What we collect and what we don't.

• We collect your email, password, name, and birth details so we can compute your chart and send you readings.
• We don't use third-party analytics, advertising, or social cookies. The only cookie we set is a first-party session cookie so you stay logged in.
• We send your chart math (planetary positions, no email or name) to Anthropic so Claude can write your reading. That's the only AI vendor in the loop.
• You can edit any field, opt out of email, or delete your account (and everything in it) from Settings.

• Account. Your email address and a hashed password so you can sign in. Optionally your name.
• Birth details. Date, time (or "approximate"), and city of birth. We resolve the city to latitude/longitude and an IANA timezone so the math is right. These are the inputs to your natal chart — without them, there's nothing to read.
• Local context. Your current city and timezone so the morning brief lands at your local sunrise.
• Readings and journal entries. Whatever the model writes for you, plus anything you type into a journal entry. We don't read journal entries. We don't train any model on them.
• Email preferences. Whether you've opted in to the daily-brief email. Default is off.
• Cookieless visit data. Browser, OS, referrer, landing page, UTM parameters, masked IP. No cookies are written for this. We use it to see how people find us, not to follow you.
• OAuth tokens for any MCP client (e.g. Claude.ai) you've connected. You can disconnect any of them from Settings.

• No tracking cookies. No advertising cookies. No social-network cookies. No fingerprinting. There is nothing to ask you to consent to, which is why there is no banner.
• No third-party analytics SaaS. No Google Analytics, no Mixpanel, no Segment, no Amplitude. The analytics layer is first-party (Ahoy), cookieless, and IP-masked.
• No location tracking. We never read your device's GPS. The only place a coordinate exists is the lat/long of your birth city, and you typed that in.
• No advertising network. We don't run ads, so there is no ad-tech in the page.
• Your password in plaintext. We store a salted hash and that's all that's recoverable; even we can't read it.

We set one cookie: a first-party session cookie that keeps you signed in. There is also a CSRF token cookie for form submissions. Both are strictly necessary for the app to work, neither is shared with anyone, and neither is used to follow you across other sites. That's the whole list.

A few external services touch the data on its way through. None of them get more than they need.

• Anthropic — receives your computed chart math (planetary positions, dasha periods) and today's transit positions so Claude can write the reading. It does not receive your email, password, name, or journal entries. Anthropic privacy policy.
• Resend — sends our outbound email over SMTP. Sees the recipient address and the message we wrote. Resend privacy policy.
• Photon (Komoot) — when you type a city in the birth-details form, the city name is sent for autocomplete. No identifying data is attached. Photon.
• Open-Meteo — when you pick a city, its lat/long is sent to look up the matching IANA timezone. No identifying data is attached. Open-Meteo.
• GitHub — if a server error happens on your request, the stack trace is filed as an issue in the project repository so we can fix it. We avoid capturing personal data in errors, but a stack trace can incidentally include URL parameters.
• Hetzner — the VPS where the application and database actually live. Hetzner privacy policy.

We do not sell, rent, or trade your data. There is no advertising network and no data broker in the loop.

The application database is SQLite running on a single Hetzner VPS. Backups stay with the same provider. Your data lives there for as long as your account exists.

When you delete your account from Settings, the database row and everything attached to it — birth profile, readings, journal entries, sessions, connected MCP clients — are removed immediately. There is no soft-delete, no recovery period. Backups age out on their normal rotation.

Under GDPR, UK GDPR, and CCPA you have the right to access, correct, and delete your data. You can do all three from inside the app:

• See it. Your natal reading lives on your profile. Your daily briefs are at /briefs. Your settings show what we have on file.
• Correct it. Edit your account from Settings; edit your birth details from Profile.
• Delete it. The "Delete account" control at the bottom of Settings wipes everything.
• Opt out of email. Every product email has an unsubscribe link, plus a one-click List-Unsubscribe header your mail client honors. There's also a checkbox in Settings.
• Object or restrict. If any of the above doesn't fit your situation, message us (link below) and we'll handle it manually.

You also have the right to lodge a complaint with your local data protection authority. We'd rather hear from you first, but the option is there.

The app is not intended for anyone under 16. If you believe a child has signed up, message us and we'll delete the account.

We'll update this page when something material changes and bump the date at the top. We won't quietly change what we collect.

Operated by Arvin Dang. The fastest way to reach me is @arvindang on Threads. For privacy-specific questions, that's still the right channel.