← Back to Cosmic Compass

Privacy Policy

Last updated: July 5, 2026

Table of Contents 1. Overview 2. Information We Collect 3. How We Use Your Data 4. AI Processing 5. Cookies 6. Data Sharing 7. Data Security 8. Data Retention 9. Your Privacy Rights 10. Children's Privacy 11. Policy Changes 12. Contact Us

1. Overview

Cosmic Compass ("we", "us", "our") operates the website zodi.life (the "Service"). We are committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains what information we collect, why we collect it, and the choices you have regarding your data.

We comply with the General Data Protection Regulation (GDPR) for European users and the California Consumer Privacy Act (CCPA) for California residents. This policy is designed to meet the requirements of both frameworks.

2. Information We Collect

Account Information:

  • Email address — used for account login and communication
  • Hashed password — stored using bcrypt, never in plain text

Birth Data (provided voluntarily):

  • Birth date (day, month, year)
  • Birth time (hour, minute)
  • Birth city and country
  • Geographic coordinates (latitude, longitude) — auto-derived from city name via OpenStreetMap Nominatim

Usage Data (automatically collected):

  • Session cookies — required for login authentication
  • Server access logs — IP address, browser type, timestamps (standard web server logs, retained for 7 days)

Payment Data (processed by PayPal):

  • We do NOT collect or store credit card numbers, CVVs, or banking details
  • PayPal processes all payments. We only receive a transaction ID and subscription status

What we do NOT collect: We do not use advertising trackers, third-party analytics (Google Analytics, Facebook Pixel, etc.), cross-site tracking cookies, or device fingerprinting. We do not collect your real name, phone number, physical address, or social media profiles.

3. How We Use Your Data

  • To provide the Service: Calculate your birth chart, generate horoscope readings, and display compatibility results using your birth data
  • To authenticate you: Verify your identity when you log in using your email and password
  • To personalize content: Generate AI-powered astrological readings based on your natal planetary positions
  • To process payments: Verify subscription status through PayPal transaction records
  • To communicate with you: Send service-related emails (password reset, account changes, subscription renewal notices)
  • To improve the Service: Monitor server logs for technical issues and security threats

We do NOT use your data for: targeted advertising, selling to third parties, training AI models on your personal data, or any purpose unrelated to providing the Service.

4. AI Processing

When you request an AI-powered reading (daily horoscope, birth chart deep reading, or compatibility analysis), we send the following data to our AI provider (DeepSeek):

  • Your zodiac sign, Sun sign, Moon sign, and Rising sign
  • Current planetary transit positions relative to your natal chart
  • Astrological aspects and house placements

We do NOT send your raw birth data (date, time, city), email address, name, or any personally identifiable information to the AI provider. Only the computed astrological data is transmitted. DeepSeek's API does not retain or use your data for model training.

AI-generated content is cached on our servers to improve performance and reduce costs. Daily horoscope caches expire after 24 hours; birth chart readings are cached indefinitely (since your natal chart never changes).

5. Cookies

We use only essential cookies necessary for the Service to function:

  • PHP Session Cookie (PHPSESSID): Maintains your login state. Deleted when you close your browser.

We do NOT use:

  • Analytics cookies (Google Analytics, Mixpanel, etc.)
  • Advertising cookies (Google Ads, Facebook Pixel, etc.)
  • Social media cookies (Facebook, Twitter, Instagram)
  • Third-party tracking cookies

Since we only use essential cookies, no cookie consent banner is required under the GDPR ePrivacy Directive. Essential cookies cannot be disabled because the Service would not function without them.

6. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following service providers, under strict data processing agreements:

  • DeepSeek (AI provider): Receives computed astrological data (not raw PII) for generating readings. Based in compliance with applicable data protection laws.
  • PayPal (payment processor): Processes your payments. Subject to PayPal's own privacy policy. We do not receive your financial details.
  • OpenStreetMap Nominatim: Used to convert city names to geographic coordinates. Your search query is sent to Nominatim's public API. No personal data is attached.

We may disclose your data if required by law, court order, or government regulation, or to protect our legal rights. We have never received such a request.

7. Data Security

  • Passwords are hashed using bcrypt (industry-standard, one-way hashing)
  • All data transmission is encrypted via HTTPS/TLS (SSL certificates)
  • Database access is restricted to authorized personnel only
  • Server access logs are monitored for suspicious activity
  • Payment data never touches our servers — handled entirely by PayPal

No method of transmission or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Data Retention

  • Account data: Retained until you request deletion
  • Birth data: Retained with your account until deletion
  • AI reading cache: Daily horoscopes cached for 24 hours; birth chart readings cached indefinitely
  • Server logs: Retained for 7 days, then automatically deleted
  • Payment records: Transaction IDs retained for accounting purposes (7 years per tax law). No card data is stored.

9. Your Privacy Rights

GDPR (European Users): You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to data processing
  • Withdraw Consent: Withdraw consent at any time

CCPA (California Residents): You have the right to:

  • Know: What personal data is collected and how it's used
  • Delete: Request deletion of your personal data
  • Opt-Out: We do not sell your data, so no opt-out is needed
  • Non-Discrimination: Equal service regardless of privacy rights exercised

To exercise any of these rights, email privacy@zodi.life. We will respond within 30 days. Account deletion requests are processed within 30 days and are irreversible.

If you have a complaint about our data practices, you can contact your local data protection authority. For EU residents, this is your country's Data Protection Authority. For UK residents, this is the ICO (ico.org.uk).

10. Children's Privacy

The Service is not directed to children under 13 (or 16 in EU member states). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.

11. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes affecting your rights, we will send an email notification to registered users at least 30 days before the changes take effect.

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

📧 Email: privacy@zodi.life

🔗 Website: https://zodi.life