Privacy Policy
Effective Date: May 9, 2026
1. Overview
This Privacy Policy describes how CelestKin ("we", "our", "the App") collects, uses, stores, shares, and protects your personal information. We are committed to transparency and give you control over your data.
2. Data We Collect
We collect the following categories of information:
Account Data: Name, email address, and profile photo provided through your sign-in method (email or Google OAuth).
Birth Data: Name, date of birth, time of birth (optional), and birth location that you enter for chart calculations and readings. This data is stored locally on your device using encryption and, if signed in, synced to our secure cloud database.
Reading Data: Generated readings, AI analyses, compatibility reports, and cosmic digests associated with your account.
Usage Data: Reading history, selected traditions, feature interactions, preferences, language settings, screen views, and question topics.
Purchase Data: Transaction records from Google Play or Apple App Store (product ID, purchase token, subscription status). We never receive or store your payment card details.
Device & Technical Data: Device type, operating system, app version, crash reports, and performance metrics.
Waitlist Data: Email address collected when you sign up for launch notifications. This is stored separately from account data and used solely to send the launch email.
Feedback & Reports: When you submit in-app feedback, a bug report, or a content report, we collect your message, the kind of submission (general feedback, bug report, report of a reading, report of a match), any optional context you provide about the content being reported, your support ID, app version, device OS, and locale. This is used for customer support, quality improvement, and content moderation. Feedback is stored in our Supabase backend and reviewed by our admin team; we do not share it with third parties.
3. How We Use Your Data
• Generate personalized astrology readings (birth data is sent to AWS Bedrock for AI processing)
• Compute charts across 9 astrological traditions
• Maintain your reading history and saved profiles
• Generate daily and weekly cosmic digests (if subscribed)
• Manage your credit balance and subscription status
• Enable compatibility matching between profiles
• Send notifications (cosmic briefings, streak reminders, transit alerts)
• Improve the App through anonymized usage analytics
• Diagnose and fix crashes and performance issues
• Prevent fraud and enforce our Terms of Service
4. Data Sharing
We do NOT sell, rent, or trade your personal data. We share data only with the following service providers who process it on our behalf:
• Supabase — Authentication and database hosting. Row Level Security ensures only you can access your data.
• Amazon Web Services (Bedrock) — AI reading generation. Birth data is sent for processing and is subject to AWS's privacy policy. AWS does not use your data to train models.
• Sentry — Crash reporting and error monitoring. No personal birth data or readings are sent.
• Mixpanel — Anonymized usage analytics only. We send feature interactions, question topics, screen views, and language — NEVER birth data, names, readings, or chart results.
• Google Play / Apple App Store — Payment processing for credit purchases and subscriptions.
• RevenueCat — In-app purchase receipt validation and subscription lifecycle management. We share an opaque user identifier (your account UUID), the purchase product ID, and the store transaction reference. RevenueCat does NOT receive your name, birth data, readings, or payment card details — it only sees the receipt token already issued by the store. See RevenueCat's privacy policy.
All service providers are bound by their own privacy policies, data processing agreements, and applicable data protection laws.
5. Data Storage and Security
On-Device Security:
• Birth profiles and sensitive data encrypted via Flutter Secure Storage (Android Keystore / iOS Keychain)
• Local reading cache encrypted at rest
• All local data cleared on sign-out
Cloud Security:
• Postgres Row Level Security — each user can only access their own data
• All API communication over HTTPS/TLS
• Server-side JWT verification for every authenticated request
• Database queries include explicit user_id filtering as defense-in-depth
• Service-role keys restricted to server-side operations only
• AES-256-GCM encryption for stored readings
6. Data Retention
Active Accounts: Your data is retained as long as your account is active and for a reasonable period afterward to fulfill legal obligations.
Sign-Out: All local data (profiles, readings, cached charts) is immediately cleared from your device.
Account Deletion: You may delete your account from Settings → You → Delete Account. By default, deletion is scheduled with a 30-day grace period during which your account is suspended and hidden — you can sign back in any time during the grace period and tap "Cancel Deletion" to fully restore your account. You can also choose immediate deletion which skips the grace period. In both cases, all user-scoped data is purged from our active systems and fully removed from backups within 60 days of the hard-delete (30-day backup retention window). A deletion audit log is kept for compliance evidence (contains only your user ID, a reference ID, timestamps, and which tables were cleared — no personal content). Downstream services (push notifications, crash reporting, analytics) are also cleared via their respective GDPR-delete APIs. In rare cases where your account is subject to legal process (subpoena, fraud investigation), deletion may be temporarily unavailable — if this applies, the app will show a neutral "contact support" message.
Crash Logs: Automatically deleted after 90 days.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
Access: View all your data within the App (profiles, readings, history).
Correction: Edit your profiles and birth data at any time.
Deletion: Delete individual profiles, readings, or your entire account.
Export: Share readings via the built-in share feature.
Portability: Request a copy of your data by contacting us.
Restriction: Use Private Mode to prevent cloud sync.
Objection: Opt out of analytics via the "Don't save questions" toggle.
Withdrawal of Consent: Delete your account to withdraw consent for data processing.
For EU/EEA residents (GDPR): You have additional rights including the right to lodge a complaint with your local data protection authority. Our legal basis for processing is consent (account creation) and legitimate interest (service improvement).
For California residents (CCPA/CPRA): You have the right to know what data we collect, request deletion, and opt out of sale (we do not sell data). We do not discriminate against users who exercise privacy rights.
To exercise any right: [email protected]. We will respond within 30 days.
8. International Data Transfers
Your data may be processed in countries outside your jurisdiction, including the United States (AWS) and within the European Union (Supabase). These transfers are protected by standard contractual clauses, adequacy decisions, or equivalent safeguards as required by applicable law.
9. Children's Privacy
CelestKin is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If we discover we have inadvertently collected data from a child, we will promptly delete it. Parents or guardians who believe their child has provided data should contact us immediately.
10. Private Mode
CelestKin offers a Private Mode toggle. When active, readings are NOT saved to the cloud and remain only in local device memory. Local data is cleared on sign-out. Private Mode does not affect existing cloud-stored data.
11. Cookies and Tracking (Web)
The CelestKin web application uses essential cookies for authentication and session management. Analytics cookies (Mixpanel) collect anonymized usage data. No third-party advertising cookies are used. You may disable non-essential cookies through your browser settings.
12. Automated Decision-Making
CelestKin uses AI (Claude via AWS Bedrock) to generate personalized readings based on your astrological chart data. These are automated outputs for entertainment purposes. No automated decisions with legal or significant effects are made about you. You may request human review of any reading by contacting us.
13. AI Processing of Birth Data
When you generate a reading, your birth data (date, time, and location) is transmitted to Amazon Web Services Bedrock, where it is processed by Claude (an AI model made by Anthropic) to produce your personalized reading. The following applies:
• What is sent: Birth date, birth time (if provided), birth location, your name, and any specific question you ask.
• How it is processed: Data is sent over HTTPS to the AWS Bedrock API. AWS does not use your data to train AI models and does not retain prompt data beyond the duration of the API call, per AWS's data processing agreement.
• Reading storage: Generated readings are encrypted server-side using AES-256-GCM before being stored in Supabase (PostgreSQL). Only you can access your readings via Row Level Security.
• Analytics: Usage analytics are collected via Mixpanel in anonymized form. We never send birth data, names, chart results, or reading content to Mixpanel.
• Error tracking: Crash reports and errors are sent to Sentry. No birth data or reading content is included in error reports.
• Palm & body images (Palm Reading feature): When you use our Palm Reading or Body Reading features, photos of your palms, hands, forehead, or feet are captured on your device and transmitted to AWS Bedrock for AI analysis. Before any photo leaves your device, we strip EXIF data, GPS coordinates, and other embedded metadata — only the visual content is sent. These images are NEVER stored in the cloud or written to our databases. During an active reading session, the photos you captured are held in encrypted device storage (Flutter Secure Storage / Android Keystore / iOS Keychain) so you can ask follow-up questions without re-capturing; this session cache is cleared automatically when you close the reading or sign out. Only the text of the AI-generated reading is saved (encrypted, same as other readings). In Ghost mode, even the text is not saved. We do not have access to your photos after the reading is complete.
• Biometric Information Notice: Body reading photos may be considered biometric data under certain jurisdictions (e.g., Illinois BIPA). Photos are processed solely for generating your reading, are never stored permanently, are not used for identification purposes, and are automatically discarded after analysis. You must provide affirmative consent via an in-app checkbox before capturing or uploading any photo. You may withdraw consent at any time by not using these features.
• Age Restriction for Body Readings: Body reading features are restricted to users aged 18 and older. Both the app and the server block users under 18 from capturing or submitting biometric photos. This protects children's privacy in line with COPPA (US), GDPR (EEA), and similar laws.
Data Retention by type:
• Birth profiles: retained until you delete the profile or your account.
• Readings: stored encrypted until you delete them or your account; server-side purge within 30 days of account deletion.
• Waitlist emails: retained until the launch notification is sent or you unsubscribe, whichever comes first.
• Crash logs: automatically deleted after 90 days.
Ghost Mode: CelestKin offers a Ghost Mode (labelled "Private Mode" on web). When enabled, readings are NOT saved to our servers — they exist only in your local device memory for the current session. Ghost Mode does not affect data already stored before it was enabled.
Third-party processors and their roles:
• AWS Bedrock — AI reading generation (birth data sent for processing)
• Supabase — Authentication, database, and encrypted reading storage
• Sentry — Error and crash tracking (no personal data)
• Mixpanel — Anonymized usage analytics only
• Google Play / Apple App Store — Payment processing
• RevenueCat — In-app purchase receipt validation, subscription lifecycle, restore-purchases (opaque user UUID + product ID + transaction reference only)
Your GDPR rights (EU/EEA residents):
• Access: Request a copy of all personal data we hold about you.
• Rectification: Correct inaccurate birth data or profile information at any time within the app.
• Erasure: Delete individual profiles, readings, or your entire account. Server-side data purged within 30 days.
• Portability: Request a machine-readable export of your data by contacting us.
• Objection / restriction: Opt out of analytics or enable Ghost Mode to prevent reading storage.
To exercise any of these rights, contact us at: [email protected]. We will respond within 30 days.
14. Third-Party AI Processing (AWS Bedrock)
CelestKin uses Amazon Web Services (AWS) Bedrock to process your readings. When you request a reading, your birth data and chart calculations are sent to AWS Bedrock's Claude AI model for analysis.
For body readings (palm, thumb, nail, forehead, foot), your captured photos are transmitted to AWS Bedrock for AI analysis. Photos exist only in memory during the API call and are automatically discarded when the reading is generated.
AWS Bedrock operates under Amazon's data processing agreement and does not retain your data for model training. For more details, see AWS Bedrock's privacy documentation.
15. Analytics and Tracking
CelestKin uses Mixpanel for analytics to improve the app experience. Mixpanel collects anonymized usage data including screens viewed, features used, and reading types generated. Mixpanel does not have access to your birth data, chart calculations, or reading content. You can opt out of analytics tracking in the app settings.
We also use Sentry for error tracking, which collects crash reports and performance data to help us fix bugs. Sentry does not collect personal information beyond what is necessary for debugging.
16. Changes
We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated via in-app notification. The "Effective Date" at the top will be updated accordingly.
17. Contact
Data protection inquiries: [email protected]