Privacy Policy

Read the current legal text

Privacy Policy

Last updated: April 18, 2026

Astrolune is a tarot-first reflection app with astrology context, journaling, and optional AI assistance. This policy explains what data Astrolune currently uses, which service providers are involved, and how account deletion works.

Summary

  • We collect account, profile, reading, journal, and app-usage data that is needed to run the product.
  • The current Android manifest in this codebase declares internet access, notification permission, and boot-completed access for reminder scheduling. It does not declare camera, contacts, background location, or broad media-library permissions.
  • We currently rely on Supabase, Google Sign-In, Mixpanel, OpenAI, Google Gemini, Stability AI, and OpenStreetMap Nominatim.
  • You can request deletion inside the app when logged in or by emailing astroluneapp@gmail.com.

Data We Process

Account and identity data

We process:

  • email address
  • authentication identifiers created by Supabase
  • sign-in method
  • profile display information you choose to add

If you sign in with Google, Google and Supabase process the authentication flow needed to create or access your Astrolune account.

Profile and ritual data

We process the information you enter to personalize the experience, such as:

  • birth date
  • birth time
  • birth location text or chart-related inputs
  • saved tarot readings
  • journal entries, reflections, and notes
  • mood or ritual-preference data you choose to store
  • optional profile avatar images you choose to upload
  • generated dream images and related dream-analysis metadata when you use dream visualization

Analytics and technical data

We process limited usage and device-related data to understand product usage and improve the service. In the current mobile codebase this includes Mixpanel events and service-level logs generated by our infrastructure providers.

Depending on your device and session, this can include:

  • app version
  • coarse device or platform information
  • event timestamps
  • in-app actions such as reading, lesson, or quiz activity
  • security and session metadata handled by Supabase

AI request data

If you use AI Insight, dream visualization, or related AI-powered features, the content needed to answer your request may be sent to OpenAI, Google Gemini, or Stability AI. This can include:

  • the text you submit
  • selected reading context
  • drawn cards
  • natal-chart context that is included in the prompt
  • dream text and generated-image prompts when you actively use dream visualization

We use this data only to generate the requested AI output and operate the feature.

Location lookup requests

Astrolune uses OpenStreetMap Nominatim to resolve place names that you enter for astrology-related flows. This means the place query you submit may be sent to Nominatim so the app can return coordinates or matching location results.

Android Permissions and Media Access

In the current Android build configuration in this repository, the manifest declares:

  • internet access, so the app can use authentication, sync, analytics, AI, and support infrastructure
  • notification permission, so the app can ask before sending reminder notifications on supported Android versions
  • boot-completed access, so reminder scheduling can be restored after the device restarts

The manifest does not declare separate Android permissions for:

  • camera
  • contacts
  • background location
  • broad photo or media-library access

If you choose a custom profile avatar, the app may use the Android system picker and upload the selected image to Astrolune storage. This is optional and separate from broad media-library scanning.

If a future release adds new permissions or new categories of data collection, this policy should be updated before or at the same time as that release.

Why We Use Data

We use data to:

  • create and secure your account
  • sync your readings, notes, and profile state across sessions
  • generate astrology context and tarot-related outputs
  • power optional AI features that you actively invoke
  • measure product usage and improve stability and retention
  • respond to support, privacy, and deletion requests
  • comply with legal obligations and prevent abuse

Service Providers and Infrastructure

Astrolune currently depends on the following third parties in the codebase:

  • Supabase for authentication, database, and backend storage/sync
  • Google Sign-In for optional Google authentication
  • Mixpanel for product analytics when a Mixpanel token is configured
  • Google Gemini for AI-generated insight features
  • OpenAI for AI-assisted reading-related features
  • Stability AI for optional dream image generation
  • OpenStreetMap Nominatim for location search/geocoding based on user-entered place queries

These providers process data only to the extent needed to operate their part of the service.

Sharing

We do not describe Astrolune as an advertising business and the current mobile codebase does not include a separate ad SDK.

We share data with service providers only when needed to operate the service, including account access, analytics, AI processing, and location lookup. We may also disclose data:

  • if required by law
  • to enforce our terms or protect the service
  • to investigate fraud, abuse, or security incidents
  • in connection with a business transfer if that ever occurs

Retention

We retain personal data for as long as needed to operate the service, maintain account integrity, comply with legal obligations, resolve disputes, and protect the service from abuse.

Some records may remain in backups, security logs, or legally required archives for a limited period even after a deletion request.

Security

The service is designed to communicate over internet-connected services and we use mainstream hosted infrastructure providers for authentication, storage, and API access. No internet or storage system can be guaranteed to be perfectly secure, but we work to keep access limited and aligned with the service.

Your Choices and Rights

Depending on your location, you may have rights to:

  • access the personal data associated with your account
  • correct inaccurate information
  • request deletion of your account and related data
  • object to or restrict certain processing where applicable

Account Deletion

If you are logged in, you can request account deletion from the app. In the current flow:

  • the deletion request is recorded on your profile
  • you are signed out
  • follow-up processing may still retain certain records where required for legal, security, or fraud-prevention reasons

If you cannot access your account, email astroluneapp@gmail.com from the address tied to your account when possible.

Children

Astrolune is not intended for children under 13, and we do not knowingly collect personal data from children under 13.

Changes

We may update this policy as the product, infrastructure, or legal requirements change. The latest version should be published anywhere Astrolune presents its privacy policy.

Contact

For privacy, support, or deletion questions, email astroluneapp@gmail.com.