Privacy Policy

Last updated: May 17, 2026

Halo Labs ("Developer") operates the AstroHalo mobile application ("Service"). This Privacy Policy explains how we collect, use, and protect your personal information.

1. Information We Collect

a) Information You Provide

  • Account and sign-in information, such as your email address and authentication identifiers when you sign in with Google, Apple, or email.
  • Chart and profile information, such as birth date, birth time, birth place, saved profiles, relationship/synastry inputs, chart settings, and related calculation context.
  • Questions, chat messages, generated responses, saved conversations, reading history, and image generation preferences when you use AI or interpretation features.
  • Place and timing information you choose or allow, such as city names, coordinates, time zone, event location, or device location permission.

b) Automatically Collected Information

  • Device type, operating system, and app version
  • Timezone and locale settings
  • Push notification token
  • Subscription status and purchase history
  • Device location coordinates, with your permission, when needed for location-based calculations. Device coordinates used only for Planetary Hours are not stored on our servers.

2. How We Use Your Information

  • Calculate astrological charts, relationship comparisons, relocation context, timing, and personalized interpretations
  • Generate AI-powered interpretations, reports, and image-generation outputs
  • Send timing reminders or other app notifications with your consent
  • Process payments and manage subscriptions
  • Use selected places, event cities, time zones, and permitted device location to support relocation, planetary hours, timing, and related personalized features
  • Improve the Service and respond to inquiries

3. Third-Party Services (Sub-processors)

We use the following third-party services to operate the Service. Each provider receives only the data necessary for its function.

  • Google / Apple — Sign-in authentication. Receives: your email address and OAuth identifier.
  • Supabase (database & auth, hosted on AWS) — Receives: user account data, email sign-in data, profile, birth data, selected place/timing context, chat history, subscription state.
  • RevenueCat (subscription management) — Receives: anonymous user ID, store transaction IDs, product identifiers, subscription status. Does NOT receive your name, email, or birth data.
  • Google Gemini, OpenAI, OpenRouter, and DashScope (content generation and image generation) — Receives only the input needed for the requested feature, such as chat message text, summarized chart data, interpretation context, or image generation prompts. These providers do not receive your email, name, payment information, or device identifiers from us.
  • Expo / EAS — Push notification delivery. Receives: device push token only.
  • Sentry — Crash and performance diagnostics. Receives: technical diagnostic data such as app version, device/OS details, error traces, and user ID when needed to debug account-specific issues. We do not send birth data, chat messages, or payment information to Sentry intentionally.

We do not sell your personal information. We do not use third-party advertising or behavioral tracking SDKs.

4. Cookies and Web Tracking

The AstroHalo mobile application does not use cookies. The astro-halo.com website may use hosting, security, and performance services such as Cloudflare to protect and deliver the site. We do not use third-party advertising or behavioral tracking SDKs.

5. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our sub-processors operate. By using the Service, you consent to such transfers.

6. Data Retention and Deletion

We retain your personal data for as long as your account is active. Upon account deletion:

  • Personal data (profile, birth data, selected place/timing context, chat history, readings, subscription records) is deleted from our live database immediately.
  • Encrypted backups are rotated and permanently purged within 30 days.
  • A one-way SHA-256 hash of your email is retained in a deletion log to prevent abuse and to honor "right to be forgotten" requests if you re-register.
  • Anonymized, aggregated analytics that cannot identify you may be retained.

You may delete your account from the in-app Settings screen, or by emailing [email protected]. See our Delete Account page for step-by-step instructions.

7. Data Access and Portability (Export)

You have the right to request a copy of all personal data we hold about you. To submit a data access request, email [email protected] from the email address associated with your account. We will provide your data in a machine-readable format (JSON) within 30 days of verification, free of charge.

8. Data Security

  • All data transmitted over HTTPS/TLS encryption
  • Row Level Security (RLS) ensures users can only access their own data
  • JWT-based authentication for all API requests
  • Webhook endpoints (RevenueCat) are HMAC-verified

9. Your Rights

  • Access — View your personal data through the app's Profile settings, or request a full export
  • Correction — Update your birth information or profile at any time
  • Deletion — Delete your account and all associated data
  • Withdraw consent — Opt out of push notifications or revoke location permission through your device settings
  • Lodge a complaint — If you believe your rights have been violated, you may contact your local data protection authority

10. Children's Privacy

The Service is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14. If you become aware that a child under 14 has provided us with personal information, please contact us and we will delete it. Users in jurisdictions with a higher digital age of consent (e.g., COPPA in the United States — 13) must comply with their local rules.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact

Developer / Data Controller: Halo Labs

Email: [email protected]