Privacy policy

Your privacy matters. This policy explains which data we collect, why, and how we use it — under GDPR and applicable local law.

Controller

The controller in the sense of the GDPR is the operator of The Astro Academy. Contact details in the imprint.

What we collect

• Birth data (date, time, place) — used only to compute your natal chart. Stored encrypted.
• Email address — for sign-in links, lesson progress and transactional messages.
• Usage data — aggregated, pseudonymised stats (page views, errors, performance).
• Payment data — handled entirely by Stripe. We never store card numbers ourselves.

Legal basis

We process your data under Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in a secure, performant product).

Processors

• Supabase (database & auth) — EU servers.
• Vercel (hosting & CDN).
• Google Gemini (AI text generation) — anonymised prompts, no personal identifiers.
• Stripe (payment processing).
• Resend (transactional email delivery).

Retention

We keep your data while your account is active. On request we delete it within 30 days.

Your rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Complaint to a supervisory authority (Art. 77 GDPR)

Contact

Send privacy requests to privacy@theastroacademy.com.