Privacy Policy

1. Introduction and Data Controller

Moonomy ("we," "us," or "our") operates moonomy.com and provides digital astrology services, including daily and personalized horoscopes, birth charts, and related services (collectively, the "Services").

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, Moonomy is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our Services. The types of personal data we collect include:

2.1 Information You Provide

• Account Information: Name, email address, username, display name, password (stored in hashed form), locale preferences, and profile visibility settings.
• Birth Details: Birth date, birth time, birth place (city, country), and timezone. This information is essential for generating accurate astrological charts and horoscopes.
• Profile Information: Optional information you may provide, including about me, goals, current job, challenges, health and wellness information, relationship status, interests, hobbies, and spiritual preferences.
• Payment Information: Payment method details are processed securely by third-party payment processors (such as Stripe). We do not store full credit card numbers, CVV codes, or complete payment card information on our servers.
• Communications: Messages, feedback, support requests, and other communications you send to us.

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on pages, clickstream data, and navigation patterns.
• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
• Log Data: IP address, approximate geographic location (derived from IP), access times, and error logs.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies. See Section 10 for detailed information about our use of cookies.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To generate personalized horoscopes, birth charts, and astrological content based on your birth details and preferences.
• Account Management: To create and manage your account, process subscriptions and payments, maintain your order history, and provide customer support.
• Communication: To send you service-related communications, including account notifications, subscription updates, billing information, security alerts, and responses to your inquiries.
• Service Improvement: To analyze usage patterns, improve the accuracy and reliability of our Services, develop new features, and enhance user experience.
• Security and Fraud Prevention: To protect the security and integrity of our Services, detect and prevent fraud, abuse, and unauthorized access.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforce our Terms of Service.
• Marketing (with consent): To send you promotional communications about our Services, special offers, and new features, where you have provided consent or where permitted by law.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal bases:

• Consent (Article 6(1)(a)): When you have given clear consent for us to process your personal data for specific purposes, such as marketing communications or optional profile information.
• Contract Performance (Article 6(1)(b)): To perform our contractual obligations to you, including providing the Services, processing subscriptions, and managing your account.
• Legal Obligation (Article 6(1)(c)): To comply with legal obligations, such as tax requirements, accounting records, and responding to lawful requests from authorities.
• Legitimate Interests (Article 6(1)(f)): For our legitimate business interests, including:
  • Improving and optimizing our Services
  • Ensuring security and preventing fraud
  • Analyzing usage patterns and user behavior
  • Providing customer support
  • Enforcing our Terms of Service
  We balance our legitimate interests against your rights and freedoms, and you have the right to object to processing based on legitimate interests.

5. Data Sharing and Third-Party Processors

We do not sell your personal information. We share your data only in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to help us operate our Services. These processors are contractually obligated to protect your data and use it only for the purposes we specify:

• Payment Processors: Stripe and other payment processors handle payment transactions. They process payment information in accordance with PCI DSS standards.
• Cloud Infrastructure Providers: We use cloud hosting services to store and process data securely.
• Email Service Providers: To send transactional emails, account notifications, and service-related communications.
• Analytics Providers: To analyze usage patterns and improve our Services (data is anonymized where possible).
• Customer Support Tools: To provide customer support and manage support requests.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: We transfer data to countries that have been recognized by the European Commission as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with service providers in countries without adequacy decisions to ensure your data receives adequate protection.
• Other Safeguards: We may rely on other legally recognized transfer mechanisms, such as binding corporate rules or certification schemes, where applicable.

By using our Services, you consent to the transfer of your information to countries outside your jurisdiction, subject to the safeguards described above.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are as follows:

• Account Data: Retained for the duration of your account's existence. After account deletion, we retain certain data for up to 30 days for security and fraud prevention purposes, then permanently delete it, except where legal obligations require longer retention.
• Payment Records: Retained for 7 years as required by tax and accounting laws.
• Usage and Log Data: Retained for up to 2 years for security, analytics, and service improvement purposes.
• Marketing Data: Retained until you withdraw consent or opt out, then deleted within 30 days.
• Legal Obligations: We may retain data longer when required by law, court order, or to resolve disputes and enforce agreements.

You may request deletion of your account and associated data at any time by contacting us. We will honor your request subject to legal retention requirements.

8. Your Data Protection Rights (GDPR)

If you are located in the EEA, UK, or other jurisdictions with similar data protection laws, you have the following rights regarding your personal data:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, including information about how we process it.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request deletion of your personal data when it is no longer necessary, you withdraw consent, or it has been unlawfully processed.
• Right to Restrict Processing (Article 18): You have the right to request that we limit how we use your personal data in certain circumstances.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Article 7): Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
• Right to Lodge a Complaint (Article 77): You have the right to lodge a complaint with your local data protection authority if you believe we have violated data protection laws. See Section 9 for more information.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month (or within two months for complex requests). We may require verification of your identity before processing your request.

9. Right to Lodge a Complaint with Supervisory Authority

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe that our processing of your personal data violates applicable data protection laws. You can find contact information for your local supervisory authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en or https://ico.org.uk (for UK residents). We encourage you to contact us first so we can address your concerns.

10. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect and store information about your use of our Services. Cookies are small text files placed on your device when you visit our website.

10.1 Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly, including authentication, security, and session management. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Services by collecting anonymous usage statistics.
• Preference Cookies: Remember your settings and preferences, such as language and theme selection.
• Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (used only with your consent).

10.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling certain cookies may limit your ability to use some features of our Services. For more information about managing cookies, visit www.allaboutcookies.org.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure password storage using industry-standard hashing algorithms
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Employee training on data protection and security
• Privacy by design and default principles

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11.1 Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33-34.

12. Children's Privacy

Our Services are not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under 13 without verifiable parental consent.

If you are between 13 and 16 years old (or the age of digital consent in your jurisdiction), you may use our Services only with the consent of your parent or guardian. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Notify you via email or through a prominent notice on our Services
• Obtain your consent where required by law for material changes

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may close your account and stop using our Services.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Data Controller: Moonomy (moonomy.com)