Privacy Policy
Version 1.3 | Last updated: February 6, 2026
1. Introduction
TriAstra ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (the "Service").
We understand that astrological birth data is deeply personal and sensitive. This policy describes our practices regarding this information and your rights to control it under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Japan's Act on the Protection of Personal Information (APPI), and Korea's Personal Information Protection Act (PIPA).
2. Data Controller Information
For the purposes of data protection law, TriAstra is the data controller responsible for your personal information.
3. Information We Collect
3.1 Birth Data (Special Category Data)
To generate accurate astrological charts, we collect:
- Date of birth
- Time of birth (optional but recommended for accuracy)
- Place of birth (city and country)
- Geographic coordinates (automatically derived from place of birth)
- Timezone information
Note: Birth data is considered "special category data" under GDPR and "sensitive personal information" under CCPA. We process this data only with your explicit consent.
3.2 Account Information
- Email address
- Name (optional, user-provided)
- Profile preferences and settings
- Account credentials (securely hashed using bcrypt)
- OAuth authentication data (if using Google Sign-In)
3.3 Usage Data and Analytics
- Device information (type, operating system, unique device identifiers)
- Log data (IP address, browser type, pages visited, timestamps)
- Feature usage patterns and interaction data
- Astra AI conversation history (for service provision and improvement)
- Crash reports and error logs (via Sentry)
- Performance metrics and analytics
3.4 Payment Information
Payment transactions are processed through third-party payment providers:
- Apple App Store: In-app purchases (iOS)
- Google Play Store: In-app purchases (Android)
- Stripe: Web-based payments
We do not store your full credit card information. We receive only transaction confirmations, subscription status, and anonymized payment identifiers.
3.5 Location Data
We collect location data solely for the purpose of calculating accurate birth charts. We do not track your real-time location or use location data for advertising purposes.
4. How We Use Your Information
We use the collected information for the following purposes:
- Chart Calculation: Generate precise Western, Vedic, and Saju astrological charts using Swiss Ephemeris
- AI Interpretation: Provide personalized insights through Astra AI powered by Google Gemini
- Service Provision: Maintain your account, deliver premium features, and provide customer support
- Service Improvement: Analyze usage patterns to enhance features, fix bugs, and improve user experience
- Communication: Send service updates, security alerts, subscription confirmations, and support messages
- Security: Detect and prevent unauthorized access, fraud, and abuse
- Legal Compliance: Comply with applicable laws, regulations, and legal processes
- Aggregated Analytics: Create anonymized, aggregated statistics for research and business purposes
We do NOT use your birth data or personal information for advertising, marketing to third parties, or selling to data brokers.
5. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data under the following legal bases:
- Explicit Consent: Birth data and sensitive personal information (GDPR Article 6(1)(a) and 9(2)(a))
- Contract Performance: Account information and service usage data necessary to provide the Service (GDPR Article 6(1)(b))
- Legitimate Interests: Analytics, security, fraud prevention, and service improvement (GDPR Article 6(1)(f))
- Legal Obligation: Compliance with laws, regulations, and legal processes (GDPR Article 6(1)(c))
You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
6. Third-Party Services
We use the following third-party services that may collect or process your data:
6.1 Cloud Infrastructure
- Google Cloud Platform: Data storage, database hosting (Neon PostgreSQL), and infrastructure
- Purpose: Host application data and provide reliable service delivery
- Data Transferred: All user data (encrypted at rest and in transit)
6.2 AI Services
- Google Gemini AI: Powers Astra AI interpretations and insights
- Purpose: Generate personalized astrological interpretations
- Data Transferred: Birth chart data, planetary positions, and user questions (anonymized where possible)
6.3 Payment Processors
- Apple App Store: iOS subscription and in-app purchase processing
- Google Play Store: Android subscription and in-app purchase processing
- Stripe: Web-based payment processing
- Data Transferred: Payment amount, transaction ID, subscription status (no full credit card numbers)
6.4 Monitoring and Error Tracking
- Sentry: Application monitoring, crash reporting, and error tracking
- Purpose: Identify and fix bugs, improve application stability
- Data Transferred: Error logs, stack traces, device information (no birth data)
These third parties have their own privacy policies. We encourage you to review them. We use Data Processing Agreements (DPAs) with processors handling personal data to ensure GDPR compliance.
7. Data Storage and Security
Security Measures:
- All data is encrypted in transit using TLS 1.3
- Birth data and sensitive information are encrypted at rest using AES-256
- Passwords are hashed using bcrypt (industry-standard one-way encryption)
- Access to personal data is restricted to authorized personnel only
- Regular security audits and vulnerability assessments
- Data is stored on secure cloud infrastructure with automatic backups
- Multi-factor authentication for administrative access
While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information. In the event of a data breach, we will notify affected users and relevant authorities as required by law.
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of your personal data we hold
- Right to Correction: Update or correct inaccurate information
- Right to Deletion: Request deletion of your account and associated data ("right to be forgotten")
- Right to Export: Download your birth charts and data in a portable format (JSON)
- Right to Opt-Out: Unsubscribe from marketing communications
- Right to Restriction: Limit how we process your data
- Right to Objection: Object to certain types of data processing
- Right to Withdraw Consent: Withdraw consent for data processing at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, contact us at admin@triastra.ai. We will respond within:
- 30 days (general requests)
- 1 month (GDPR requests, extendable to 3 months for complex requests)
- 45 days (CCPA requests, extendable to 90 days)
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services.
- Active Accounts: Data retained while account is active
- Deleted Accounts: Personal data deleted or anonymized within 90 days of account deletion
- Legal Retention: Some data may be retained longer for legal compliance, fraud prevention, or dispute resolution (e.g., transaction records for tax purposes)
- Backups: Deleted data may persist in encrypted backups for up to 90 days before permanent deletion
10. Children's Privacy (COPPA Compliance)
Our Service is not intended for children under the minimum age required by applicable law:
- United States: 13 years (COPPA)
- European Union: 16 years (GDPR), or lower age as set by member state law
- South Korea: 14 years (PIPA)
- Other jurisdictions: 18 years or age of majority
We do not knowingly collect personal information from children below these age limits. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at admin@triastra.ai. We will promptly delete such information.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and other countries where our service providers operate.
These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including:
- EU Standard Contractual Clauses (SCCs): For transfers from EEA to non-adequate countries
- Data Processing Agreements (DPAs): With all third-party processors
- Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: What personal information is collected, used, shared, or sold
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell or share your data)
- Right to Correct: Correct inaccurate personal information
- Right to Limit: Limit use of sensitive personal information (birth data)
- Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights
We do NOT sell your personal information. We do not share personal information for cross-context behavioral advertising.
To exercise your CCPA rights, email us at admin@triastra.ai with the subject line "CCPA Request." We will verify your identity before processing your request.
13. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
- Right of Access: Obtain confirmation of data processing and a copy of your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Restrict processing in certain circumstances
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
- Right to Lodge a Complaint: File a complaint with your supervisory authority
To exercise your GDPR rights, email us at admin@triastra.ai with the subject line "GDPR Request."
EU Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en
14. Japan Privacy Rights (APPI)
If you are located in Japan, you have rights under the Act on the Protection of Personal Information (APPI):
- Right to Disclosure: Request disclosure of your personal information
- Right to Correction: Request correction of inaccurate personal information
- Right to Deletion: Request deletion or cessation of use of personal information
- Right to Suspension: Request suspension of provision to third parties
To exercise your APPI rights, email us at admin@triastra.ai with the subject line "APPI Request (Japan)." We will respond within a reasonable period (typically 30 days).
Japanese Supervisory Authority: Personal Information Protection Commission (PPC) https://www.ppc.go.jp/en/
15. Korea Privacy Rights (PIPA)
If you are located in South Korea, you have rights under the Personal Information Protection Act (PIPA):
- Right to Access: Request to view your personal information
- Right to Correction: Request correction of errors in personal information
- Right to Deletion: Request deletion of personal information
- Right to Suspension: Request suspension of processing
- Right to Opt-Out: Opt-out of marketing communications
To exercise your PIPA rights, email us at admin@triastra.ai with the subject line "PIPA Request (Korea)." We will respond within 10 days as required by PIPA.
Korean Supervisory Authority: Personal Information Protection Commission (PIPC) https://www.pipc.go.kr
Retention and Destruction: We comply with PIPA requirements for data retention periods and secure destruction methods.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes via:
- Email notification to your registered email address
- In-app notification
- Notice on our website
Material changes will take effect 30 days after notification. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you do not agree to the modified Privacy Policy, you must stop using the Service and may request account deletion.
17. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us:
TriAstra
Email: admin@triastra.ai
Website: https://triastra.ai
Please include your jurisdiction and the nature of your request (GDPR, CCPA, APPI, PIPA) in the subject line for faster processing.