AstralSelf

Legal

Privacy Policy

Effective 2026-05-11 · Last updated 2026-05-11

PLAY PLAY CARDS S.R.L. (“AstralSelf,” “we,” “us,” or “our”) operates astralself.com (the “Service”). This Privacy Policy explains what personal data we collect, why, with whom we share it, how we protect it, and the rights you have under the EU General Data Protection Regulation (“GDPR”), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (“CCPA/CPRA”), and other applicable U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, and similar).

TL;DR. We collect the birth data you submit (date and optionally time, place, and a first name), an anonymous visitor cookie, and — if you subscribe — your email and Stripe customer ID. We use this to compute and personalize horoscopes, run subscriptions, and send the emails you opt into. We do not sell your personal information. We do not use your data to train AI models. You can request access, deletion, or export of your data at any time at hello@astralself.com.

1. Data Controller

The data controller is PLAY PLAY CARDS S.R.L., CUI 54439120, registered JJ2026023005004, with registered office at Str. Drumul Pescarilor, nr. 16 A, Olimp, Constanța 905503, Romania.

Privacy contact (and Romania DPA single point of contact): hello@astralself.com.

2. Personal Data We Collect

2.1 Data you provide to us

  • Birth data: date of birth (required); optional birth time, birth place / city, and first name.
  • Account & payment data (only if you subscribe): email address, Stripe customer ID, last 4 digits of card & brand (from Stripe), billing country, plan selected.
  • Communications: messages you send to hello@astralself.com.
  • Birth data of third parties: if you choose to enter someone else’s birth date for a reading or compatibility check.

2.2 Data collected automatically

  • Anonymous visitor identifier: a long-lived first-party cookie (astralself_uid) used to link your sessions to your subscription so paywalls work.
  • Computed astrology chart: derived from the birth data you submit (signs, planets, numerology). Cached so the same date does not need to recompute.
  • Server logs: IP address, user-agent, request URL, timestamp, status code (retained ~30 days for security and abuse prevention).
  • Share & engagement events: which horoscopes are viewed or shared, on which channel (no content of conversations).
  • Cookies & similar: see Cookie Policy.

2.3 We do NOT collect

  • government-issued IDs, social security numbers, or biometric data;
  • card numbers, CVV, or full card details (Stripe handles these);
  • special-category GDPR data (health, race, religion, sexuality, etc.) other than what you choose to read into a horoscope’s entertainment narrative.

3. How We Use Your Data and Our Legal Bases (GDPR)

PurposeCategoriesLegal basis (GDPR)
Compute & deliver your horoscopesBirth data, computed chartPerformance of contract (Art. 6(1)(b))
Generate AI premium content via AnthropicAstrology summary, name (if provided)Performance of contract (Art. 6(1)(b))
Run paid subscriptions, billing, fraud checksEmail, Stripe customer ID, IPPerformance of contract (Art. 6(1)(b)) & legal obligation (Art. 6(1)(c))
Send transactional email (welcome, receipts, renewal warnings)EmailPerformance of contract (Art. 6(1)(b))
Send daily horoscope emailEmail, computed chartConsent (Art. 6(1)(a)); withdraw any time
Marketing communicationsEmailConsent (Art. 6(1)(a)); withdraw any time
Security, abuse-prevention, paywall enforcementCookie ID, IP, logsLegitimate interest (Art. 6(1)(f))
Aggregate analytics & product improvementAnonymous eventsLegitimate interest (Art. 6(1)(f)) or consent if cookies require
Comply with tax, accounting, legal obligationsInvoices, billingLegal obligation (Art. 6(1)(c))

4. Sharing — Service Providers (Sub-Processors)

We share personal data only with the providers below, each under a data-processing agreement:

  • Vercel Inc.Hosting + edge delivery (USA / global) · privacy
  • Supabase Inc.Database + auth (USA (data hosted in EU-West-1, Ireland)) · privacy
  • Stripe Payments Europe Ltd.Payment processing + billing (Ireland / USA) · privacy
  • Anthropic, PBCAI text generation (horoscope content) (USA) · privacy
  • Resend, Inc.Transactional + marketing email delivery (USA) · privacy
  • PostHog Inc. (optional)Product analytics (only if enabled) (USA / EU) · privacy

We may also disclose data when required by law (subpoena, court order, regulatory request) or to protect our rights, security, and users.

5. International Data Transfers

Some processors are located in the United States. Where personal data is transferred outside the EU/EEA/UK, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and supplementary measures, plus, where applicable, the EU–U.S. Data Privacy Framework. Database storage is in the EU (Supabase EU-West-1, Ireland).

6. Retention

  • Birth data and computed charts: until you ask us to delete them, or 24 months of inactivity (whichever is sooner).
  • AI-generated horoscope cache: indefinitely (keyed by the deterministic identity of the chart, not by you), to keep the Service fast and to amortize generation costs.
  • Subscription & billing records: 10 years (Romanian accounting law).
  • Server logs: ~30 days.
  • Email subscriptions: until you unsubscribe.

7. Your Rights — GDPR / UK GDPR

You have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate data;
  • erase data (“right to be forgotten”);
  • restrict or object to processing;
  • data portability (receive your data in a machine-readable format);
  • withdraw consent (does not affect lawfulness of processing before withdrawal);
  • lodge a complaint with the Romanian DPA (ANSPDCP, dataprotection.ro) or your local supervisory authority.

Send requests to hello@astralself.com. We respond within 30 days (extendable up to 60 days for complex cases).

8. Your Rights — California (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collected, used, disclosed, and (if any) sold or shared in the previous 12 months;
  • Access a portable copy of that information;
  • Delete personal information we hold (subject to legal exceptions);
  • Correct inaccurate personal information;
  • Limit use of any sensitive personal information (we do not collect sensitive PI as defined by CPRA);
  • Opt out of “sale” and “sharing” of personal information;
  • Non-discrimination — we will not deny services or charge differently because you exercise these rights.

We do not sell personal information for money.We do not knowingly “share” personal information for cross-context behavioral advertising. We do not have actual knowledge of selling or sharing personal information of consumers under 16.

To exercise rights or to opt out, email hello@astralself.com with “California Privacy Request” in the subject. You may use an authorized agent (with signed permission). We verify identity using the email address on file.

Categories collected (CCPA disclosure): Identifiers (cookie ID, email); commercial information (subscription history); internet activity (page interactions); inferences (astrological profile derived from birth date). Sources: directly from you, and automatically when you use the Service. Business purposes: providing and securing the Service, billing, complying with law. Third parties to whom disclosed for business purpose: see Section 4.

9. Other U.S. State Privacy Rights (VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA)

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive privacy laws have similar rights (access, deletion, correction, portability, opt-out of targeted advertising / sale / certain profiling). To exercise, email hello@astralself.comwith the subject “Privacy Request — [Your State].” You may appeal a denial by replying to our response within 60 days.

10. Children

The Service is not directed to anyone under 18, and we do not knowingly collect data from anyone under 18. We comply with the U.S. Children’s Online Privacy Protection Act (COPPA) — if we learn that a child under 13 has provided personal data, we delete it. If you believe a child has provided data, contact hello@astralself.com.

11. AI Processing & Profiling

We use third-party large language models (currently Anthropic Claude) to generate horoscope text. We send the model a structured astrology summary derived from your birth data plus, optionally, your first name. Per Anthropic’s commercial terms, your inputs and outputs are not used to train Anthropic’s models. The Service does not make any decision that produces legal or similarly significant effects on you.

12. Security

We use HTTPS/TLS in transit, encrypted database storage at rest, role-based access on our backend, and Stripe for all card data. We do not store card numbers. Despite reasonable measures, no online service is 100% secure. If we discover a personal-data breach affecting your data, we will notify you and the relevant supervisory authorities as required by law.

13. Cookies & Tracking

See our Cookie Policyfor the cookies we use, their purpose, and how to manage them. We honor the Global Privacy Control (GPC) browser signal as a request to opt out of “sale” and “sharing.”

14. Do Not Track

Browsers’ “Do Not Track” signals are not standardized; we do not currently respond to DNT, but we do honor the GPC signal as noted above.

15. Changes to This Policy

We may update this Policy. We will post the new effective date at the top and, for material changes, send notice to subscribers and post a banner on the Service.

16. Contact

Privacy questions and rights requests: hello@astralself.com.

Postal address:
PLAY PLAY CARDS S.R.L.
Str. Drumul Pescarilor, nr. 16 A, Olimp, Constanța 905503, Romania