Last updated

9 May 2026

1. Controller

The controller responsible for data processing in connection with Zodiacally is Aleks Paramonov, Grandweg 162, 22529 Hamburg, Germany, support@zodiacally.com. No data protection officer has been appointed because this is currently not required for this offer.

2. What data we process

Depending on how you use Zodiacally, we may process the following data:

  • birth data entered by you, such as date of birth, optional birth time, birth place, optional name, language, and partner birth data for compatibility readings
  • calculated astrology data, such as planetary positions, houses, aspects, moon phase, timezone, latitude, and longitude
  • AI reading output, archive entries, mood check-in values, and profile settings stored in browser session storage during your current browser session
  • technical access data that may arise when operating the website or server, such as IP address, browser type, device data, timestamps, requested pages, error logs, and rate-limit metadata
  • consent choices stored locally in your browser, and analytics or advertising identifiers only if you consent to optional Analytics or Ads

3. Purposes and legal bases

We process personal data only for defined purposes. The relevant legal basis depends on the feature and jurisdiction.

  • providing requested readings, compatibility checks, location lookup, and app functions: Article 6(1)(b) GDPR where processing is necessary to provide the requested service
  • security, abuse prevention, debugging, rate limits, and reliable operation: Article 6(1)(f) GDPR based on our legitimate interest in secure and stable operation
  • optional Google Analytics, Google AdSense, personalized ads, advertising measurement, cookies, local storage, or consent records where legally required: Article 6(1)(a) GDPR and Section 25 TDDDG/ePrivacy consent rules
  • legal retention, compliance, or response to lawful requests: Article 6(1)(c) GDPR where applicable

4. Session storage, cookies, and consent

Profile data, reading archives, and mood check-ins are stored in browser session storage so they are available during the current browser session. They are not sold and are not intended to be permanently stored by Zodiacally.

Your consent choices are stored in browser local storage so the banner does not reappear on every page. You can change your choices at any time through the Privacy settings button.

Necessary storage is used for requested app functions, security, and consent management. Optional Analytics and Ads only load after the related consent has been given.

5. Recipients and third-party services

Your data is not sold. It is shared only where needed to provide, secure, or finance the service. Depending on configuration, recipients may include:

  • OpenAI: AI-powered interpretation of calculated chart data. Birth profile and calculated astrology data may be sent to OpenAI so the reading can be generated.
  • Hosting and infrastructure providers, currently including the providers used for frontend and backend deployments, such as Vercel and Railway.
  • OpenStreetMap/Nominatim or another geocoding provider: birth place text may be sent for latitude/longitude lookup if coordinates are not already provided.
  • Google Analytics: usage measurement only after Analytics consent and only if a measurement ID is configured.
  • Google AdSense: advertising display and ad measurement only after Ads consent. For users in the EEA, UK, and Switzerland, Google requires a Google-certified CMP with IAB TCF for AdSense ad serving.
  • Supabase is only used for profile persistence if this is explicitly enabled in configuration. By default, profile persistence is disabled.
  • Firebase Crashlytics is not currently loaded on the website. If crash reporting is introduced later, this policy will be updated before activation.

6. International transfers

Some providers may process data outside the European Economic Area, including in the United States. Where this happens, the transfer is intended to rely on an adequacy decision, standard contractual clauses, consent, or another valid transfer mechanism under GDPR, depending on the provider and configuration.

7. Storage and deletion

Browser session data remains on your device until the session ends or you delete it in your browser.

Consent choices remain in local storage until you delete them in the browser or change them through the Privacy settings button.

Server-side cache entries and rate-limit data are kept only for limited periods needed for performance, cost control, security, and abuse prevention. The backend cache is not intended as a permanent profile database.

Legal retention obligations may require longer storage in individual cases.

8. Google Analytics and Google AdSense

Google Analytics and Google AdSense are optional. They do not load before consent through the Zodiacally consent banner. If Analytics is enabled, Google Analytics 4 may process usage data such as page views, events, approximate location, device and browser information. If Ads are enabled, Google AdSense may process data for ad delivery, fraud prevention, frequency capping, ad measurement, and, where consented, personalization.

Google Analytics 4 states that it does not log or store individual IP addresses. Google may nevertheless process data as an independent provider according to its own terms and privacy information.

9. Data security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access. This includes data-minimizing processing, public/private key separation, server-side AI calls, access restrictions, and securing the technical infrastructure.

10. Your rights

Subject to the applicable legal requirements, you may request access, rectification, erasure, restriction of processing, data portability, and objection to processing. Where processing is based on consent, you may withdraw consent at any time with effect for the future.

You also have the right to lodge a complaint with a competent data protection supervisory authority. For Hamburg, this is the Hamburg Commissioner for Data Protection and Freedom of Information.

If you have questions about privacy or would like to exercise your rights, please use the contact address listed above.

11. Automated decision-making

Zodiacally may use automated calculations and AI-generated text to create astrology readings. These readings are for entertainment and self-reflection only and do not produce legal effects or similarly significant decisions about you within the meaning of Article 22 GDPR.

12. Requirement to provide data

You are not legally required to provide birth data. Without birth data, Zodiacally cannot create a personalized chart-based reading. Without consent where consent is required, optional advertising or analytics functions may be unavailable or limited.

13. Changes to this privacy policy

We may update this privacy policy if features, third-party services, deployment providers, or legal requirements change. The version published on this page shall apply in each case.