Privacy Policy

1. Introduction

Oalethia ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Oalethia website, StarManifest™ web app, and our Oalethia mobile applications for iOS and Android (together, the "Service").

This single Privacy Policy applies to both the website and the mobile apps. By accessing or using any part of the Service, you agree to the collection and use of information in accordance with this Policy.

2. Information We Collect

Personal Information You Provide

We collect information that you provide directly to us when you create an account, use the Service, or contact us, including:

• Email address and account credentials
• Profile details you choose to provide (such as name or display name)
• Birth date, birth time, and birth location (for astrological calculations)
• Goals, outcomes, intentions, context, and other text or content you enter for timeline generation or in-app notes
• Subscription and billing information (such as product purchased, renewal status, and limited transaction details)
• Support requests, feedback, and other communications you send to us

Usage, Device, and Log Information

We automatically collect certain information when you access or use the website or mobile apps, including:

• Device information (such as device type, operating system, app version, and browser type)
• IP address and approximate location inferred from IP
• Usage data about how you interact with the Service (such as pages/screens viewed, features used, actions taken, and timestamps)
• Error logs, crash reports, and performance data (including data collected via Sentry)
• In-app purchase and subscription events (such as product identifiers, purchase status, and timestamps)

3. How We Use Your Information

We use the information we collect, on both the website and in the mobile apps, to:

• Provide, operate, and maintain the Service (web and mobile)
• Generate personalized astrological timelines, action plans, and AI-powered content tailored to you
• Manage accounts, subscriptions, and in-app purchases, including verifying eligibility and entitlements
• Process payments and fulfill orders (via our payment and app store providers)
• Communicate with you about the Service, including transactional messages, updates, and support responses
• Improve and develop the Service, including through analytics, A/B testing, and user research
• Monitor and analyze usage patterns to enhance performance and user experience
• Protect the Service and our users, including detecting, preventing, and responding to fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms and policies

4. Data Storage and Security

Your data is stored securely using Supabase and other cloud infrastructure providers that offer modern security controls. We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Data is encrypted in transit, and we limit access to personal data to personnel and service providers who need it to perform their duties. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers and Processors: We share information with third-party vendors who help us operate the Service, such as hosting, databases, analytics, error monitoring, email delivery, and customer support.
• Payment and App Store Providers: We share limited information with payment processors and app store platforms as needed to process payments, manage subscriptions, and handle refunds or disputes.
• AI and Analytics Providers: We send certain input text and context to AI and analytics providers to generate timelines, improve models, and understand how the Service is used.
• Legal Requirements and Protection: We may disclose information if required to do so by law or in response to valid requests by public authorities, or when necessary to protect our rights, users, or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.

6. Third-Party Services and Payments

Our Service integrates with several third-party services. These partners may process your personal data as independent controllers or as our processors, depending on the context. Their use of your data is governed by their own privacy policies.

Payments and Subscriptions

• Website (Stripe): On the website, payments are processed by Stripe. Stripe handles your payment card details directly; we do not store full card numbers or security codes. For more information, please review Stripe's privacy policy at https://stripe.com/privacy.
• Mobile Apps (Apple App Store and Google Play): In the iOS and Android apps, in-app purchases and subscriptions are processed by Apple (App Store) and Google (Play Store). These platforms handle your payment details and billing. We receive purchase and subscription information (such as product identifiers, status, and expiration dates) so we can provide access to premium features. For more information, please refer to Apple's and Google's policies (including their privacy policies and store terms).

In all cases, we do not directly store or have access to your full payment card details. Payment processors and app store providers handle that information on our behalf or as independent controllers.

AI, Error Monitoring, and Infrastructure

• OpenAI: We use OpenAI to power AI-based features, including generating timelines and related content based on the information you provide. The text and context you submit for these features may be sent to OpenAI to generate responses, in accordance with OpenAI's terms and privacy practices.
• Sentry: We use Sentry for error tracking and performance monitoring. When errors occur, Sentry may receive technical data such as device information, app version, stack traces, and limited contextual data to help us diagnose and fix issues.
• Supabase and Hosting Providers: We use Supabase for authentication, database, and storage, and other cloud providers to host and run the Service. These providers store and process your data on our behalf in order to deliver the Service reliably and securely.

7. Your Rights, Choices, and Account Deletion

Depending on where you live, you may have certain rights in relation to your personal data under applicable data protection laws (such as the EU/UK GDPR or similar laws). Subject to legal limitations, these may include the right to:

• Access and receive a copy of your personal data
• Rectify inaccurate or incomplete data
• Request deletion of your personal data
• Object to or restrict processing of your data
• Data portability (receive your data in a structured, commonly used, machine-readable format)
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with a data protection authority in your country or region

Account Deletion and Data Removal

You can delete your account and associated data directly from within the Oalethia mobile app by going to Profile → Settings → Delete account. When you complete this flow, your account, associated profile data, and authentication record are deleted from our systems, subject to limited retention where required for legal, accounting, or fraud-prevention purposes.

If you use the web app or cannot access the in-app deletion flow, you can also request deletion or access to your data by contacting us at support@oalethia.com. We may need to verify your identity before fulfilling your request.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, and comply with our legal obligations. When you delete your account (for example, through the in-app deletion flow), we delete or anonymize your personal data, except where we are required or permitted to retain certain information for legal, tax, accounting, security, or legitimate business reasons (such as maintaining limited records of transactions or consent).

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us, and we will take appropriate steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including countries that may have data protection laws different from those in your jurisdiction. Where required, we take steps to ensure that appropriate safeguards are in place for such transfers, such as standard contractual clauses or equivalent mechanisms.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. In some cases, we may provide additional notice (such as by sending a notification in the app or by email). We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you would like to exercise your privacy rights, please contact us at support@oalethia.com.