Astratelier

Legal

Privacy Policy

Last updated: 16 June 2026

This Privacy Policy explains how Astratelier (“Astratelier”, “we”, “us”) collects, uses, and protects your personal data when you use our website and services at astratelier.ai (the “Service”). We act as the data controller for the personal data described below. We are committed to processing your data lawfully and transparently, in line with the EU General Data Protection Regulation (GDPR) and applicable law.

1. Data we collect

We collect only what we need to provide your readings:

  • Account details — your email address and, optionally, your name.
  • Birth data — the birth date, time, and place you enter, and the geographic coordinates derived from that place. We use this solely to calculate your astrological chart and transits.
  • Payment information — handled by our payment processor, Stripe. We do not see or store your card details; we keep only a Stripe customer reference and your subscription status.
  • Generated content — the charts, readings, transits, and chat conversations (with our “Astra” assistant) created for your account.
  • Technical data — authentication cookies/session tokens and basic server logs needed to keep the Service secure and working.

2. How we use your data and our legal bases

  • To provide the Service — calculating and displaying your chart, readings, transits, and powering Astra (legal basis: performance of our contract with you).
  • To manage your account and subscription, including billing and sending essential service emails such as sign-in links (contract).
  • To secure, maintain, and improve the Service and prevent abuse (legitimate interests).
  • To comply with legal obligations (e.g. tax and accounting).

We do not sell your personal data, and we do not use it for third-party advertising.

3. AI processing

Your readings and chat replies are generated using large language models provided by Anthropic and, where applicable, OpenAI or Google. To produce a response, we send the relevant chart or transit context to these providers. We use their business/API services, under which your data is not used to train their public models. We never send your payment details to these providers.

4. Service providers

We share data with a small number of processors who help us run the Service, each only to the extent needed:

  • Supabase — database, authentication, and data storage.
  • Vercel — website hosting and delivery.
  • n8n Cloud — backend workflow processing.
  • Stripe — payment processing and subscriptions.
  • Anthropic, OpenAI, Google — AI text generation.
  • FreeAstroAPI — astronomical (ephemeris) calculations.
  • Geoapify — converting your birth place into coordinates.
  • Resend — sending transactional emails.

5. International transfers

Some of these providers are located outside the European Economic Area (e.g. in the United States). Where data is transferred internationally, it is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

6. Data retention

We keep your account and chart data for as long as your account is active. You can ask us to delete your account and associated data at any time, after which we will erase it except where we are legally required to retain certain records (for example, billing records).

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time, without affecting prior processing.

To exercise any of these rights, contact us at privacy@astratelier.ai. You also have the right to lodge a complaint with your local data protection authority (in Italy, the Garante per la protezione dei dati personali).

8. Cookies

We use only essential cookies, primarily to keep you signed in. We do not use third-party advertising cookies. If we add analytics in the future, we will update this policy and request consent where required.

9. Security

We protect your data with encryption in transit, access controls, and trusted infrastructure providers. No method of transmission or storage is completely secure, but we work to safeguard your information and to notify you of any breach where the law requires.

10. Children

The Service is intended for adults and is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us data, please contact us and we will remove it.

11. Changes to this policy

We may update this policy from time to time. We will post the new version here with a revised “last updated” date, and notify you of material changes where appropriate.

12. Contact

Questions about this policy or your data? Email privacy@astratelier.ai.