Last updated: July 3, 2026
Your Data Protection Rights
Horospire is committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page provides detailed information about how we process your personal data and the rights you have under GDPR. We act as the data controller for the personal data collected through our Service.
Data Controller
The data controller responsible for your personal data is:
MB Libranet
Company code: 306214658
Registered address: V. Nagevičiaus g. 3, LT-08237 Vilnius, Lithuania
Contact: [email protected]
Data We Collect
We collect and process the following categories of personal data:
Identity & Profile Data
- Name
- Email address
- Hashed password (we never store passwords in plain text)
- Optional username, bio and avatar image
- Date of birth (day, month, year)
- Time of birth (optional)
- Gender
- Timezone, language preference and notification preferences
- Apple / Google sign-in identifiers (if you use social login)
Service & Content Data
- Horoscope analysis results and the birth details used to calculate them (including birth place and approximate latitude/longitude/timezone where provided)
- Optional lineage details you provide for the reading - parents' birth dates, parents' death dates, grandparents' birth and death dates, birth method (natural, cesarean or induced) and firstborn status
- Family tree data, including names, relationships and birth details you enter for relatives
- Chat conversation history (messages you send and AI responses received)
- Journal entries and saved AI life-guidance questions and answers
- Gift readings, including recipient name and email where you send one
- Generated PDF reports
- Daily feature-usage counters (to enforce fair-use limits)
- Account creation and activity timestamps
Payment Data
- Stripe customer and subscription identifiers, plan type and expiry (web purchases)
- Apple / Google in-app purchase receipt details (mobile purchases) - product, transaction/order ID, purchase and expiry dates
Technical & Security Data
- Session identifiers (via essential cookies) and CSRF protection tokens
- IP address (stored with analyses and activity logs; used for security, abuse prevention and approximate geolocation, including a lookup via ip-api.com)
- Login tracking - last and previous login (timestamp, IP, user agent) and recent failed-login attempts (timestamp, IP)
- Activity logs of certain account actions, with the originating IP and user agent
- Push-notification device tokens (if you enable mobile push notifications)
- Analytics and tracking data via Google Analytics 4, Microsoft Clarity and the Pinterest tag (only with your consent) - see "Data Sharing and Transfers" below
Visitor Data (before sign-up)
- Guest activity - page views recorded with session identifier, IP address, user agent, approximate country and page visited (not recorded if your browser sends a DNT or Global Privacy Control signal)
- Guest leads - email address with session identifier and IP, if you submit your email before creating an account
Purpose of Processing
Your personal data is processed for the following specific purposes:
- Account management - To create and maintain your user account, authenticate your identity, and enable password recovery.
- Service delivery - To generate your ancestral horoscope analysis based on your date of birth, time of birth, gender, and the optional birth place and lineage details (parent/grandparent dates, birth method, firstborn status) you choose to provide.
- Chat functionality - To provide personalized conversations about your horoscope analysis via the OpenAI API.
- Report generation - To create downloadable PDF reports of your horoscope analysis.
- History and continuity - To save your previous analyses so you can access them later.
- Security - To protect against unauthorized access and ensure the integrity of the Service.
- Analytics & marketing measurement - With your consent, to collect usage data via Google Analytics 4 and Microsoft Clarity (heatmaps/session recordings) to understand and improve the Service, and via the Pinterest tag to measure our marketing.
Legal Basis for Processing
We process your personal data based on the following legal grounds under Article 6 of the GDPR:
- Consent (Art. 6(1)(a)) - By creating an account and submitting your personal data, you consent to its processing for the purposes described above.
- Contract performance (Art. 6(1)(b)) - Processing is necessary to provide the Service you have requested by creating an account.
- Legitimate interests (Art. 6(1)(f)) - We have a legitimate interest in maintaining the security and proper functioning of our Service, including fraud prevention and abuse detection.
Special categories of data (Art. 9): Where processing involves data that may reveal philosophical beliefs (such as ancestral horoscope interpretations) or health-related details (such as the optional birth-method field), we rely on your explicit consent (Art. 9(2)(a)) provided during account creation and use of the Service. You may withdraw this consent at any time by deleting your account.
Data Sharing and Transfers
Your data may be shared with the following third parties, which act as our data processors (unless noted otherwise). Several are based in the United States, so the relevant features may involve transfers outside the EEA, made under safeguards such as the EU-US Data Privacy Framework and/or Standard Contractual Clauses:
- OpenAI - When you use the AI features (chat, rewrites, Life Guidance, Hermetic insight, voice narration), your chat messages and relevant horoscope/calculation data are sent to OpenAI's API for processing. We do not send your name or email. OpenAI's servers are located outside the EEA. See OpenAI's Privacy Policy.
- Stripe - When you make a web payment, your billing information is processed by Stripe. See Stripe's Privacy Policy.
- Apple & Google - For Sign in with Apple / Google we receive a unique account identifier (and, per your choice, name/email). For in-app purchases, Apple or Google process the payment and provide purchase receipts. They also operate the push-notification services (APNs / FCM) used to deliver mobile notifications. See Apple's and Google's privacy policies.
- Email delivery provider - We share your email address with our email provider to send transactional and (where you opt in) marketing emails.
- Cloudflare & ip-api.com - Cloudflare serves and protects the site and processes connection metadata including IP addresses. We send IP addresses to ip-api.com to determine approximate location and detect datacenter/VPN traffic. Birth-place lookups use OpenStreetMap's Nominatim service.
- Google Analytics 4 - Collects website usage data (pages visited, session duration, general geographic region). Loaded only if you accept cookies via our consent banner. See Google's Privacy Policy.
- Microsoft Clarity - Provides heatmaps and session recordings of how visitors interact with pages. Loaded only if you accept cookies via our consent banner. See Microsoft's Privacy Statement.
- Pinterest - A conversion-tracking tag that records certain actions (such as viewing a reading or registering) to measure our marketing. Loaded only if you accept cookies via our consent banner. See Pinterest's Privacy Policy.
We do not sell or trade your personal data, and we do not share it with data brokers. The Microsoft Clarity and Pinterest services described above are used for analytics and marketing measurement and are only activated with your consent.
Data Retention
We retain your account data for as long as your account remains active. You may delete individual horoscope analyses at any time from your dashboard. When you delete your account, your related records (analyses, chat conversations, journal entries, family trees, device tokens, receipts and similar) are deleted, and the personal data in your user record (such as name, email, birth data, authentication secrets and login-tracking fields) is scrubbed. Some records that must be retained for audit, security or accounting reasons are kept in a de-identified form (for example, an analysis row may be retained for aggregate statistics with the birth data and user link removed).
We also automatically prune certain operational and security data on a rolling basis:
- Guest activity (visitor page-view tracking): about 30 days.
- Guest leads (email/IP captured before sign-up): about 90 days.
- Inactive push-notification device tokens: about 90 days.
- Account activity logs: about 365 days; security-relevant entries up to about 1095 days (3 years).
- Expired login sessions: cleared once past the session lifetime.
Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access (Art. 15)
You have the right to obtain confirmation as to whether your personal data is being processed, and to access a copy of that data. You can view most of your data directly through your account dashboard and profile settings, and you can download a complete copy of your data as a file from your profile settings.
Right to Rectification (Art. 16)
You have the right to have inaccurate personal data corrected. You can update your name and email address through your profile settings. For other data corrections, please contact us.
Right to Erasure / Right to Be Forgotten (Art. 17)
You have the right to request the deletion of your personal data. You can delete individual analyses from your dashboard, or delete your entire account (and all associated data) from your profile settings. You may also contact us to request complete data erasure.
Right to Data Portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can download your data as a JSON file (delivered as a ZIP archive) from your profile settings, or contact us to request an export.
Right to Restriction of Processing (Art. 18)
You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Object (Art. 21)
You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. Upon receiving your objection, we will cease processing unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal. For analytics and tracking cookies, you can withdraw consent by declining them in our cookie banner, or by clearing your browser's local storage and site cookies. For account data processed on the basis of your consent, you can withdraw it by deleting your account. You can also unsubscribe from marketing emails at any time via the link in those emails.
Right to Lodge a Complaint (Art. 77)
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. You may contact the data protection authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. As our establishment is in Lithuania, our lead supervisory authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI), Vilnius, Lithuania - vdai.lrv.lt.
Cookie Information
We use strictly necessary cookies that are essential for the Service to function, plus optional analytics and tracking cookies that are set only after you accept them via our consent banner.
Essential Cookies (always active)
These are strictly necessary for the operation of the Service:
| Cookie | Purpose | Duration |
|---|---|---|
| session | Maintains your authenticated session | Browser session / 2 hours |
| XSRF-TOKEN | Cross-site request forgery protection | Browser session / 2 hours |
Analytics Cookies (consent required)
These cookies are only set if you accept cookies via our consent banner:
| Cookie | Purpose | Duration |
|---|---|---|
| _ga | Google Analytics - distinguishes unique visitors | 2 years |
| _ga_* | Google Analytics - maintains session state | 2 years |
| _clck / _clsk | Microsoft Clarity - heatmaps and session recordings | Up to 1 year |
| _pin_unauth / _pinterest_ct_* | Pinterest tag - conversion / marketing measurement | Up to 1 year |
Essential cookies are strictly necessary for the operation of the Service and are exempt from the consent requirement under Article 5(3) of the ePrivacy Directive. Analytics cookies require your explicit consent and are only activated when you accept cookies via our banner.
Children's Data
The Service is intended for users aged 16 and over, consistent with our Terms of Service. We do not knowingly process the personal data of children under 16. If we become aware that we have collected such data without an appropriate legal basis, we will delete it promptly. Please contact us if you believe a child has provided us with personal data.
How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Use the self-service options available in your account dashboard and profile settings.
- Send an email to [email protected] with the subject line "GDPR Data Request".
- Visit our Contact page.
We will respond to your request within 30 days of receipt. If we need additional time (up to an additional 60 days), we will inform you of the extension and the reasons for the delay.