Privacy Notice
Last updated: July 4, 2026
1. What we collect
Account data: your email address (passwordless sign-in). Birth data you provide: name, date of birth, and optionally birth time, birth place, and gender — for yourself, and where you choose, for a second person (compatibility) or your child (Little One). Optional context: occupation, relationship status, financial-situation band, and free-text notes you add to personalize a report. Usage data: anonymous funnel events (a random ID in a cookie) so we can see which pages convert; no advertising trackers.
2. Why we use it
To compute your charts, generate the readings you request, deliver sign-in links and receipts, operate the service, and measure the effectiveness of our advertising. We do not sell or rent personal data, and we do not use your data to train models.
3. Other people's data and children's data
If you enter another adult's birth data for a compatibility reading, you confirm you know them and use the reading for your own reflection; their analysis is shown only to you, we never contact them, and an optional share link reveals only first names and a score — you can revoke it any time. If you enter a child's birth data, you confirm you are their parent or legal guardian; the reading is for you, the guardian. The Site is not directed at children and we do not knowingly collect data from children directly.
4. Who processes data on our behalf
Paddle (merchant of record — payment data is handled by Paddle, we never see card numbers); Brevo (transactional email: sign-in links, receipts); OpenRouter / model providers (the pre-computed chart values and your optional notes are sent to a language model solely to phrase your report as prose — under contractual terms that prohibit training on the data); Meta (to measure and improve our advertising: we send hashed, pseudonymized conversion events — e.g. that a purchase happened — via its Conversions API, sharing hashed identifiers rather than your raw email; and, only with your cookie consent, its browser advertising pixel); Cloudflare (network/security); and our hosting provider (Hetzner, EU). Each receives only what it needs.
5. Storage, retention, and deletion
Data is stored in our own database. Your reports stay in your account so you can re-read them — that's the product. You can request deletion of your account, any stored birth profile (including a second person's or child's profile), or everything, by emailing support email (TBD — domain pending); we honor verified requests within 30 days.
6. Your rights
Depending on where you live (GDPR, UK GDPR, CCPA, and similar), you may have rights to access, correct, export, restrict, or delete your data, and to complain to a supervisory authority. Contact us and we'll help: support email (TBD — domain pending).
7. Cookies
We use a session cookie for sign-in, a first-party random ID for anonymous funnel analytics, and — if you arrive from one of our ads — a first-party cookie that stores the ad's click identifier so we can measure which ad worked. We also use Meta's advertising pixel, which sets Meta cookies to measure our ads and build audiences. In the EU, EEA, UK, and Switzerland it loads only if you accept our cookie banner — decline and it never loads. In other regions it loads by default; you can opt out anytime by clearing the ad_consent cookie or emailing us. Withdraw or change consent whenever you like.
8. Changes and contact
Material changes will be reflected by the “last updated” date above. Data controller: Somaloka. Contact: support email (TBD — domain pending). See also our Terms and Refund Policy.