Back to Home

Privacy Policy

Last Updated: 2026-03-02

1. Introduction

Cosmora (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our website and application at cosmora.online (the “Service”).

By using the Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please discontinue use of the Service.

2. Information We Collect

We collect information in the following categories:

Information You Provide:

  • Birth Data: Date, time, and location of birth — used exclusively for astrological and BaZi chart calculations
  • Account Information: Email address and authentication data when you create an account via Google, Apple, or email
  • Preferences: Language selection and display preferences

Information Collected Automatically:

  • Device type, browser type, and operating system
  • Pages visited and time spent on the Service
  • IP address (anonymized for analytics)
  • Referring URL and exit pages

We do not collect: financial information (payments are handled by third-party processors), government IDs, health records, or precise real-time geolocation.

3. How We Use Your Information

Your information is used for the following purposes:

  • Chart Calculations: Your birth data is processed locally and on our servers to generate Western Astrology and BaZi charts
  • AI-Generated Readings: Birth chart data is used as input for our AI interpretation engine to produce personalized soul readings
  • Service Improvement: Aggregated, anonymized usage data helps us improve our AI models and user experience
  • Communication: To send you service-related notifications if you have opted in
  • Security: To detect, prevent, and address technical issues and security threats

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data Storage & Security

Your data is stored securely using Supabase, a SOC 2 Type II compliant cloud infrastructure provider. We implement the following security measures:

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Authentication is handled via industry-standard OAuth 2.0 protocols
  • Access to personal data is restricted to authorized personnel only
  • Regular security audits and vulnerability assessments

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

5. Cookies & Local Storage

Cosmora uses the following types of browser storage:

  • Essential Cookies: Required for authentication, session management, and language preference (cannot be disabled)
  • Local Storage: Used to cache chart data for offline access in our Progressive Web App (PWA)
  • Performance Cookies: Anonymous analytics to understand usage patterns

We do not use tracking cookies for advertising or cross-site tracking. You can manage cookie preferences through your browser settings, but disabling essential cookies may impair Service functionality.

6. Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • Supabase: Authentication and database storage
  • Google Fonts: Typography delivery (Playfair Display, Inter, Noto Serif)
  • Google / Apple OAuth: Optional sign-in providers
  • Vercel: Application hosting and content delivery

We do not share your birth data or reading results with any third-party analytics, advertising, or data broker platforms.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion:

  • Your personal data will be deleted within 30 days
  • Anonymized, aggregated data may be retained for analytical purposes
  • Backup copies may persist for up to 90 days before automatic purging

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your personal data (“right to be forgotten”)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Restrict processing of your data under certain conditions
  • Objection: Object to processing based on legitimate interests

EU/EEA Users (GDPR): You are entitled to all rights above plus the right to lodge a complaint with your local supervisory authority.

California Users (CCPA): You have the right to know what personal data is collected and to opt out of the sale of personal data. We do not sell personal data.

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

Cosmora is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

HomeChartDailyMe