Astron
01 · Legal

Privacy and your data.

Last updated: 9 May 2026

This policy describes how Astron collects, uses, and stores your personal data, and explains your rights under India's Digital Personal Data Protection Act 2023 (DPDP Act).

§ 01

Data we collect

We collect the following categories of personal data:

  • Birth details — date, time, and place of birth. Required to compute a KP chart. Stored encrypted at rest.
  • Email address — used for magic-link authentication and transactional communications (purchase receipts, answer delivery).
  • Question text — the questions you ask through the Platform. Stored to enable answer history and to improve question classification accuracy.
  • Payment metadata — Stripe stores your card and billing data. We receive only a Stripe payment intent ID and a purchase record (amount, currency, timestamp). We do not store card numbers.
  • Session data — a magic-link session token with a 30-day expiry. Stored as a secure httpOnly cookie.
  • Usage data — anonymous page-view counts and feature interaction data used to understand platform usage patterns. No personal identifiers in analytics.
§ 02

Why we collect it

We use your data only for the following purposes:

Chart computation
Birth details are required to compute a KP chart and produce your answers. Without this data the core service cannot function.
Authentication
Your email is used to send your magic link. Once authenticated, we do not use email for marketing without your explicit consent.
Purchase processing
Payment metadata is stored to manage your question credits, track unlocks, and handle refund requests.
Answer history
Your questions and answers are stored so you can access them again through your account.
Service improvement
Aggregate usage patterns help us improve question classification and answer quality. No personal identifiers are used for this purpose.
§ 03

Who we share your data with

We share personal data only with the following third parties, and only to the minimum extent required:

  • Stripe — payment processing. Stripe receives your email address and payment details. Stripe's own Privacy Policy governs their use of your data.
  • Swiss Ephemeris — the ephemeris library used to compute planetary positions. This library runs locally on our servers. No data is sent to a third party for chart computation.

We do not sell, rent, or share your personal data with advertisers, data brokers, or any third party for marketing purposes.

§ 04

Your rights under DPDP Act 2023

Under India's Digital Personal Data Protection Act 2023, you have the following rights regarding your personal data:

Access
You may request a summary of the personal data we hold about you. We will respond within 30 days.
Correction
You may request correction of inaccurate or incomplete personal data at any time through your account settings.
Erasure
You may request deletion of your personal data and account. We will process erasure requests within 30 days, subject to any legal retention obligations.
Portability
You may request an export of your personal data in a machine-readable format. Birth details, answer history, and account data are all exportable.
Grievance
You may file a grievance with our Grievance Officer if you believe your data rights have not been honoured. See contact details below.
§ 05

How to exercise your rights

Most data rights can be exercised directly through your account dashboard at /account, which provides options to:

  • Download an export of all your personal data
  • Request deletion of your account and all associated data
  • Correct your birth details, email, or other account information

For requests that cannot be completed through the dashboard, contact our Grievance Officer at privacy@astron.example. We will respond within 30 days.

§ 06

Data retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:

  • Birth details and question history: retained until you request deletion
  • Payment records: retained for 7 years to meet accounting obligations
  • Session tokens: expire after 30 days and are purged from the database
  • Shared answer links: expire after 30 days if not renewed

On account deletion, all personal data is removed within 30 days, except payment records that must be retained for legal compliance. Retained payment records contain no birth details or question content.

§ 07

Cookies

We use one essential cookie: an httpOnly session cookie that stores your authentication token after you complete magic-link sign-in. This cookie is required for the authenticated experience. It is not used for tracking or advertising.

We do not use third-party tracking cookies, advertising cookies, or fingerprinting technologies. We do not participate in cross-site tracking.

§ 08

Grievance Officer

Contact details
Grievance Officer, Astron
Response time: 30 days
Jurisdiction: India (DPDP Act 2023)
Astron · DPDP Act 2023 · India · privacy@astron.example