# Privacy Policy #### 1. Who We Are AstroFit AI is a software project (“**AstroFit AI**,” “**we**,” “**us**”) operated by an individual. At this time, AstroFit AI is not a legal entity. **Controller/Owner:** Project AstroFit AI **Contact:** **Mailing address:** Dubai Internet City Head Office Building 4, Dubai Internet City, Dubai, United Arab Emirates **Website:** astrofitai.com #### 2. Scope This Privacy Policy applies to the AstroFit AI mobile apps, websites, and related services (the “**Services**”). #### 3. Personal Data We Collect We collect the following categories of data depending on your use of the Services: **Account & Identity** * Email address, authentication identifiers (e.g., Firebase UID), display name. **Profile & Astrology Data** * Name, gender, date/time of birth, place of birth, city/country, timezone. * Optional precise location coordinates (latitude/longitude) derived from your entered birth location. **Usage & Content** * AI chat prompts and responses, goal data, daily plans, astrology reports, and related content you create or receive. * App usage events, feature interactions, and diagnostic data. **Device & Technical** * Device identifiers, IP address, device and OS information, crash logs, and performance data. **Notifications** * Push notification tokens (FCM) and related delivery metadata. **Payment & Subscription** * Subscription status, product identifiers, purchase history, and entitlement status via RevenueCat. * For web subscriptions, payment processing is handled by Stripe. We do not store full payment card details. **Analytics (Firebase GA4)** * Usage analytics and aggregated metrics to understand app performance and user behavior. **Sensitive Data (Birth Data)** * Birth date/time/place and related information may be considered sensitive in some jurisdictions. You provide it voluntarily to receive astrology‑related features, and we process it to provide core functionality. #### 4. Sources of Data * You (when you register, create a profile, and use the Services). * Automatically from your device and app usage. * From third‑party providers (e.g., RevenueCat, Apple, Google, Stripe) regarding purchases and subscriptions. #### 5. How We Use Personal Data We use personal data to: * Provide and operate the Services. * Personalize astrology and AI outputs. * Process subscriptions, purchases, and entitlements. * Send transactional and service messages. * Provide push notifications (with your permission). * Improve, debug, and secure the Services. * Comply with legal obligations. **AI content usage:** We store AI prompts and responses for **12 months** to provide the Services, improve user experience, and ensure safety and reliability. We do not sell your personal data or use your content for advertising. #### 6. Legal Bases (EEA/UK) For users in the EEA/UK, our legal bases include: * **Contract** (to provide the Services you request). * **Consent** (for optional features such as marketing and certain analytics, where required). * **Legitimate interests** (to improve and secure the Services). * **Legal obligation** (for compliance and record‑keeping). #### 7. Sharing and Disclosure We share data with trusted service providers who process data on our behalf: * **Firebase (Google)**: authentication, database (Firestore), crash reporting, messaging, analytics. * **RevenueCat**: subscription management and entitlements. * **OpenAI**: AI processing of prompts and responses. * **Prokerala**: astrology calculations. * **Google Places**: geocoding and location lookup. * **Stripe**: web payment processing. * **Apple/Google**: in‑app purchase processing for App Store / Google Play. We may also disclose information if required by law, to protect our rights, or in connection with a business transfer. #### 8. International Transfers Your data may be processed and stored outside your country, including in the United States and other jurisdictions. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross‑border transfers. #### 9. Data Retention and Account Deletion We retain data for as long as needed to provide the Services and fulfill legal obligations. If you delete your account from the profile screen, we process the request within **30 days**, unless a longer period is required by law. Some data may be retained for legal, tax, or security obligations. #### 10. Security We implement reasonable administrative, technical, and organizational measures to protect personal data. No method of transmission or storage is completely secure. #### 11. Children’s Privacy Our Services are not intended for children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from such users. #### 12. Your Rights Depending on your region, you may have rights including: **EEA/UK (GDPR/UK GDPR)** * Access, correction, deletion, portability, restriction, and objection. **California (CCPA/CPRA)** * Know, delete, correct, and opt out of “sale” or “sharing” of personal information. * We do **not** sell or share personal information for cross‑context behavioral advertising. **Brazil (LGPD)** * Confirmation, access, correction, anonymization, portability, and deletion. To exercise your rights, contact us at ****. #### 13. Cookies and Similar Technologies (Web) We use cookies and similar technologies for authentication, preferences, and analytics. You can control cookies through your browser settings. #### 14. Marketing Communications If you opt in to receive marketing emails or promotional messages, you can opt out at any time by using the unsubscribe link or contacting us at ****. You will still receive essential service or transactional messages (e.g., billing, security, or legal notices). #### 15. Push Notifications If you enable notifications, we will send push notifications through Firebase Cloud Messaging. You can disable notifications in device settings. #### 16. Changes to This Policy We may update this Policy and will revise the “Last updated” date. Continued use of the Services indicates acceptance of the updated Policy. #### 17. Contact Questions or requests: ****.