Privacy Policy

2.1 Personal Information You Provide

2.2 Information We Automatically Collect

• Technical Data: IP address (for rate limiting and security)
• Usage Data: Pages visited, features used, API requests made
• Device Information: Browser type, device type, operating system
• Timestamps: Account creation, last login, report generation times

2.3 Generated Content

• Calculated spiritual insights and reports
• AI-generated interpretations and analyses
• Cached calculation results for performance
• Report metadata and generation history

3.1 Core Service Functions

• Generate personalized spiritual insights and reports
• Calculate astrological positions, numerology, and other spiritual systems
• Create and maintain your user account
• Store and retrieve your personalized reports
• Cache calculations to improve performance and user experience

3.2 Platform Operations

• Authenticate and authorize access to your account
• Implement rate limiting to ensure fair usage
• Monitor system performance and troubleshoot issues
• Prevent fraud, abuse, and unauthorized access
• Comply with legal obligations and enforce our Terms of Service

3.3 Communication

• Send account-related notifications and updates
• Respond to your inquiries and support requests
• Notify you of important changes to our service or policies

4.1 Third-Party APIs

We use external services to provide accurate calculations:

• Divine API: Western astrology calculations (birth charts, planetary positions)
• Human Design API: Human Design chart generation and activations
• OpenStreetMap Nominatim: Converting birth locations to coordinates (free, open-source geocoding service)

Data shared: Birth date, time, and location coordinates (never your name or email). These services are used solely for calculations and do not store your personal data.

4.2 AI and Content Generation

• OpenRouter/OpenAI: Generate personalized spiritual interpretations

Data shared: Calculated results and your first name only for personalization. No birth data, email, or personal details are sent to AI services.

4.3 Infrastructure and Storage

• Supabase: Database hosting, user authentication, and data storage
• Vercel: Web hosting and application deployment
• Upstash Redis: Caching and rate limiting

4.4 Payment Processing

• Stripe: Secure payment processing for premium features

We do not store payment card information. All payment data is handled securely by Stripe.

4.5 Data We Never Share

We will never sell, rent, or share your personal information for marketing purposes or with data brokers.

5.1 Data Storage

• User data is stored securely in Supabase (PostgreSQL database)
• Reports and insights are cached for performance using encrypted storage
• All data transmission uses HTTPS encryption
• Database access is restricted and logged

5.2 Data Retention

• Account Data: Retained as long as your account is active
• Reports: Stored indefinitely for your access unless you request deletion
• Cache Data: Automatically expires after 24 hours
• Logs: Technical logs retained for 90 days for troubleshooting

5.3 Security Measures

• Passwords are hashed and never stored in plain text
• API keys and sensitive credentials are encrypted
• Rate limiting prevents abuse and unauthorized access
• Regular security updates and monitoring
• Access controls and authentication for all administrative functions

6.1 Essential Cookies

We use essential cookies for:

• User authentication and session management
• Security and fraud prevention
• Maintaining your preferences and settings

6.2 No Tracking or Analytics

We do not use third-party analytics, advertising cookies, or social media tracking pixels. We do not track your activity across other websites.

7.1 Access and Control

• View Your Data: Access your profile and generated reports through your account
• Update Information: Modify your birth information, name, or preferences
• Download Reports: Export your personalized insights and reports
• Delete Account: Request complete account and data deletion

7.2 Data Subject Rights (GDPR/CCPA)

If you are in the EU, UK, or California, you have additional rights:

• Right to Know: Request details about data collection and use
• Right to Delete: Request deletion of your personal data
• Right to Correct: Request correction of inaccurate information
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to certain data processing activities

7.3 Exercising Your Rights

To exercise these rights, contact us at support@cosmicblueprint.ai. We will respond within 30 days and may require identity verification to protect your privacy.