Privacy Policy
Last Updated: April 25, 2026 — Version 2.0
This Privacy Policy explains how Astrovana AI ("Company", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use the Astrovanga mobile application ("App") and the website at astrovanaai.com ("Website"). This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law No. 6698 (KVKK), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
By using our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
Data Controller
Company: Astrovana AI
Website: astrovanaai.com
General contact: privacy@astrovanaai.com
KVKK requests: kvkk@astrovanaai.com
Support: support@astrovanaai.com
Information We Collect
Information you provide
- Account Information: Name, email address, authentication credentials (and profile photo when using Google or Apple sign-in).
- Birth Data (Special Category): Date, time, and place of birth. This data is required to compute astrological charts and reports.
- Profile Information: Gender, relationship status, occupation, and interests (optional, for personalized content).
- Communication Data: Messages, feedback, and support requests you send us.
Automatically collected information
- Device Information: Device type, operating system version, app version, device identifiers.
- Usage Data: In-app interactions, features used, session duration.
- Network Information: IP address, connection type, approximate location (country/region level).
- Crash Data: Error logs, stack traces, stability diagnostics.
Information from third parties
- Social Login Providers: When you sign in with Google or Apple, we receive only the name, email, and profile information you authorize.
- Payment Platforms: Apple App Store and Google Play provide subscription status and transaction identifiers (we never receive your card or payment details).
Birth Data — Server-Side Processing (CRITICAL)
Important update — April 25, 2026: Your birth date, time, and place are processed on our servers to generate charts and reports. Because this data may relate to special categories under GDPR Article 9, processing requires your explicit consent.
- Processing location: Hostinger VPS, Vilnius, Lithuania (EU data center).
- Computation engine: Astronomical computation engine (local library). No artificial intelligence or language model is used.
- Output cache: Computed chart data is cached for up to 24 hours, then automatically deleted.
- Report retention: Generated report text is retained for the lifetime of your account plus 30 days after account closure.
- Transport security: All device-to-server traffic is encrypted with TLS 1.3.
- Access control: Birth data is accessible only to authorized system processes triggered by your own account, governed by role-based access control.
No-AI Statement
Astrovanga report text is NOT generated using artificial intelligence or large language models (LLMs). All interpretations are produced by deterministic astronomical calculations combined with pre-written interpretation dictionaries authored by humans.
Therefore, your birth data is never transmitted to AI providers (OpenAI, Google Gemini, Mistral, etc.) and is never used for model training.
How We Use Your Data
| Purpose | GDPR Legal Basis | KVKK Legal Basis |
|---|---|---|
| Astrological chart and report generation (special category processing) | Explicit Consent (Art. 9(2)(a)) | Explicit Consent (Art. 6/2) |
| Account creation and management | Contract Performance (Art. 6(1)(b)) | Contract Performance (Art. 5/2-c) |
| Subscription and payment management | Contract Performance (Art. 6(1)(b)) | Contract Performance (Art. 5/2-c) |
| International transfer (Hostinger LT) | Adequacy / SCCs | Explicit Consent (Art. 9) |
| Analytics and product improvement | Legitimate Interest (Art. 6(1)(f)) | Legitimate Interest (Art. 5/2-f) |
| Crash reporting | Legitimate Interest (Art. 6(1)(f)) | Legitimate Interest (Art. 5/2-f) |
| Push notifications | Consent (Art. 6(1)(a)) | Explicit Consent (Art. 5/1) |
| Legal obligations | Legal Obligation (Art. 6(1)(c)) | Legal Obligation (Art. 5/2-ç) |
Third-Party Services
Hostinger (server infrastructure)
Birth data processing and report generation runs on a virtual private server (VPS) provided by Hostinger International Ltd. ("Hostinger"). Data center location: Vilnius, Lithuania (EU). Hostinger privacy policy: hostinger.com/legal/privacy-policy.
Firebase (Google LLC)
- Firebase Authentication: User sign-in and identity management.
- Firebase Analytics: Anonymous usage statistics.
- Firebase Crashlytics: Crash reporting.
Birth data is not processed in Firebase; only your account identifier is stored there.
Google privacy policy: policies.google.com/privacy
RevenueCat
Used for iOS and Android subscription management; processes subscription status, transaction identifiers, and device identifiers. revenuecat.com/privacy
Apple and Google Payment Services
In-app purchases are processed entirely by Apple (App Store) or Google (Google Play). We receive only transaction confirmation and subscription status; your card or payment information is never transmitted to us.
Data Storage and Security
Storage locations
- Birth data and report text: Hostinger VPS, Vilnius, Lithuania (EU).
- Account identity and authentication: Firebase (Google Cloud, US and EU).
- Subscription records: RevenueCat (US).
Security measures
- All device-to-server traffic encrypted with TLS 1.3.
- Data at rest encrypted with AES-256.
- Role-based access control and regular security audits.
- Automated backups and disaster recovery procedures.
- Data breach response plan with 72-hour notification under GDPR Art. 33 and KVKK Art. 12/5.
Retention Periods
- Account data: Retained while your account is active; deleted within 30 days of account closure.
- Birth data and chart outputs: Deleted within 30 days of account closure. Temporary chart cache cleared every 24 hours.
- Report text: Lifetime of your account + 30 days after closure.
- Analytics: Up to 24 months, then anonymized.
- Subscription records: Up to 10 years (Turkish Commercial Code / Tax Procedure Law).
- Crash logs: 90 days.
- Support correspondence: 12 months after resolution.
You may request earlier deletion at any time (see Your Rights).
GDPR Article 30 — Records of Processing
Data Controller: Astrovana AI — privacy@astrovanaai.com
Data Processors: Hostinger International Ltd. (LT), Google LLC / Firebase (US/EU), RevenueCat Inc. (US).
Processing Purposes: Astrological computation, content delivery, subscription management, authentication, analytics.
Data Categories: Identity, contact, birth data (special category), subscription, usage data.
Recipient Categories: Cloud infrastructure providers, payment intermediaries.
International Transfer: EU (Hostinger LT), US (Firebase, RevenueCat) — SCCs and EU-US Data Privacy Framework.
Retention: See "Retention Periods" above.
Children's Privacy
Age limit: Astrovanga is not designed for children under 13 (the threshold is 16 in the European Economic Area, 13 in Turkey).
In compliance with COPPA (US), GDPR Art. 8 (EU), and KVKK, we do not knowingly collect personal data from users below the applicable minimum age. For users aged 13–18, parental or legal guardian consent is recommended. Age verification occurs during the in-app onboarding flow via date selection. If we discover that a user below the age threshold has provided data, the account is closed and the data is deleted.
Your Rights
GDPR (EU/EEA users)
- Right of Access (Art. 15): Request a copy of your personal data.
- Right to Rectification (Art. 16): Correct inaccurate data.
- Right to Erasure (Art. 17): "Right to be forgotten."
- Right to Restriction (Art. 18).
- Right to Data Portability (Art. 20): Receive data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to legitimate-interest processing.
- Right to Withdraw Consent (Art. 7).
- Right to Lodge a Complaint with your local data protection authority.
KVKK (Turkish users)
For details, see our KVKK Information Notice.
CCPA (California users)
- Know what personal information is collected, used, or shared.
- Request deletion of your data.
- Opt out of data sale (we do not sell your data).
- Non-discrimination for exercising your rights.
How to exercise your rights
- Email: privacy@astrovanaai.com
- In-app: Settings → Privacy → Data Request
- Export: Settings → Export Data (JSON)
- Account deletion: Settings → Account → Delete Account
We respond within 1 month under GDPR (extendable +2 months for complex cases) and within 30 days under KVKK.
Cookies and Telemetry
The mobile app does not use browser cookies. The following telemetry channels are used:
- Firebase Analytics: Anonymous usage statistics (can be disabled in device settings).
- Firebase Crashlytics: Crash reporting.
- RevenueCat SDK: Subscription telemetry.
Our website (astrovanaai.com) uses only essential cookies and Google Analytics, which you can manage through your browser settings.
Subscriptions and Refunds
- Auto-renewal: Subscriptions renew automatically unless cancelled at least 24 hours before the end of the current period.
- Cancellation: You may cancel any time through your Apple or Google account settings.
- Refunds: Refunds are processed exclusively by Apple App Store or Google Play under their own policies. We do not directly handle refunds.
- RevenueCat: Used for subscription state management; payment information is not stored.
International Data Transfers
Your data may be transferred to and processed in countries outside your residence — particularly Lithuania (EU) and the United States. Safeguards include:
- EU Standard Contractual Clauses (SCCs).
- EU-US Data Privacy Framework certified providers.
- For transfers from Turkey to the EU under KVKK Art. 9, your explicit consent is obtained.
- European Commission adequacy decisions where applicable.
Changes to This Policy
We may update this Privacy Policy periodically. For material changes:
- The "Last Updated" date at the top of this page is refreshed.
- Material changes are announced through the App or by email.
- Where required by law, fresh explicit consent is obtained.
- Prior versions are archived and available upon request.
Contact
Astrovana AI
Website: astrovanaai.com
Privacy: privacy@astrovanaai.com
KVKK: kvkk@astrovanaai.com
Support: support@astrovanaai.com
If you are unsatisfied with our response, you may lodge a complaint with a supervisory authority:
- Turkey: Personal Data Protection Authority (KVKK) — kvkk.gov.tr
- EU: Your local Data Protection Authority
- Lithuania (data processing location): Valstybinė duomenų apsaugos inspekcija — vdai.lrv.lt
© 2026 Astrovana AI. All rights reserved.