Privacy Policy

Last updated: April 16, 2026

1. Data Controller Identification

The entity responsible for the processing of personal data collected through Astrology App (“controller” under the LGPD and the GDPR, or “APP entity” under the Australian Privacy Act) is:

• Legal Name: Nowalls Analytics Pty Ltd
• ABN: 65 634 729 098
• Registered Office: 16 Carlingford Court, Warner QLD 4500, Australia
• Contact Email: support@astrologyapp.net

Although headquartered in Australia, Astrology App processes personal data of users worldwide and complies with applicable data protection obligations in each jurisdiction, including the Australian Privacy Act 1988 (and the Australian Privacy Principles — APPs), the Brazilian General Data Protection Law (LGPD — Law No. 13,709/2018), and the European Union General Data Protection Regulation (GDPR — Regulation EU 2016/679), as applicable.

2. Data Protection Officer / Privacy Officer

In compliance with Article 41 of the LGPD and with the obligations under the Australian Privacy Principles, we have designated the following person responsible for privacy matters:

• Responsible Party: Nowalls Analytics Pty Ltd
• Email: support@astrologyapp.net

This person serves as the point of contact between Astrology App, data subjects, the Brazilian National Data Protection Authority (ANPD), the Office of the Australian Information Commissioner (OAIC), and any other competent data protection authorities.

3. Personal Data Collected

When you use Astrology App, we collect the following categories of personal data:

3.1. Registration Data

• Full name or display name;
• Email address;
• Authentication method (Google, Apple ID, or email/password).

3.2. Birth Data (provided by the user for astrological calculations)

• Date of birth (day, month, and year);
• Time of birth;
• Place of birth (city, state/province, and country).

Note on sensitive data: The combination of birth data with astrological interpretations may reveal the data subject’s philosophical or spiritual beliefs or convictions. Under the LGPD (Art. 11), such data may be considered sensitive personal data. Under the Australian Privacy Act, data about philosophical beliefs is classified as sensitive information. We process this data with enhanced protection and upon the data subject’s specific consent.

3.2.1. Third-Party Birth Data

Astrology App allows users to enter third-party birth data for features such as synastry (compatibility between two people). In such cases:

• The user who enters the data acts as the party responsible for obtaining the prior, free, informed, and express consent of the third party whose data is being provided;
• Astrology App processes such data exclusively for the purpose of the astrological calculation requested by the user, applying the same security and anonymization measures described in this Policy;
• The third party whose data was entered has the same rights set forth in Section 10 of this Policy (access, correction, deletion, etc.) and may exercise them directly by emailing support@astrologyapp.net;
• Astrology App is not responsible for the entry of third-party data without proper consent; the user is fully responsible for any violations of applicable data protection legislation;
• The third party’s consent must cover, at a minimum, awareness that their data will be processed by a digital astrology platform and that interpretations will be generated by artificial intelligence, as described in the Terms of Use.

We recommend that the user keep a record of the consent obtained from the third party, for evidentiary purposes if necessary.

3.3. Usage Data

• Interactions with the application (features accessed, content generated);
• Token history (purchases and usage);
• Device data (type, operating system, app version, screen resolution);
• IP address and approximate geolocation data;
• Browsing and analytics data collected by Google Analytics 4 (see Section 12 — Cookies).

3.4. Payment Data

Financial data is processed exclusively by Stripe. Astrology App does not store, under any circumstances, credit card, debit card, or any sensitive financial data on its servers. Stripe operates in compliance with PCI-DSS standards.

4. Legal Bases for Data Processing

The processing of personal data is based on the following legal grounds, as provided by applicable legislation in each jurisdiction:

For users in Brazil (LGPD, Art. 7):

• Performance of a contract (Art. 7, V): registration and birth data necessary for the provision of the contracted service;
• Consent (Art. 7, I, and Art. 11, I): for sending data to AI providers, processing potentially sensitive data (beliefs/convictions), and sending marketing communications;
• Legitimate interest (Art. 7, IX): for service improvement, platform security, analytics, and fraud prevention;
• Compliance with a legal obligation (Art. 7, II): for the retention of tax and financial data.

For users in Australia (Privacy Act 1988 — APPs):

The processing of personal data complies with the Australian Privacy Principles, particularly APPs 3 (collection), 5 (notification), 6 (use and disclosure), 8 (cross-border disclosure), and 11 (security).

For users in the European Union (GDPR, Art. 6):

• Performance of a contract (Art. 6(1)(b)): data necessary for the provision of the service;
• Consent (Art. 6(1)(a)): for potentially sensitive data and marketing communications;
• Legitimate interest (Art. 6(1)(f)): for security, analytics, and service improvement;
• Legal obligation (Art. 6(1)(c)): for compliance with tax and regulatory obligations.

5. Purposes of Data Processing

Your personal data is processed for the following purposes:

• Calculate and display natal charts, synastry, solar returns, and planetary transits;
• Generate personalized astrological interpretations through artificial intelligence;
• Process token purchases and maintain the user’s balance;
• Send transactional communications about the user’s account (confirmations, security alerts) via Resend;
• Send marketing communications (weekly horoscope, news), when authorized by the user;
• Analyze usage patterns and behavior on the platform (via Google Analytics 4) for service improvement;
• Ensure the security, integrity, and operation of the platform;
• Comply with applicable legal and regulatory obligations;
• Personalize the user experience.

6. Data Sharing with Third Parties

Astrology App does not sell, rent, or trade its users’ personal data. We share information only with the following partners, strictly for the purposes described:

• Google Cloud Platform / Firebase (Firestore): account authentication (Firebase Authentication) and data storage (Cloud Firestore). Data is stored in the us-east1 region (South Carolina, United States). Google operates in compliance with ISO 27001 and SOC 2 standards;
• Google Analytics 4: collection and analysis of usage and browsing data for service improvement purposes. Data is processed on Google servers in the United States. We use IP anonymization when available. The user may opt out of Google Analytics collection as described in Section 12;
• Anthropic (Claude AI): artificial intelligence processing for generating astrological interpretations. Only birth data (date, time, and place) is sent in anonymized form, without linking to the user’s name, email, or any other direct identifier. Anthropic does not use data sent via its commercial API to train its AI models;
• Stripe: secure payment processing. Financial data is handled exclusively by Stripe, in accordance with PCI-DSS standards and Stripe’s privacy policy;
• Resend: sending transactional and marketing emails. Only the user’s name and email address are shared exclusively for the purpose of delivering messages.

We may also share personal data when required by law, court order, or legitimate request from a competent authority in any applicable jurisdiction.

7. International Data Transfers

Due to the global nature of our services and the technology partners we use, personal data is transferred to and processed on servers located outside the user’s country of residence, specifically:

• United States: Google Cloud / Firebase (Firestore, us-east1 region), Google Analytics 4, Anthropic (Claude AI), Stripe, Resend;
• Australia: operational headquarters of Astrology App.

For users in Brazil: This transfer is carried out in compliance with Articles 33 to 36 of the LGPD and is based on the use of providers that adopt standard contractual clauses, security certifications (ISO 27001, SOC 2, PCI-DSS), and technical measures equivalent to or exceeding those required by Brazilian legislation.

For users in the EU/EEA: Transfers are carried out on the basis of Standard Contractual Clauses approved by the European Commission (SCCs), pursuant to Article 46(2)(c) of the GDPR, and/or adequacy decisions, where applicable.

For users in Australia: In compliance with APP 8, we take reasonable steps to ensure that overseas recipients comply with the Australian Privacy Principles or provide substantially similar protection.

8. Data Security

We adopt appropriate technical and administrative measures to protect personal data, including:

• Encryption in transit (HTTPS/TLS) for all communications;
• Secure cookies (HttpOnly, Secure, SameSite);
• Storage in Cloud Firestore with access control based on Firebase Authentication and Firestore Security Rules;
• Restricted access to personal data, limited to authorized personnel and systems;
• Anonymization of data before sending to AI providers, where technically feasible;
• Continuous monitoring for vulnerabilities and threats.

While we adopt the best available security practices, no system is completely inviolable. In the event of a security incident, we will proceed as described in Section 13.

9. Data Retention and Deletion

Personal data will be retained for the following periods:

• Account and birth data: for as long as the user’s account remains active;
• Usage and analytics data: for a maximum period of 26 (twenty-six) months, aligned with the standard retention period of Google Analytics 4;
• Tax and financial data: for a period of 5 (five) years after the transaction, in accordance with Australian tax legislation (Taxation Administration Act 1953) and applicable legislation in other jurisdictions;
• Security logs: for a maximum period of 12 (twelve) months;
• Backups: data in backup copies will be deleted within 90 (ninety) days after the deletion of the main account.

Upon a request for account deletion, personal data will be eliminated within 30 (thirty) days, except for data that must be retained due to legal obligations for the periods indicated above.

10. Data Subject Rights

Astrology App respects the rights of personal data subjects in all jurisdictions. Below are the applicable rights under each legislation:

10.1. For all users:

• Confirmation of the existence of data processing;
• Access to the personal data being processed;
• Correction of incomplete, inaccurate, or outdated data;
• Deletion/erasure of personal data;
• Withdrawal of consent at any time;
• Information about third parties with whom data is shared.

10.2. Additional rights for users in Brazil (LGPD, Arts. 17-22):

• Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data;
• Data portability to another service provider;
• Information about the possibility of not providing consent and the consequences of refusal;
• Review of automated decisions that affect their interests, including interpretations generated by artificial intelligence (Art. 20 of the LGPD);
• Right to petition the National Data Protection Authority (ANPD).

10.3. Additional rights for users in the EU/EEA (GDPR):

• Right to data portability (Art. 20);
• Right to object to processing based on legitimate interest (Art. 21);
• Right to restriction of processing (Art. 18);
• Right not to be subject to solely automated decisions (Art. 22);
• Right to lodge a complaint with the competent supervisory authority.

10.4. For users in Australia (Privacy Act 1988):

• Right to access and correct personal data (APPs 12 and 13);
• Right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, the data subject should contact us at support@astrologyapp.net. Requests will be fulfilled within the legally applicable timeframes (15 days under the LGPD, 30 days under the GDPR and the Privacy Act).

11. Children’s and Minors’ Data

Astrology App is not directed at children and does not intentionally collect data from minors in violation of applicable legislation:

• Australia: children under 15 years of age should not use the platform without parental consent;
• Brazil: children under 16 years of age should not use the platform; those between 16 and 18 require assistance from a legal representative (LGPD, Art. 14);
• European Union: the minimum age varies between 13 and 16 years depending on the country (GDPR, Art. 8);
• General rule for other jurisdictions: children under 13 years of age should not use the platform.

If we become aware that data has been collected in violation of these rules, it will be promptly deleted.

12. Cookies, Analytics, and Tracking Technologies

12.1. Essential Cookies (strictly necessary — do not require consent):

• Session/authentication cookie: keeps the user logged in. Expires at the end of the session or after 14 days of inactivity;
• Language preference cookie: stores the language preference. Expires in 1 year.

12.2. Google Analytics 4 (analytics — requires consent in certain jurisdictions):

We use Google Analytics 4 to analyze platform usage and improve the user experience. GA4 collects data such as pages visited, time spent, device type, approximate geographic location, and interaction events. This data is processed by Google in the United States.

Mitigation measures adopted:

• IP anonymization when available;
• We do not collect detailed demographic data or enable remarketing features;
• Data retention period set to 14 months in GA4.

The user may opt out of Google Analytics collection through:

• Cookie consent banner displayed on first access (mandatory for users in the EU/EEA and Brazil);
• Google Analytics Opt-out browser extension;
• Browser privacy settings.

12.3.

We do not use advertising, remarketing, or third-party tracking cookies beyond Google Analytics 4.

13. Security Incidents (Data Breach)

In the event of a security incident (data breach) that may pose a risk to data subjects, Astrology App will:

• In Australia: notify the Office of the Australian Information Commissioner (OAIC) and affected data subjects in accordance with the Notifiable Data Breaches (NDB) scheme of the Privacy Act 1988;
• In Brazil: notify the National Data Protection Authority (ANPD) and affected data subjects in accordance with Article 48 of the LGPD;
• In the EU/EEA: notify the competent supervisory authority within 72 hours and affected data subjects, where there is a high risk, in accordance with Articles 33 and 34 of the GDPR;
• Adopt immediate technical measures to contain and remediate the incident;
• Inform data subjects about the nature of the compromised data, the risks involved, and the measures adopted.

14. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in data processing practices or applicable legislation. Substantial changes will be communicated through:

• Email notification to the registered email address;
• Push notification or in-app banner;
• Update of the “last updated” date on this page.

Where required by law, we will request renewed consent from the user before applying changes that significantly affect the processing of their data.

15. Applicable Law

This Privacy Policy is primarily governed by the Australian Privacy Act 1988, without prejudice to the application of the following legislation where relevant:

• General Data Protection Law — LGPD (Law No. 13,709/2018) — for users located in Brazil;
• General Data Protection Regulation — GDPR (Regulation EU 2016/679) — for users located in the European Union / European Economic Area;
• Other local personal data protection legislation applicable in the user’s jurisdiction.

16. Contact

For questions, requests, or complaints regarding the processing of your personal data:

• Privacy Officer / Data Protection Officer (DPO): Nowalls Analytics Pty Ltd
• Email: support@astrologyapp.net
• Address: 16 Carlingford Court, Warner QLD 4500, Australia

Competent authorities for complaints:

• Australia: Office of the Australian Information Commissioner (OAIC) — www.oaic.gov.au
• Brazil: National Data Protection Authority (ANPD) — www.gov.br/anpd
• European Union: Supervisory authority of the user’s country of residence.