Privacy Policy

Last updated: March 2026

1. Information We Collect

Account Information: Email address, name (optional), zodiac sign (optional), birth date (optional).

Reading Data: Your questions, card draws, and reading history to personalize your experience.

Payment Data: Processed securely by Stripe. We do not store your credit card information.

Usage Data: Pages visited, features used, and interaction patterns to improve our service.

2. How We Use Your Data

  • Generate personalized readings and horoscopes
  • Track your spiritual journey across sessions
  • Send reading deliveries and account notifications
  • Improve Luna's reading quality and accuracy

3. AI Processing

Your questions and context are processed by AI models (Anthropic Claude) to generate readings. Reading text (first 500 characters) is stored for quality improvement. Full questions and responses are processed in memory and not permanently stored in raw form.

4. Data Sharing

We do not sell your personal data. Data is shared only with:

  • Stripe — payment processing
  • Anthropic — AI reading generation (anonymized)
  • ElevenLabs / Hedra — voice and video generation for avatar readings (anonymized)

5. Data Retention

Account data is retained while your account is active. Reading history is stored indefinitely to enable pattern tracking. You may request deletion of your data at any time.

6. Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

  • Consent (Art. 6(1)(a)): You provide consent when creating an account, opting into communications, and choosing to share optional profile information (zodiac sign, birth date).
  • Contract Performance (Art. 6(1)(b)): Processing is necessary to deliver the services you subscribe to — readings, grimoire, horoscopes, and account management.
  • Legitimate Interest (Art. 6(1)(f)): We process usage data and reading patterns to improve service quality, prevent fraud, and ensure platform security. You may object to this processing at any time.

7. Your Rights (EU/EEA Residents)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of Access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data (right to be forgotten).
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Restrict Processing (Art. 18): Request limitation of how we process your data.
  • Right to Object (Art. 21): Object to processing based on legitimate interest at any time.
  • Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority in your country of residence if you believe your data is being processed unlawfully.

8. International Data Transfers

Your data may be transferred to and processed in the United States, where our servers and third-party processors (Stripe, Anthropic) are located. We ensure appropriate safeguards are in place in accordance with GDPR requirements.

9. Security

We use industry-standard encryption, secure authentication, and password hashing (PBKDF2-SHA256) to protect your data.

Back to Home