Back to home
DRAFT — pending legal review / ΠΡΟΣΧΕΔΙΟ — απαιτείται νομικός έλεγχος

Privacy Policy

Last updated: June 2026

1. Data Controller

Ourania is operated by Ourania, registered in Greece ("we", "us", "our"). We are the data controller responsible for the personal data you provide when using this platform.

We are not required to appoint a Data Protection Officer at this stage, but you may contact us about data matters at the address in Section 8.

2. Data We Collect

We collect only the data necessary to provide the service:

  • Account data: Email address, first name, and last name — collected when you register.
  • Birth data: Date of birth, time of birth, birth city, country, latitude, and longitude. This data is required to calculate your natal astrological chart and is the core data this service processes. It is NEVER sold or shared with third parties.
  • Push subscriptions: If you enable push notifications, a device endpoint URL is stored. No IP address or advertising identifiers are stored.
  • Audit data: Your IP address, browser user-agent, and the action type (e.g. "login", "logout"). No sensitive personal data is stored in audit log detail fields.
  • Session data: A session token stored in an httpOnly cookie. This token is not accessible to JavaScript.

3. Data Storage

Data is stored in a PostgreSQL database hosted on a server within the Greece. Cached data is stored temporarily in Redis (session tokens, rate-limit counters). We do not transfer data outside the EEA without adequate protection.

4. Data Retention

  • Account & birth data: Retained for as long as your account is active. Upon deletion, your personal data is overwritten immediately and cannot be recovered.
  • Audit log entries: Retained for 30 days from the date of the event. After account deletion, any remaining entries contain only a pseudonymous identifier — no name or email.
  • Session tokens: Expire after 7 days of inactivity. Signing out invalidates the token immediately.

5. Data Sharing

We do not sell, rent, or share your personal data — and specifically your birth data — with any third parties. Specifically:

  • No analytics vendors (e.g. Google Analytics) are active without your explicit consent.
  • No advertising networks have access to your data.
  • All data is processed on our own servers.

6. Your Rights (GDPR)

Under GDPR you have the following rights:

  • Access (Art.15): You can request a copy of all personal data we hold about you.
  • Erasure (Art.17): You can delete your account at any time from the account settings. This permanently removes your personal data.
  • Portability (Art.20): You can export all your data as a JSON file from the account settings.
  • Rectification (Art.16): You can correct inaccurate data from the profile page.
  • Object (Art.21): You can object to processing based on legitimate interest (audit logging). Contact us at Section 8.

7. Cookies & Local Storage

NameTypePurposeExpiry
session_tokenCookie (httpOnly)Keeps you logged in. Not accessible to JS.7 days
user_langlocalStorageStores language preference.Persistent

8. Contact

To exercise any of your rights or to ask questions about this policy, please contact:

Data Controller: Ourania

Email: [email protected]

We will respond to all requests within 30 days (GDPR Art.12).

© 2026 ΟΥΡΑΝΊΑ
Terms of ServiceHome