Privacy Policy

Last updated: 13 May 2026

This Privacy Policy explains how Aura Digital EOOD ("we", "us", "AstroAIgent") collects, uses, and protects personal data when you use the AstroAIgent mobile application and the associated website at astroaigent.com (together, the "Service"). It is written to comply with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and the Bulgarian Personal Data Protection Act.

1. Who we are

The data controller is:

We have not appointed a Data Protection Officer because the scale of our processing does not require one under Art. 37 GDPR. The email above reaches the person responsible for privacy matters.

2. What we collect

We process the following categories of data:

• Account data: email address, name (optional), and a hashed password. Provided by you at sign-up.
• Birth data: date, time, and place of birth, used to compute your natal chart. This is the core input of the Service. You may also enter the same data for companions (partners, friends, family) so the AI can reference their charts.
• Chat content: messages you send to the AI and the AI's responses, stored so you can revisit them later.
• Memory facts: short notes the AI extracts from your chats ("you're considering a career change", "your daughter's birthday is in July") so future conversations stay grounded. You can view and delete them under Settings → AI Memory.
• Attachments: images and documents you upload to a chat. Stored only for the duration of that conversation.
• Usage metadata: sign-in timestamps, IP address (truncated for analytics), device user agent, error logs.
• Billing data (once paid plans launch): processed by our payment provider; we receive only a transaction reference and subscription status, never card numbers.

We do not collect location data, contact lists, biometrics, or any special category data under Art. 9 GDPR. You may use the Service anonymously beyond the email + birth data minimum.

3. Why we process it (legal basis)

• Contract (Art. 6(1)(b)): we need your account and birth data to deliver the Service you signed up for — computing your chart, running daily horoscopes, answering chat questions.
• Consent (Art. 6(1)(a)): for memory facts and companion charts, which are convenience features you can disable or delete at any time.
• Legitimate interest (Art. 6(1)(f)): security logging, abuse prevention, and aggregated usage analytics — all pseudonymised so individual users are not identifiable.
• Legal obligation (Art. 6(1)(c)): retention of invoicing data for accounting (10 years under Bulgarian law).

4. Who we share it with (sub-processors)

We do not sell personal data. The Service relies on the following sub-processors, each under a Data Processing Agreement:

• Anthropic, PBC (United States) — runs the AI models that generate horoscopes and chat replies. We send the content of your prompt (your chart plus your message) over TLS. Anthropic states it does not train on API traffic.
• Hostinger International Ltd. (Lithuania / EU) — hosts the marketing site and provides outbound SMTP for transactional emails (password resets, billing receipts).
• Cloudflare, Inc. (United States) — DNS, CDN, and DDoS protection. May see IP addresses and request metadata.
• myPos AD (Bulgaria) — processes subscription payments once paid plans are enabled. They are an independent controller for card and transaction data.
• Our own VPS (located in the EU) — runs the backend API and PostgreSQL database where your account, birth data, chats, and memory facts are stored.

5. International transfers

Transfers to Anthropic and Cloudflare leave the EEA. We rely on the EU-U.S. Data Privacy Framework where the recipient is certified, or the European Commission's Standard Contractual Clauses otherwise. On request we will share the relevant agreement.

6. How long we keep it

• Account, profile, chats, memory facts: until you delete your account, plus 30 days in backups before they roll off.
• Server logs: 14 days.
• Invoicing data (when applicable): 10 years per Bulgarian accounting law.

You can delete your entire account from Settings → Delete account. The deletion is permanent and immediate; backups containing the deleted data are overwritten within 30 days.

7. Your rights

Under GDPR you have the right to:

• Access a copy of the data we hold about you.
• Rectify inaccurate data — for the most part directly editable in the app; otherwise email us.
• Erase your data (see "Delete account" above, or email us if the in-app flow does not cover your case).
• Restrict or object to processing based on legitimate interest.
• Data portability — request a machine-readable export of your profile, chats, and memory.
• Withdraw consent at any time without affecting lawfulness of prior processing.

Send any request to [email protected]. We respond within 30 days. If you believe we have mishandled your data, you can complain to the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни, cpdp.bg).

8. Cookies and similar technologies

The marketing site uses only strictly necessary cookies (session, CSRF, language preference). We do not use third-party tracking cookies or advertising pixels. The mobile app uses platform-level local storage for sign-in tokens and preferences; this is not accessible to third parties.

9. Children

The Service is not directed at children under 16. We do not knowingly collect data from anyone below that age. If you believe a minor has created an account, contact us and we will delete it.

10. Security

We hash passwords with Argon2id, encrypt traffic in transit with TLS 1.2+, run the backend on a hardened EU-located VPS behind a firewall, take daily encrypted database backups, and limit access to production credentials to authorised maintainers only. No system is perfectly secure, but these are the controls we operate today.

11. Changes to this policy

We may update this Policy when the Service changes (new sub-processor, new feature, new legal requirement). Material changes will be flagged in-app and on this page; the "Last updated" date at the top of this document always reflects the current version.

12. Contact

Privacy questions, requests, or complaints: [email protected].

← AstroAIgent