Privacy Policy

Last updated: April 9, 2026

Halo Labs ("Developer") operates the AstroHalo mobile application ("Service"). This Privacy Policy explains how we collect, use, and protect your personal information.

1. Information We Collect

a) Information You Provide

  • Email address (via Google or Apple sign-in)
  • Date of birth, time of birth, and place of birth (for astrological chart calculations)
  • Chat messages sent to the AI astrology chat feature
  • Partner's birth information (when using synastry features)

b) Automatically Collected Information

  • Device type, operating system, and app version
  • Timezone and locale settings
  • Push notification token
  • Subscription status and purchase history
  • Approximate (coarse) location, with your permission — used solely to calculate sunrise and sunset times and not stored on our servers

2. How We Use Your Information

  • Calculate astrological charts and provide personalized interpretations
  • Generate AI-powered horoscopes, tarot readings, and reports
  • Send push notifications (daily horoscope, calendar alerts) with your consent
  • Process payments and manage subscriptions
  • Determine sunrise and sunset times for planetary hour calculations using your approximate location
  • Improve the Service and respond to inquiries

3. Third-Party Services (Sub-processors)

We use the following third-party services to operate the Service. Each provider receives only the data necessary for its function.

  • Google / Apple — Sign-in authentication. Receives: your email address and OAuth identifier.
  • Supabase (database & auth, hosted on AWS) — Receives: all user account data, profile, birth data, chat history, subscription state.
  • RevenueCat (subscription management) — Receives: anonymous user ID, store transaction IDs, product identifiers, subscription status. Does NOT receive your name, email, or birth data.
  • Google Gemini / Anthropic Claude (LLM content generation) — Receives ONLY: chat message text and a summarized natal chart (planetary positions). Does NOT receive your email, name, exact birth date, payment information, or device identifiers.
  • Expo / EAS — Push notification delivery. Receives: device push token only.

We do not sell your personal information. We do not use third-party advertising or behavioral tracking SDKs.

4. Cookies and Web Tracking

The AstroHalo mobile application does not use cookies. The astro-halo.com website uses only essential cookies required for page rendering. We do not run third-party analytics, advertising trackers, or behavioral profiling cookies on this site.

5. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our sub-processors operate. By using the Service, you consent to such transfers.

6. Data Retention and Deletion

We retain your personal data for as long as your account is active. Upon account deletion:

  • Personal data (profile, birth data, chat history, readings, subscription records) is deleted from our live database immediately.
  • Encrypted backups are rotated and permanently purged within 30 days.
  • A one-way SHA-256 hash of your email is retained in a deletion log to prevent abuse and to honor "right to be forgotten" requests if you re-register.
  • Anonymized, aggregated analytics that cannot identify you may be retained.

You may delete your account from the in-app Settings screen, or by emailing [email protected]. See our Delete Account page for step-by-step instructions.

7. Data Access and Portability (Export)

You have the right to request a copy of all personal data we hold about you. To submit a data access request, email [email protected] from the email address associated with your account. We will provide your data in a machine-readable format (JSON) within 30 days of verification, free of charge.

8. Data Security

  • All data transmitted over HTTPS/TLS encryption
  • Row Level Security (RLS) ensures users can only access their own data
  • JWT-based authentication for all API requests
  • Webhook endpoints (RevenueCat) are HMAC-verified

9. Your Rights

  • Access — View your personal data through the app's Profile settings, or request a full export
  • Correction — Update your birth information or profile at any time
  • Deletion — Delete your account and all associated data
  • Withdraw consent — Opt out of push notifications or revoke location permission through your device settings
  • Lodge a complaint — If you believe your rights have been violated, you may contact your local data protection authority

10. Children's Privacy

The Service is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14. If you become aware that a child under 14 has provided us with personal information, please contact us and we will delete it. Users in jurisdictions with a higher digital age of consent (e.g., COPPA in the United States — 13) must comply with their local rules.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact

Developer / Data Controller: Halo Labs

Email: [email protected]