ASTRO AI PRIVACY POLICY
PRIVACY POLICY
Effective Date: November 15, 2025
Version: 1.0
INTRODUCTION
Welcome to Astro Transit AI. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Effective Date" of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.
1. INFORMATION WE COLLECT
1.1 Personal Information You Provide
When you create a profile in Astro Transit AI, we collect the following information:
• Name: Your name or profile name
• Birth Information: Birth date, birth time, birth location (city, country, geographic coordinates, timezone)
• Current Location: Current city, country, geographic coordinates, and timezone
• Optional Information: Profile notes, avatar image URL
• Account Information: If you create an account, we collect your email address and securely hashed password
1.2 Automatically Collected Information
When you use our application, we automatically collect:
• Profile Metadata: Creation timestamps, last update timestamps, version numbers
• Session Data: Authentication tokens, session identifiers (for both authenticated and guest users)
• Device Storage: Local cache of your profiles and preferences stored on your device
• Guest Session IDs: Unique identifiers for users who use the app without creating an account
1.3 Location Data
We collect precise geographic coordinates (latitude and longitude) for:
• Your birth location to calculate accurate astrological charts
• Your current location for calculating current transits
• City search functionality using the GeoNames geographic database
Location data is only collected when you explicitly enter or search for a location. We do not track your device location automatically.
1.4 Astronomical and Astrological Data
We process your birth information to calculate:
• Planetary positions at the time and location of your birth
• Astrological house cusps and placements
• Current planetary transits
• Aspects between natal and transiting planets
This calculated astronomical data is stored in our database and may be sent to third-party AI services for generating personalized astrological interpretations.
2. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
2.1 Core Functionality
• Calculate accurate astrological birth charts based on your birth information
• Generate current transit calculations using astronomical algorithms
• Provide personalized astrological insights and predictions
• Store and manage multiple user profiles
• Synchronize your data across devices when you're signed in
2.2 AI-Powered Features
• Send your astronomical data to Google Gemini 2.5 Flash API to generate personalized astrological interpretations
• Create daily transit summaries and insights
• Generate planetary overview analyses and house insights
• Provide practical guidance based on current astrological transits
2.3 Account Management
• Authenticate your identity and maintain your session
• Link guest profiles to your account when you sign up or sign in
• Send password reset emails when requested
• Maintain data security and prevent unauthorized access
2.4 Service Improvement
• Cache frequently requested AI-generated summaries to improve performance
• Optimize database queries and synchronization
• Ensure data integrity across local and remote storage
3. DATA STORAGE AND SECURITY
3.1 Database Storage
All user data is stored in a Supabase PostgreSQL database with the following security measures:
• Row Level Security (RLS): Database policies ensure users can only access their own data
• Encrypted Connections: All data transmission uses TLS/SSL encryption
• Authentication: Secure token-based authentication using Supabase Auth
• User Isolation: Authenticated user data is isolated by user ID
• Guest Isolation: Guest user data is isolated by unique session identifiers
3.2 Local Storage
For performance and offline functionality, we cache data locally on your device:
• Mobile Devices: Data is stored using React Native AsyncStorage
• Web Browsers: Data is stored using browser localStorage
• Cached Data: Includes your profiles, preferences, and recent AI-generated insights
• Security: Local data is accessible only to the application on your device
3.3 Data Synchronization
When you create an account:
• Guest profiles are automatically linked to your authenticated account
• Data synchronizes between local storage and our remote database
• Conflicting changes are resolved using timestamps (most recent update wins)
• Deleted profiles are marked with soft delete flags rather than immediate removal
3.4 Session Security
• Authentication Tokens: Stored securely with automatic refresh
• Session Persistence: Sessions persist across app restarts for convenience
• Guest Sessions: Temporary session IDs allow app usage without account creation
• Secure Logout: Sign out clears all session data and authentication tokens
4. THIRD-PARTY SERVICES AND DATA SHARING
4.1 Google Gemini AI (Generative Language API)
We use Google's Gemini 2.5 Flash API to generate astrological interpretations. When you request AI insights, we send:
• Transit aspects (planetary relationships and angles)
• House placements (which astrological house planets occupy)
• Planetary positions (zodiac signs and degrees)
• Selected date and timezone
• Your preferred language
• Optional: Your profile name for personalization
Google's Privacy Policy: https://policies.google.com/privacy
Data Processing: Google processes this data to generate astrological text summaries. We do not send personally identifiable information like email addresses or exact birth dates to Google AI.
4.2 GeoNames Geographic Database
We use the GeoNames API to provide city search functionality. When you search for a location:
• Your search query is sent to GeoNames API (via our proxy server)
• GeoNames returns city names, countries, and geographic coordinates
• Search results are cached locally to reduce API calls
GeoNames Privacy: http://www.geonames.org/
Data Minimization: Only city search queries are sent; no profile data is shared with GeoNames.
4.3 Supabase
We use Supabase as our backend infrastructure provider for:
• Authentication: Email/password authentication and session management
• Database: PostgreSQL database with Row Level Security
• Edge Functions: Serverless functions for AI integration and data processing
• Storage: Secure data storage with automatic backups
Supabase Privacy Policy: https://supabase.com/privacy
Data Location: Supabase servers are located at: https://desvzzrmzglxfbdfwlpr.supabase.co
4.4 No Third-Party Advertising or Analytics
We do not currently use:
• Third-party analytics services (Google Analytics, Mixpanel, etc.)
• Advertising networks or tracking pixels
• Social media tracking or integration
• Third-party cookies for tracking purposes
4.5 Data Sharing Limitations
We do not sell, rent, or trade your personal information to third parties. Data is only shared with service providers listed above for the sole purpose of delivering app functionality.
5. AUTHENTICATION AND ACCOUNT MANAGEMENT
5.1 Account Creation
When you create an account:
• You provide an email address and password
• Password is securely hashed (never stored in plain text)
• Email confirmation is not currently required
• Guest profiles created before sign-up are automatically linked to your account
5.2 Guest Mode
You can use the app without creating an account:
• A unique guest session ID is generated for your device
• Guest profiles are stored locally and in our database with the guest session ID
• Guest data is not linked to any email or personal identifier
• Guest profiles are marked as temporary and can be linked to an account later
5.3 Password Management
• Password Reset: Available via email link (sent to your registered email address)
• Password Update: Can be changed from account settings when signed in
• Security: All password operations use Supabase Auth's secure infrastructure
5.4 Session Management
• Sessions persist across app restarts for convenience
• Automatic token refresh keeps you signed in securely
• Session validation occurs on app startup
• Invalid or expired sessions are automatically cleared
6. USER RIGHTS AND DATA CONTROL
6.1 Access and Management
You have the right to:
• View: Access all your profile data at any time through the app
• Create: Add multiple birth chart profiles
• Update: Edit profile information, birth details, and location data
• Delete: Remove individual profiles from your account
• Set Main Profile: Designate your primary profile for quick access
6.2 Data Portability
Currently, data export functionality is not available. We are considering adding this feature in future updates. If you need your data, please contact us using the information in Section 12.
6.3 Account Deletion
To delete your account and all associated data:
1. Sign out of the app
2. Contact us at the email address in Section 12
3. We will permanently delete your account and all associated profiles within 30 days
Note: Deleted profiles are first soft-deleted (marked as deleted) before permanent removal to allow for accidental deletion recovery within a limited time period.
6.4 GDPR Rights (EU Users)
If you are located in the European Union, you have additional rights under GDPR:
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
6.5 CCPA Rights (California Residents)
If you are a California resident, you have rights under CCPA:
• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (Note: We do not sell personal information)
• Right to access your personal information
• Right to equal service and price (no discrimination for exercising your rights)
• Right to deletion of personal information
7. DATA RETENTION AND DELETION
7.1 Active Profiles
• Profiles are retained indefinitely while your account remains active
• You can delete individual profiles at any time
• Profile data is synchronized between local storage and remote database
7.2 Deleted Profiles
• Deleted profiles are marked with a soft delete flag (deleted_at timestamp)
• Soft-deleted profiles remain in the database for 30 days to allow recovery
• After 30 days, soft-deleted profiles are permanently removed
• Deletion is propagated to all linked devices upon synchronization
7.3 Cached AI Summaries
• AI-generated transit summaries are cached in our database for performance
• Cached summaries are retained for 30 days from generation date
• Old cached summaries are automatically purged to save storage
7.4 Session Data
• Authenticated Sessions: Retained until you sign out or token expires
• Guest Sessions: Retained for 90 days of inactivity, then purged
• Authentication Tokens: Automatically refreshed; invalid tokens are cleared
7.5 Database Backups
• Supabase maintains automated database backups
• Backup retention follows Supabase's standard policies
• Backups may retain deleted data for disaster recovery purposes
7.6 Account Closure
When you request account deletion:
• All profiles are immediately marked as deleted
• Account data is permanently removed within 30 days
• Local cached data should be cleared by uninstalling the app
• Backup data follows Supabase's retention schedule
8. COOKIES AND TRACKING TECHNOLOGIES
8.1 Essential Cookies
We use essential cookies and similar technologies for:
• Authentication: Session tokens to keep you signed in
• Preferences: Language selection and app settings
• Security: CSRF protection and session validation
8.2 Local Storage
We use browser localStorage (web) and AsyncStorage (mobile) for:
• Caching profile data for offline access
• Storing user preferences and settings
• Managing guest session identifiers
• Synchronization state tracking
8.3 No Third-Party Tracking
We do not use:
• Advertising cookies
• Third-party tracking pixels
• Cross-site tracking cookies
• Social media tracking cookies
• Analytics cookies (Google Analytics, etc.)
8.4 Do Not Track
Our application does not currently respond to Do Not Track (DNT) signals as we do not track users across websites or apps.
9. INTERNATIONAL DATA TRANSFERS
9.1 Data Storage Location
• Primary data storage is provided by Supabase
• Supabase servers are hosted at: https://desvzzrmzglxfbdfwlpr.supabase.co
• Server location may include data centers in the United States or other regions
9.2 Transfer Safeguards
When data is transferred internationally:
• All transfers use encrypted connections (TLS/SSL)
• Supabase complies with GDPR and international data protection regulations
• Standard contractual clauses are used where required
• Data processing agreements are in place with all service providers
9.3 EU-US Data Transfers
For transfers from the EU to the US:
• We rely on Supabase's compliance with applicable data transfer frameworks
• Users can request information about specific safeguards by contacting us
10. CHILDREN'S PRIVACY
10.1 Age Restrictions
Astro Transit AI is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.
10.2 Birth Charts for Minors
• Parents or legal guardians may create birth chart profiles for their minor children
• The account holder must be of legal age to create an account
• Birth information for minors is treated with the same privacy protections as adult data
10.3 Parental Consent
If you are a parent or guardian and believe your child has provided personal information without your consent, please contact us immediately, and we will delete such information.
10.4 COPPA Compliance
We comply with the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulations in other jurisdictions.
11. CHANGES TO THIS PRIVACY POLICY
11.1 Policy Updates
We may update this Privacy Policy from time to time. Changes will be indicated by:
• Updated "Effective Date" at the top of this policy
• Updated "Version" number
• Notification within the app (for material changes)
• Email notification to registered users (for significant changes)
11.2 Your Continued Use
Your continued use of the app after any changes to this Privacy Policy constitutes your acceptance of such changes. If you do not agree with the updated policy, please discontinue use of the app and contact us to delete your account.
11.3 Review Obligation
You are responsible for periodically reviewing this Privacy Policy to stay informed about how we protect your information.
12. CONTACT INFORMATION
If you have questions or concerns about this Privacy Policy, please contact us:
Email: [Your Contact Email]
App Name: Astro Transit AI
App Identifier (iOS): com.cbeeapps.aiastrology
App Identifier (Android): com.cbeeapps.aiastrology
Developer/Company: [Your Company Name]
Address: [Your Business Address]
For privacy-specific inquiries, please use the subject line: "Privacy Policy Inquiry - Astro Transit AI"
We will respond to all legitimate requests within 30 days.
13. LEGAL COMPLIANCE AND JURISDICTION
13.1 Governing Law
This Privacy Policy is governed by the laws of [Your Jurisdiction], without regard to its conflict of law provisions.
13.2 Dispute Resolution
Any disputes arising from this Privacy Policy or your use of the app shall be resolved through:
1. Good faith negotiation between parties
2. Mediation (if negotiation fails)
3. Binding arbitration or litigation in [Your Jurisdiction]
13.3 Regulatory Compliance
We comply with:
• General Data Protection Regulation (GDPR) for EU users
• California Consumer Privacy Act (CCPA) for California residents
• Children's Online Privacy Protection Act (COPPA)
• Other applicable data protection and privacy laws
13.4 Data Controller
The data controller responsible for your personal information is:
Name: Cbeeapps
Contact: cbeeapps@gmail.com
13.5 Astrological Services Disclaimer
Astro Transit AI provides astrological interpretations and insights for entertainment and personal reflection purposes. Astrological information should not be considered as:
• Medical, legal, or financial advice
• A substitute for professional consultation
• Scientifically proven predictions or facts
You use astrological insights at your own discretion and risk.
14. SECURITY MEASURES
14.1 Data Protection
We implement industry-standard security measures to protect your data:
• Encryption in Transit: All data transmission uses TLS/SSL encryption
• Encryption at Rest: Database encryption provided by Supabase
• Access Controls: Row Level Security policies restrict data access
• Authentication Security: Secure token-based authentication with automatic refresh
• Password Hashing: Passwords are hashed using industry-standard algorithms
14.2 Security Limitations
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
14.3 Your Responsibility
You are responsible for:
• Maintaining the confidentiality of your account password
• Restricting access to your device
• Notifying us immediately of any unauthorized access to your account
14.4 Data Breach Notification
In the event of a data breach that compromises your personal information:
• We will investigate the incident promptly
• You will be notified within 72 hours (or as required by applicable law)
• We will take steps to mitigate harm and prevent future breaches
• Regulatory authorities will be notified as required by law
15. CONSENT AND ACCEPTANCE
By using Astro Transit AI, you consent to:
• The collection and use of information as described in this Privacy Policy
• The processing of your data by third-party service providers listed herein
• The transfer of your data internationally as necessary for app functionality
• Receiving transactional emails related to account management and password resets
You may withdraw consent at any time by:
• Deleting your profiles or account
• Contacting us to request data deletion
• Ceasing to use the application
================================================================================
Last Updated: November 15, 2025
Version: 1.0
Effective Date: November 15, 2025
================================================================================
APPENDIX: DATA PROCESSING DETAILS
TYPES OF DATA COLLECTED
Data Type Purpose Storage Location Retention Period
------------------------------------------------------------------------------------------
Name Profile identification Supabase DB + Local Until deletion
Birth Date/Time Chart calculations Supabase DB + Local Until deletion
Birth Location Chart calculations Supabase DB + Local Until deletion
Current Location Transit calculations Supabase DB + Local Until deletion
Email Authentication Supabase Auth Until account deletion
Password (hashed) Authentication Supabase Auth Until account deletion
Guest Session ID Guest user tracking Supabase DB + Local 90 days inactivity
AI Summaries Performance caching Supabase DB 30 days
Session Tokens Authentication state Local Storage Until logout
THIRD-PARTY DATA PROCESSORS
Service Purpose Data Shared Privacy Policy
------------------------------------------------------------------------------------------
Supabase Database, Auth, Functions All profile data, email https://supabase.com/privacy
Google Gemini AI AI insights generation Astronomical data, date https://policies.google.com/privacy
GeoNames City search Search queries http://www.geonames.org/
USER RIGHTS BY JURISDICTION
Right GDPR (EU) CCPA (CA) General Users
------------------------------------------------------------------------------------------
Access Data Yes Yes Yes
Correct Data Yes Yes Yes
Delete Data Yes Yes Yes
Data Portability Yes No Planned
Opt-out of Sale N/A Yes N/A
Withdraw Consent Yes Yes Yes
================================================================================