Legal

Privacy Policy

Effective date: 26 April 2026 · Last updated: 26 April 2026

Contents

1. Introduction 2. Information We Collect 3. How We Use Your Information 4. Legal Basis for Processing 5. How We Share Information 6. Google Sign-In and Third-Party Login 7. Cookies and Local Storage 8. Data Retention 9. Security 10. Your Rights 11. Children's Privacy 12. International Data Transfers 13. Changes to This Policy 14. Contact Us

1. Introduction

ZodiacReads ("we", "us", "our") operates the web application located at app.zodiacreads.com (the "Service"), which generates Vedic astrology birth charts, divisional charts, dasha timelines, numerology readings, and related interpretive content.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data. By creating an account or using the Service, you agree to the practices described in this policy.

This policy is intended to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), India's Digital Personal Data Protection Act (DPDPA, 2023), and other applicable privacy laws.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name (display name, optional)
Email address (used as your login identifier and for account-related notifications)
Password (stored only as a salted bcrypt hash — we never see or store your plaintext password)
Google account identifier, name, and email, only if you choose to sign in with Google (see Section 6)

2.2 Birth Chart Data

To generate astrology readings, we collect the following birth details that you provide voluntarily:

Full name (or any label) for each chart
Date of birth
Time of birth
Place of birth (city / locality), which we convert to latitude and longitude for chart calculation
Gender (used only for KUA number calculation in numerology and salutation; treated as optional)

You may also save additional charts for family members, friends, or clients. You are responsible for obtaining their consent before entering their information into the Service.

2.3 Computed Astrological Data

We store the chart calculations derived from your birth data, including planetary longitudes, ascendant degree, lagna sign, vimshottari dasha tree, detected yogas, and divisional chart placements. This data is treated with the same protection as your raw birth details.

2.4 Usage and Technical Information

When you interact with the Service, we automatically collect:

IP address (used for rate limiting and abuse prevention)
Browser type and version, operating system
Referring URL, pages visited, and timestamps
Device identifiers required for session management

2.5 Information We Do Not Collect

We do not collect financial information, government IDs, biometric data, or precise location data (we only use the city you enter, not GPS).

3. How We Use Your Information

To create and manage your account and authenticate your sessions
To compute and display your astrological charts, dashas, yogas, and other interpretive content
To save and retrieve charts you choose to persist in your account
To send transactional emails (password reset, security alerts, important service notices)
To monitor, debug, secure, and improve the Service
To enforce our Terms of Service and prevent fraudulent or abusive use
To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal bases are:

Performance of a contract — to provide the Service you signed up for
Consent — for any optional features you enable (e.g. saving charts)
Legitimate interest — for security, fraud prevention, and product improvement
Legal obligation — when required by law

We share personal information only with the following categories of recipients, under contractual confidentiality obligations:

Hosting and infrastructure providers — Vercel (application hosting) and MongoDB Atlas (database hosting). These providers store your data on our behalf and do not access it for their own purposes.
Email delivery providers — used to send transactional emails (e.g. password reset).
Geocoding service — when you enter a city, we send the city name to a third-party geocoding API to obtain latitude and longitude. We do not send your name, email, or other identifying information with this request.
Identity providers — if you choose to sign in with Google, Google handles the authentication step (see Section 6).
Legal authorities — when required by valid legal process (court order, subpoena, regulator request).
Successor entities — in the event of a merger, acquisition, or asset sale, your data may transfer subject to this Privacy Policy.

6. Google Sign-In and Third-Party Login

If you choose to sign in with Google, we use Google's OAuth 2.0 protocol. We request the following Google scopes:

openid, email, profile — to obtain your verified email address, basic profile (name, profile picture URL), and a stable Google account identifier

We do not request or access:

Your Google contacts, calendar, drive, photos, or any other Google services
Permission to send email on your behalf
Your Google password (it is never shared with us — Google handles the login directly)

The Google account information we receive is used solely to create or sign in to your ZodiacReads account. You can revoke access at any time at myaccount.google.com/permissions.

ZodiacReads's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Cookies and Local Storage

We use the following kinds of client-side storage:

Authentication cookie — a single HTTP-only, SameSite cookie containing a signed JWT that keeps you logged in. It expires when your session ends or after the configured lifetime, whichever comes first.
sessionStorage — temporary storage in your browser used to hold the chart you are currently viewing so you can navigate between pages without recomputing it. Cleared when you close the browser tab.
Functional preferences — small entries that remember your selected divisional chart, theme, or panel state.

We do not use third-party advertising cookies or cross-site tracking pixels.

8. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. Specifically:

Account data — retained until you delete your account.
Saved charts — retained until you delete them or your account.
Transactional email logs — up to 90 days for delivery diagnostics.
Server logs — typically 30 days, longer if required for security investigations.

When you delete your account, we delete or irreversibly anonymize your personal data within 30 days, except where retention is required by law.

9. Security

We protect your data using:

HTTPS / TLS for all traffic between your browser and our servers
Salted bcrypt hashing for passwords (we never store plaintext passwords)
HTTP-only, SameSite authentication cookies to mitigate XSS and CSRF
Encryption at rest on our database provider (MongoDB Atlas)
Principle of least privilege for internal access
Regular dependency updates and security reviews

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by law.

10. Your Rights

Subject to applicable law, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Delete your account and associated data
Export your data in a portable format
Withdraw consent at any time, where processing is based on consent
Object to or restrict certain processing activities
Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at support@zodiacreads.com. We will respond within 30 days.

11. Children's Privacy

The Service is not directed to children under 13 years of age (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. International Data Transfers

Our infrastructure providers (Vercel, MongoDB Atlas) may store and process data in regions outside your country of residence. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you by email or in-app notice. Your continued use of the Service after the changes take effect constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or how we handle your data, you can reach us at:

Email: support@zodiacreads.com
Website: zodiacreads.com

By using ZodiacReads, you acknowledge that you have read and understood this Privacy Policy.