LEGAL // COMPLIANCE DOCUMENT

PRIVACY POLICY

Effective Date: February 2026 | Last Updated: February 2026

1. DATA CONTROLLER

[COMPANY_NAME] ("we", "us", "our") operates the ASTRIQ platform. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. For any questions regarding this policy, contact us at contact@astriq.io.

2. PERSONAL DATA WE COLLECT

We collect the following personal data when you register and use ASTRIQ:

●

Account Information: First name, last name, email address, and password (hashed)

●

Birth Data: Date of birth, birth city, and birth country (used to calculate your zodiac sign)

●

Zodiac Sign: Automatically calculated from your birthdate

●

Phone Number: Optional, encrypted at rest using AES-256-CBC

●

Profile Picture: Optional, stored securely on our servers

●

Google Account Data: If you sign in with Google, we receive your name, email, and profile picture from Google

3. PURPOSE OF DATA PROCESSING

We process your data for the following purposes:

●

Service Delivery: Generating personalized horoscope forecasts and astrological readings based on your zodiac sign

●

Account Management: Creating and maintaining your user account, authentication, and session management

●

Service Improvement: Understanding usage patterns to improve our platform (via anonymized analytics)

●

Content Moderation: Ensuring user-submitted content (e.g., Oracle queries) is appropriate

4. LEGAL BASIS FOR PROCESSING

●

Consent (Art. 6(1)(a) GDPR): You provide consent when you register an account and submit your personal data. You may withdraw consent at any time.

●

Contract Performance (Art. 6(1)(b) GDPR): Processing is necessary to provide you with the ASTRIQ services you requested.

●

Legitimate Interest (Art. 6(1)(f) GDPR): We have a legitimate interest in improving our services and ensuring platform security.

5. THIRD-PARTY SERVICES

We use the following third-party services to operate ASTRIQ:

●

Google OAuth: For optional single sign-on authentication. Google receives confirmation that you authorized login; we receive your basic profile information.

●

PostHog: For anonymized product analytics to understand how users interact with ASTRIQ. PostHog may set analytics cookies when enabled.

●

OpenAI: For content moderation of user-submitted Oracle queries. Your query text is sent to OpenAI for moderation only; it is not used to train models.

●

DigitalOcean Spaces: For secure cloud storage of uploaded profile images.

6. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data:

●

Sensitive fields (phone number) are encrypted at rest using AES-256-CBC encryption

●

Passwords are hashed and salted using industry-standard algorithms

●

All data transmission occurs over HTTPS (TLS encryption)

●

Session-based authentication with secure cookie attributes

●

Input validation and injection detection middleware on all endpoints

7. YOUR RIGHTS UNDER GDPR

Under the GDPR, you have the following rights regarding your personal data:

●

Right of Access: Request a copy of the personal data we hold about you

●

Right to Rectification: Request correction of inaccurate or incomplete data

●

Right to Erasure: Request deletion of your account and all associated data

●

Right to Data Portability: Receive your data in a structured, machine-readable format

●

Right to Restrict Processing: Request limitation of processing in certain circumstances

●

Right to Withdraw Consent: Withdraw your consent at any time by deleting your account or contacting us

●

Right to Lodge a Complaint: You may file a complaint with your local data protection authority

To exercise any of these rights, please contact us at contact@astriq.io. We will respond to your request within 30 days.

8. DATA RETENTION

We retain your personal data for as long as your account is active. If you request account deletion, we will permanently erase all personal data associated with your account within 30 days. Anonymized analytics data that cannot be linked back to you may be retained for service improvement purposes.

9. COOKIES

ASTRIQ uses essential session cookies to keep you logged in. We do not use tracking or advertising cookies. For detailed information about our cookie usage, please see our Cookie Policy.

10. AGE REQUIREMENT

ASTRIQ is not intended for users under the age of 16, in accordance with GDPR requirements. We do not knowingly collect personal data from individuals under 16. If we become aware that we have collected data from a user under 16, we will delete that data promptly.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of ASTRIQ after changes constitutes acceptance of the updated policy.

12. CONTACT

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at contact@astriq.io.