Privacy Policy
Last updated: 28 February 2026
Developer note: Replace the placeholder legal name and contact email in Section 1 and Section 8 before launching to EU users. GDPR Art.13(1)(a) requires the full identity of the data controller.
1. Who We Are
Ourania is operated by [PLACEHOLDER: Legal entity name, registered address] (“we”, “us”, “our”). We are the data controller responsible for the personal data you provide when using this platform.
We are not required to appoint a Data Protection Officer at this stage but you may contact us about data matters at the address in Section 8 below.
2. Data We Collect
We collect only the data necessary to provide the service:
- •Account data: Your email address, first name, and last name — collected when you register.
- •Birth data: Date of birth, time of birth, birth city, birth country, latitude, and longitude. This information is required to calculate your natal astrological chart and is the core data this service processes.
- •Chart data: Computed natal chart output — planet positions, house cusps, and aspects — derived from your birth data.
- •Session data: A session token stored in an httpOnly cookie. This token is not accessible to JavaScript and is used solely to keep you logged in.
- •Audit data: Your IP address, browser user-agent string, and the type of action performed (e.g. “login”, “logout”, “signup”). No sensitive personal information is stored in audit log detail fields.
3. Why We Use Your Data and Our Lawful Basis
| Purpose | Data used | Lawful basis (GDPR Art.6) |
|---|---|---|
| Create and manage your account | Email, name, password hash | Art.6(1)(b) — performance of a contract |
| Calculate your natal astrological chart | Birth date, time, location | Art.6(1)(b) — performance of a contract (birth data is required for the core service; it is not used for profiling or advertising) |
| Security and fraud prevention (audit logging) | IP address, user-agent, action type | Art.6(1)(f) — legitimate interest (protecting users and the platform from unauthorised access) |
| Analytics (if you consent) | Usage patterns | Art.6(1)(a) — consent (you may withdraw at any time via the cookie banner) |
4. Who We Share Your Data With
We do not sell, rent, or share your personal data with any third parties. Specifically:
- •No analytics vendors (e.g. Google Analytics) are active until you give explicit consent.
- •No advertising networks have access to your data.
- •All data is processed on our own servers. No data is transferred outside the European Economic Area (EEA) without adequate protection.
We may disclose data if required to do so by law or in response to valid legal process.
5. How Long We Keep Your Data
- •Account and birth data: Retained for as long as your account is active. When you delete your account, your personal data (email, name, birth data) is overwritten immediately and cannot be recovered.
- •Audit log entries: Retained for 30 days from the date of the event. Entries older than 30 days are automatically deleted. After account deletion, any remaining audit log entries for your account contain only a pseudonymous identifier (no name or email).
- •Session tokens: Expire after 7 days of inactivity. Signing out invalidates the token immediately.
6. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
- •Art.15 — Right of access: You can request a copy of all personal data we hold about you.
- •Art.17 — Right to erasure (“right to be forgotten”): You can delete your account at any time from the account settings page. This permanently removes your personal data from our systems.
- •Art.20 — Right to data portability: You can export all of your data as a JSON file from the account settings page.
- •Art.21 — Right to object: You can object to processing based on our legitimate interest (audit logging). Contact us at the address in Section 8 to exercise this right.
- •Right to withdraw consent: If you have consented to analytics or marketing cookies, you can withdraw that consent at any time by clicking the “Privacy Policy” link at the bottom of any page and adjusting your preferences. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.
- •Right to lodge a complaint: You have the right to complain to your national data protection authority. In the UK this is the Information Commissioner's Office (ICO). In France it is the CNIL. In Germany it is the BfDI.
7. Cookies and Local Storage
| Name | Type | Purpose | Expiry |
|---|---|---|---|
| session_token | Cookie (httpOnly, Necessary) | Keeps you logged in. Not accessible to JavaScript. | 7 days |
| ourania_consent | localStorage (Necessary) | Stores your cookie consent preferences so the banner does not reappear on every visit. | Persistent |
No analytics or marketing cookies are set until you give explicit consent via the cookie banner. You can change your preferences at any time by clearing the ourania_consent key from your browser's Local Storage and refreshing the page.
8. Contact Us
To exercise any of your rights or to ask questions about this privacy policy, please contact:
Data Controller: [PLACEHOLDER: Legal entity name]
Email: [PLACEHOLDER: [email protected]]
We will respond to all data subject requests within 30 days in accordance with GDPR Art.12.
9. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the revised policy.
© 2026 Ourania · Home