Privacy

Privacy Policy

This MVP privacy notice describes the intended data boundaries for AstRex and should be reviewed before launch.

Data we process

AstRex may process account email, locale, birth profile data, generated astrology outputs, chat/tarot/compatibility usage, subscription state, and provider identifiers needed for billing and access control.

Sensitive personal context

Birth data, compatibility inputs, tarot questions, and chat messages can be personal. AstRex should treat them as private application data and avoid exposing raw content to analytics or browser-visible secrets.

Payments

Payment details are handled by Stripe or Web2Wave. AstRex stores provider customer/subscription identifiers and entitlement state, not raw card details.

AI providers

AstRex sends only the information required to generate the requested astrology or reflective response to server-side AI providers. Secrets and provider keys must never be exposed to browser code.

Security baseline

Production deployment should use server-side environment variables, provider webhook signature verification, access-control checks, and database policies that separate user-owned data.

See also Terms of Service.