Privacy Policy
1. Who we are (the controller)
Astro Relocation AI ("Astro Relocation AI", "the Service", "we", "us") is operated by Amponsah, a sole trader / business operator in Finland (Business ID / Y-tunnus 3628999-3). Amponsah is the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR).
- Business operator (controller): Amponsah, Finland
- Business ID / Y-tunnus: 3628999-3
- Website: https://astrorelocation.ai
Astro Relocation AI is a free, publicly accessible astrocartography map service. Some features described in this policy — for example the AI assistant and paid plans — are not yet available.
2. How to contact us
For privacy questions or to exercise your rights, email support@astrorelocation.ai. This is also the address you can use to raise any concern about how we handle your data.
3. What data we collect
We try to collect only what the Service needs.
- Account data. Your email address; an optional display name; your password stored only as a one-way cryptographic hash (we never store your password in a readable form); your email-verification status; and login-security counters (such as failed-login counts and lockout timestamps).
- Birth and chart data you provide. When you use the app — logged in, or using the map without an account — you may provide: birth date; birth time (optional); a birth-place or city label; geographic coordinates (latitude/longitude); timezone and UTC offset; chosen house system and chart display settings/state; and any notes you choose to add. If you save charts or places, that data is stored on your account.
- Saved items. Saved charts (your chart inputs and display state) and saved places (a name, coordinates, and an optional note) that you choose to keep.
- Assistant / conversation data (feature not yet live). The AI assistant is not available in the Service today, and there is no live AI model processing your data (see Section 10). If an assistant feature becomes available to you and you save anything there, it will be stored as conversation history tied to your account; any such stored history is included in your data export and is deleted with your account (see Section 11).
- Technical and security data. A login session identifier (we store only a hashed session token, never the raw token); your IP address and browser user-agent captured when a session is created and when a security event occurs; and security/audit log entries (see Section 9).
- Communications. If you email us (e.g., support@), we process that message and your contact details to respond.
We do not collect: payment or card data (there are no payments yet); advertising identifiers; or data from marketing/tracking cookies.
4. How we use your data
We use your data to:
- provide the Service — compute and display natal, relocation, transit and progression charts and maps, and store the charts/places you save;
- manage your account — authentication, email verification, and password reset;
- keep the Service secure — abuse and fraud prevention, rate limiting, account lockout, and audit logging;
- respond to your support requests; and
- comply with our legal obligations.
We do not use your data for advertising, profiling for marketing, or sale to third parties.
5. Legal bases for processing (GDPR Article 6)
- Performance of a contract — Art. 6(1)(b): to provide the account, chart, and map features you ask for.
- Legitimate interests — Art. 6(1)(f): to keep the Service and your account secure, prevent abuse, maintain audit logs, and operate and improve the Service — balanced against your rights and freedoms.
- Legal obligation — Art. 6(1)(c): where we must retain or disclose data to comply with law.
- Consent — Art. 6(1)(a): only if and when we add optional features that require it (for example non-essential analytics or marketing — we use none today). You could withdraw such consent at any time.
Birth date, time, and place are personal data. They are not "special category" data under Art. 9, but because they can be sensitive we handle them with care and do not share them for marketing.
6. Using the map without an account
You can render astrocartography maps — natal, relocation, transit, and progression — without creating an account.
- When you use the map without an account, the birth details you enter are processed transiently only to compute and render your map.
- This data is not saved, not linked to any account, and the birth data is not written to our database or to logs.
- This anonymous map rendering is rate-limited and size-limited to prevent abuse, and it may be changed or disabled at any time.
- To save charts or places you must create an account; saved data is then covered by Sections 7 and 11.
7. Account and saved chart data
When logged in you can create natal, relocation, transit and progression charts, and save charts and places. Saved charts store your birth/chart inputs and display state; saved places store a name, coordinates, and an optional note. This data is tied to your account and kept until you delete it or delete your account (see Section 11).
8. Cookies and sessions
We use strictly necessary cookies only.
- The main cookie is the login session cookie set when you sign in. It is marked HttpOnly, Secure, and SameSite=Lax, and it keeps you logged in. It is required for the Service to function.
- We use server-side origin/referer checks to protect against cross-site request forgery (CSRF).
- We do not use advertising, marketing, or cross-site tracking cookies, and we do not currently use analytics cookies. If we add any non-essential cookies later, we will update this policy and, where the law requires it, ask for your consent first.
- When you view the map, your browser loads map tiles directly from MapTiler (see Section 10).
9. Security and audit logs
To protect accounts and detect abuse, we keep security/audit log entries for events such as sign-up, login, password change, password reset, email verification, data export, account deletion, and account-lockout events.
Each entry may include: the event type; the time; the IP address; the browser user-agent; a small set of allow-listed metadata (for example a reason code, whether a session existed, or a count of revoked sessions); and a keyed one-way hash of your email (used to correlate events without storing your email in readable form). On account deletion, the fields that can link an entry to you (the email hash and any session identifier) are removed; other, non-identifying metadata may be retained (see Section 11). The legal basis is our legitimate interest in security and fraud/abuse prevention.
10. Subprocessors and service providers
We use a small number of providers to run the Service:
| Provider | Role | Data involved |
|---|---|---|
| Render (Frankfurt, Germany / EU) | Hosting and managed PostgreSQL database | Stores all account, chart, saved-place, and audit data |
| Resend | Sends transactional emails (email verification, password reset) | Your email address and the email content/links |
| MapTiler | Provides map tiles to your browser | Your browser's IP address and the map area/coordinates you view (standard map-tile requests) |
| OpenStreetMap | Map data attribution within the map | Standard map-tile/attribution requests |
| Swiss Ephemeris | Astronomical calculation software and data that runs on our own server | None transmitted externally. Your birth data is not sent to any third party for calculation. Swiss Ephemeris is local software/data, not a cloud recipient of your data. |
The following are not active today and will only be introduced with an update to this policy (and, where required, your consent):
- Sentry (error monitoring) — only if we enable it; it is configured to scrub personal data (no request bodies, cookies, or readable emails).
- Stripe (payments) — only if and when we launch paid plans.
- AI providers — only if and when we launch live AI features. The AI assistant is not yet available ("coming soon"); the Service does not send your data to any AI model.
Hosting and data location: our primary hosting and PostgreSQL database run in Render's Frankfurt, Germany (EU) region.
International transfers: some service providers or support systems may process data outside the EEA. Where data leaves the EEA, we rely on appropriate safeguards, such as the EU Standard Contractual Clauses.
11. Retention and deletion
- Account data: kept while your account exists.
- Saved charts, saved places, and any assistant conversation history: kept until you delete them or delete your account.
- Anonymous map rendering (no account): not stored.
- Security/audit logs: kept for security purposes. When you delete your account these entries are anonymized — your account link, IP address, user-agent, and email hash are removed — and only a de-identified record remains as an audit trail.
You can export your data (as a JSON file) and delete your account at any time from your account settings. The export includes your account profile, your saved charts and places, your assistant conversation history (when present), and metadata about your sessions, tokens, and security-log entries — it does not include your password, raw tokens, or the email hash. Your assistant conversation history is also deleted with your account. Account deletion requires re-entering your password and performs a hard delete of your charts, saved places, assistant conversations, sessions, and tokens.
12. Backups and restore caveat
We keep operational backups for reliability. Deletions take effect in our live systems immediately, but data may persist briefly in encrypted backups until those backups are rotated or overwritten. If a backup ever has to be restored, we re-apply our deletion/anonymization steps so that data you previously deleted is not revived.
13. Your rights under the GDPR
You have the right to:
- access and receive a copy of your data (self-service JSON export);
- erasure — delete your account (self-service);
- rectification — correct your data (you can edit your profile/name and change your password in-app; email support@ for other corrections);
- restriction and objection to certain processing, where applicable; and
- data portability.
To exercise these rights, use the in-app export/delete tools or email support@astrorelocation.ai. We will respond within the timeframes the law requires. Exercising your rights is free unless a request is manifestly unfounded or excessive.
14. Supervisory authority
If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. In Finland this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), https://tietosuoja.fi. Because the business operator (Amponsah) is established in Finland, this Finnish authority is the lead supervisory authority.
15. Children and minors
The Service is not directed to children. You must be at least 13 years old (the age of digital consent in Finland) — or the applicable age of digital consent in your country — to create an account. We do not knowingly collect personal data from children below that age. If you believe a child has provided us data, contact support@ and we will delete it.
16. Changes to this policy
We may update this policy as the Service evolves — for example if the AI assistant or paid plans launch. We will post the updated version with a new effective date and, for material changes, take reasonable steps to notify you.