ❌ We do not provide medical, psychological, or professional advice
  • ❌ We do not diagnose conditions or recommend treatments
  • ❌ We do not make predictions about your future
  • ❌ We do not interpret your data beyond displaying scores and patterns

4.2 Communication

With your consent, we may send you:

  • Service updates (essential account and security notifications)
  • Product updates (new features, improvements)
  • Marketing emails (optional, you can unsubscribe anytime)

You can manage your email preferences in your account settings.

4.3 Service Improvement

We use anonymized, aggregated data to:

  • • Improve our algorithms and calculations
  • • Understand how features are used
  • • Fix bugs and optimize performance
  • • Develop new features based on usage patterns

When data is fully anonymized (no reasonable way to re-identify you), it is no longer personal data under GDPR and we may retain it indefinitely for statistical analysis.

5. Legal Basis Summary

Data TypeArticle 6 BasisArticle 9 Basis (if applicable)
Account & birth dataContract (6(1)(b))N/A
Assessment responsesConsent (6(1)(a))Explicit consent (9(2)(a))
Usage analyticsLegitimate interests (6(1)(f)) or ConsentN/A
Payment processingContract (6(1)(b))N/A
Marketing emailsConsent (6(1)(a))N/A

6. Data Sharing and Third Parties

6.1 We Do NOT:

  • ❌ Sell your data to anyone
  • ❌ Share your personal information with advertisers
  • ❌ Use your data for profiling beyond what you see in your dashboard
  • ❌ Share your assessment responses with third parties

6.2 We DO Share Data With:

Only with trusted service providers who help us deliver the Service:

Stripe (Payment Processing)

  • Purpose: Handle subscription payments
  • Data shared: Email, Stripe customer ID
  • Location: US (covered by UK-US Data Privacy Framework)
  • Contract: Data Processing Agreement in place

Vercel (Hosting)

  • Purpose: Host and deliver the website
  • Data shared: All data necessary to run the Service
  • Location: US (covered by UK-US Data Privacy Framework)
  • Contract: Data Processing Agreement in place

Neon (Database)

  • Purpose: Store your account and assessment data
  • Data shared: All stored data
  • Location: US (covered by UK-US Data Privacy Framework)
  • Contract: Data Processing Agreement in place
  • Security: Encryption at rest

All processors are contractually bound to:

  • • Process data only on our instructions
  • • Maintain appropriate security measures
  • • Not use your data for their own purposes
  • • Assist with data subject rights requests
  • • Delete or return data when our relationship ends

7. International Data Transfers

Your data may be transferred to and processed in the United States by our service providers (Vercel, Neon, Stripe).

Safeguards:

  • • All US processors are certified under the UK extension of the EU-US Data Privacy Framework
  • • We have Data Processing Agreements with appropriate security and privacy clauses
  • • We conduct transfer risk assessments as required by UK GDPR

8. Data Security

We implement industry-standard security measures to protect your data:

Technical Measures:

  • ✅ TLS 1.3 encryption for all data in transit (HTTPS)
  • ✅ AES-256 encryption for data at rest (database level)
  • ✅ Bcrypt password hashing (never stored in plain text)
  • ✅ Secure session management
  • ✅ Regular security patches and updates
  • ✅ Access controls and authentication
  • ✅ Secure API communications

Organizational Measures:

  • ✅ Minimal access principle (only authorized personnel)
  • ✅ Regular security audits and monitoring
  • ✅ Incident response procedures
  • ✅ Staff training on data protection
  • ✅ Regular backups with 30-day retention

Breach Response:

If we suffer a data breach likely to result in risk to your rights and freedoms, we will:

  1. 1. Notify the ICO within 72 hours of becoming aware
  2. 2. Notify you without undue delay if the risk is high
  3. 3. Describe the breach, its likely consequences, and our response
  4. 4. Take immediate steps to contain and remediate the breach

9. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy:

Data TypeRetention PeriodReason
Active accountsWhile account is activeService delivery
Inactive free accounts2 years after last loginAllow reactivation
Inactive premium accounts2 years after subscription endsAllow reactivation
Deleted accounts30 days (then permanent deletion)Recovery period
Payment records6 years after last transactionUK tax and legal requirements
Anonymized analyticsIndefinitelyNo longer personal data

Automated Deletion:

After 2 years of inactivity, we will:

  1. 1. Send you an email warning of upcoming deletion
  2. 2. Wait 30 days for a response
  3. 3. Permanently delete your account and all associated data if no response

You can manually delete your account at any time from your account settings (see Section 10).

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

10.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you.

How to exercise: Go to Settings → Privacy → Export Data, or email privacy@siderealchart.com

Response time: Within 1 month (free of charge for the first request)

What you'll receive:

  • • Machine-readable format (JSON)
  • • Human-readable format (PDF)
  • • All account data, birth details, assessment responses, scores, and usage history

10.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete data.

How to exercise: Update your profile in Settings, or email privacy@siderealchart.com

10.3 Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data.

How to exercise: Go to Settings → Privacy → Delete Account, or email privacy@siderealchart.com

What happens:

  • • 30-day grace period (you can cancel deletion)
  • • After 30 days: permanent, irreversible deletion of all data
  • • We retain only minimal payment records required by law (anonymized where possible)

Exceptions: We may retain data if required by law (e.g., tax records) or to defend legal claims.

10.4 Right to Restriction (Article 18)

Request that we stop processing your data temporarily.

How to exercise: Email privacy@siderealchart.com with your request

Effect: We will mark your data as restricted and only process it with your consent or for limited legal purposes.

10.5 Right to Data Portability (Article 20)

Receive your data in a structured, commonly used, machine-readable format.

How to exercise: Export your data from Settings → Privacy → Export Data

What you'll receive: JSON file containing all data you've provided (birth details, assessment responses, journal entries, etc.)

10.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Direct marketing: Click "Unsubscribe" in any marketing email, or adjust preferences in Settings

Profiling/processing: Because our Service is built around data visualization and analysis, objecting to processing means we cannot provide the Service. We will explain this and may need to close your account if you maintain your objection.

10.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Our position: We do NOT make automated decisions with legal or similarly significant effects. We only:

  • • Display your assessment scores
  • • Show how scores relate to transits
  • • Visualize patterns in your data

You remain in full control of any decisions based on this information.

10.8 Right to Withdraw Consent

Withdraw consent for special category data processing at any time.

How to exercise: Go to Settings → Privacy → Manage Consent, or email privacy@siderealchart.com

Effect:

  • • Assessment data will be deleted or frozen (no longer processed)
  • • You can still access basic features (natal chart, guest charts, monthly transits)
  • • Premium features requiring assessment data will be unavailable

11. Consent Management

11.1 Granular Consent

We ask for your explicit consent separately for each category of special category data:

Mind Assessments

(Personality, cognition, decision-making)

  • • Big Five personality
  • • Enneagram-inspired types
  • • Attachment patterns
  • • Locus of control
  • • Cognitive patterns

Body Assessments

(Physical health and behavior)

  • • Physical health questions (PROMIS)
  • • Sleep quality
  • • Physical activity
  • • Substance use screening
  • • Somatic awareness

Soul Assessments

(Beliefs and meaning)

  • • Spiritual wellbeing
  • • Life meaning and purpose
  • • Core values

World Assessments

(Social and environmental context)

  • • Social identity
  • • Cultural dimensions
  • • Socioeconomic context
  • • Environmental stability

11.2 Freely Given

Consent is freely given because:

  • ✅ You can use core features (natal chart, guest charts, monthly transits) without completing any assessments
  • ✅ Premium features are optional
  • ✅ No consequences for refusing consent (other than reduced functionality)
  • ✅ You can withdraw consent at any time

11.3 Informed

Before each assessment, we clearly explain:

  • • What data we're collecting
  • • Why we need it (to calculate and display scores)
  • • How long we'll keep it
  • • That it's special category data
  • • Your right to withdraw consent

11.4 Withdrawal Process

  1. 1. Go to Settings → Privacy → Manage Consent
  2. 2. Toggle off any assessment category
  3. 3. Choose to either:
    • Delete data (permanent removal)
    • Freeze data (kept but not processed)
  4. 4. Confirm your choice

Withdrawal takes effect immediately. You can re-consent later if you change your mind (frozen data can be reactivated; deleted data cannot).

12. Cookies and Tracking

12.1 Essential Cookies (No Consent Required)

These cookies are necessary for the Service to function:

  • Session cookies: Keep you logged in
  • Security cookies: Prevent CSRF attacks
  • Preference cookies: Remember your settings (e.g., dark mode)

12.2 Analytics Cookies (Consent Required)

With your consent, we use:

  • Google Analytics 4: Understand how the Service is used
  • Anonymized IP addresses: Privacy-friendly analytics

12.3 Marketing Cookies (Consent Required)

Currently, we do not use marketing or advertising cookies. If we add them in the future, we will ask for your consent.

12.4 Cookie Management

You can manage your cookie preferences:

  • On first visit: Cookie consent banner with "Accept" / "Reject" options
  • Anytime: Settings → Privacy → Cookie Preferences
  • Browser settings: Most browsers allow you to block cookies

Rejecting non-essential cookies will not affect core functionality.

13. Children's Privacy

Age Restriction:

Our Service is only available to individuals aged 18 and over.

We do not knowingly collect data from anyone under 18. If we discover that we have inadvertently collected data from someone under 18, we will delete it immediately.

If you believe we have data from someone under 18, please contact us at privacy@siderealchart.com.

14. Data Protection Impact Assessment (DPIA)

Given that we:

  • • Process special category data (health, beliefs)
  • • Profile individuals (combine data to create dashboards)
  • • Use innovative technology (astrological + psychological integration)

We have conducted a Data Protection Impact Assessment as required by UK GDPR Article 35.

Key findings:

  • Risk level: Moderate (special category data with profiling)
  • Mitigations: Explicit consent, strong security, user control, clear disclaimers, easy export/deletion
  • Conclusion: Risks are adequately mitigated with current safeguards

The DPIA is reviewed annually and updated when we introduce new processing activities.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in:

  • • Our data practices
  • • Legal requirements
  • • Service features

How we notify you:

  • • Email notification for material changes (if you're a registered user)
  • • Prominent notice on the website for 30 days
  • • "Last Updated" date at the top of this policy

Your continued use of the Service after changes constitutes acceptance.

For significant changes affecting special category data processing, we will seek fresh consent where required by law.

16. Contact Us and Complaints

16.1 Questions or Concerns

Email: privacy@siderealchart.com

Response time: Within 5 business days

16.2 Data Subject Requests

For access, deletion, or other rights requests:

Email: privacy@siderealchart.com

Response time: Within 1 month (extendable by 2 months for complex requests with notice)

16.3 Complaints to the ICO

You have the right to lodge a complaint with the UK Information Commissioner's Office:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Phone: 0303 123 1113

Website: https://ico.org.uk/make-a-complaint/

We would appreciate the opportunity to address your concerns before you contact the ICO, but this is your right and we will not penalize you for exercising it.

17. Additional Information for Specific Users

17.1 US Residents

While we are a UK-based company and primarily governed by UK GDPR, we recognize that some US states have consumer privacy laws (e.g., CCPA/CPRA in California).

If you are a US resident, you have similar rights to those described above. Contact us at privacy@siderealchart.com to exercise any rights under your state's privacy laws.

17.2 EU Residents

If you are accessing our Service from the EU, you are protected by EU GDPR, which provides substantially similar protections to UK GDPR. All rights and processes described in this policy apply equally to EU residents.

Thank you for trusting Sidereal Chart with your data.

We take this responsibility seriously and are committed to protecting your privacy.

Last updated: January 6, 2025