Privacy Policy

1. Data controller

The data controller is [COMPANY_NAME], [LEGAL_FORM], registered under number [REGISTRATION_NUMBER], with registered office at [FULL_ADDRESS].

For privacy questions, you can write to [PRIVACY_CONTACT_EMAIL]. Where a data protection officer is required or voluntarily appointed, the DPO contact is [DPO_NAME] - [DPO_EMAIL].

2. Data we collect

We collect only the data needed for the purposes described in this policy. Some information is provided directly by you; other information is generated automatically when you use the service.

• Account and identity data: name, first name, email address, encrypted password, language, preferences, verification status and login history.
• Consultation data: selected theme, question, voluntarily provided context, birth data where needed for astrology or numerology, date, time and place of birth when provided.
• Payment and billing data: selected plan, invoices, payment status, transaction identifiers and limited information transmitted by the payment provider. Full card numbers are not stored by the service.
• Technical data: IP address, session identifiers, security logs, device, browser, visited pages, technical errors, cookies and trackers according to your choices.
• Support and communication data: support messages, refund requests, rights requests, marketing preferences and consent records.

3. Sensitive data and spiritual content

Your questions, beliefs, spiritual interests or personal life details may reveal very personal information, and in some cases sensitive data under the GDPR where they make it possible to infer religious or philosophical beliefs, health information or other protected aspects of private life.

Please do not send unnecessary, excessive or third-party information. Where sensitive data processing is needed because you voluntarily provide it in a consultation, it is based on your explicit consent, which you may withdraw for the future by contacting us or using available settings.

4. Purposes and legal bases

Each processing activity has a defined purpose and legal basis.

• Create and secure your account: contract performance, legitimate security interests and legal obligations.
• Provide AI consultations, personalize answers and keep your history if you choose to do so: contract performance and, for voluntarily provided sensitive information, explicit consent.
• Manage payments, subscriptions, invoices, refunds and accounting obligations: contract performance and legal obligation.
• Respond to support, complaints and rights requests: contract performance, legal obligation and legitimate customer relationship follow-up.
• Improve the service, fix errors, prevent fraud and ensure security: legitimate interest, subject to your rights and freedoms.
• Send non-essential marketing communications: consent, or limited legitimate interest for similar-service communications where allowed by law and with an easy opt-out.
• Measure audience and personalize the experience with [ANALYTICS_TOOL] or an equivalent tool: consent where trackers are not strictly necessary.

5. Use of artificial intelligence

[SERVICE_NAME] uses artificial intelligence models to generate symbolic, introspective and personalized interpretations from the information you provide. The answers are not automated decisions producing legal effects concerning you or similarly significantly affecting you under the GDPR.

Results may be inaccurate, incomplete or unsuitable for certain situations. They never replace a doctor, lawyer, financial adviser, psychologist, religious adviser or any other qualified professional.

6. Recipients and processors

Your data is accessible only to people and providers who need it to operate the service, subject to appropriate confidentiality and security commitments.

• Hosting: [HOSTING_PROVIDER] ([HOSTING_COUNTRY]).
• Payment: [PAYMENT_PROVIDER].
• Email and notifications: [EMAIL_PROVIDER].
• Analytics, personalization and CRM: [ANALYTICS_TOOL], [PERSONALIZATION_TOOL], [CRM_TOOL].
• Other technical providers: [TECH_PROVIDERS].
• Administrative or judicial authorities, only where required by law or to protect our rights.

7. International transfers

Where data is transferred outside the European Union, the European Economic Area, the United Kingdom or Switzerland, we use recognized safeguards where required, such as an adequacy decision, European Commission standard contractual clauses, additional security measures or another applicable legal mechanism.

You may request further information about these safeguards using the privacy contact address.

8. Retention periods

We keep data for a period proportionate to the relevant purpose, then delete or anonymize it.

• Active account: for the duration of service use, then limited archiving for [ACCOUNT_ARCHIVE_PERIOD] after last activity or account deletion, unless otherwise required.
• Consultations and histories: until deletion by the user, account closure or expiry of the retention period configured for the service.
• Invoices, transactions and accounting records: [ACCOUNTING_RETENTION_PERIOD] where required by law.
• Technical and security logs: generally [LOG_RETENTION_PERIOD], except in case of incident, fraud or legal obligation.
• Marketing data: at most [MAX_MARKETING_PERIOD] after the last active contact, unless consent is withdrawn or objection is made earlier.

9. Cookies and trackers

Cookies strictly necessary for the site, security, authentication, cart functions or storage of your choices do not require consent. Non-exempt audience measurement cookies, non-essential personalization, advertising or social media trackers are used only with your consent where required by law.

You can manage your choices in the cookie banner and privacy settings: [PRIVACY_SETTINGS_URL].

10. Your rights

Depending on your country and applicable law, you may have rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, post-mortem instructions where French law applies, and complaint to a supervisory authority.

To exercise your rights, write to the privacy contact address or use the dedicated form. We may request reasonable proof of identity where necessary to protect your data.

• Dedicated form or space: [RIGHTS_REQUEST_FORM_URL].
• Account deletion: [ACCOUNT_DELETION_URL].
• Suggested subject for GDPR requests: [GDPR_RIGHT_REQUEST_SUBJECT].
• French supervisory authority: Commission nationale de l'informatique et des libertés (CNIL), www.cnil.fr.

11. Users outside the European Union

We aim to apply a consistent baseline of protection to all users. Additional rights may exist depending on your jurisdiction, including access, deletion, advertising opt-out, limitation of sale or sharing of data, or information about processed data categories.

Where mandatory local laws apply, they prevail over incompatible clauses in this policy. The service is not intended for children under 15 in the European Union, nor for minors who do not meet the required age in their country without valid parental authorization.

12. Security

We implement reasonable technical and organizational security measures, including password hashing, access control, logging, backups, segregation, incident monitoring and internal access limitation.

No online service is completely risk-free. In case of a personal data breach presenting a risk to your rights and freedoms, we will follow applicable notification obligations.

13. Changes

We may amend this policy to reflect service, legal or provider changes. Material changes will be communicated via [UPDATE_NOTIFICATION_CHANNEL].

For privacy questions: [PRIVACY_CONTACT_EMAIL]. For general support: [SUPPORT_EMAIL].