Legal

Privacy policy

Last updated April 23, 2026

This policy describes what data Celestify collects when you use our website and mobile app, how long we keep it, and who we share it with. We've tried to write it in plain language. If anything here is unclear, reach out via our contact form (select “Privacy request” as the subject).

Anonymous birth charts

When you use the free birth chart calculator without signing in, we compute the chart from the birth date, time, and coordinates you provide. We store the resulting chart in a cache keyed by a hash of those inputs so returning visitors can load the chart instantly.

  • Retention: anonymous charts are retained for up to 90 days since they were last accessed. Charts that haven't been viewed in 90 days are purged by a scheduled job.
  • No PII linkage: anonymous charts are not linked to a name, email, phone number, IP address, or any user account.
  • Attaching to an account: if you later sign in and choose to save a chart to your account, the chart hash is linked to your account record. You can delete it at any time from your account page.

Request logs

To protect our public endpoints from abuse we log one row per request to/public/*containing the endpoint, HTTP status, cache hit, latency, and the client IP address.

  • Retention: request logs are retained for 30 days, after which they are purged by a scheduled job.
  • Purpose: rate limiting, security monitoring, and debugging only. We do not use request logs for advertising or profiling.
  • User-agent hashing: browser user-agent strings are SHA-256 hashed before storage so we can count unique clients without keeping the raw header.

Accounts

If you create an account with Google or Apple, we store your email address, the OAuth provider name, and any birth data you choose to save. You can delete your account at any time — doing so removes all attached charts and profile data.

Contact messages

When you submit our contact form, we store the name (if provided), email, subject, and message you sent, along with your client IP address and a SHA-256 hash of your browser user-agent.

  • Retention: messages are kept indefinitely as correspondence. IP addresses and user-agent hashes attached to your message are purged after 30 days, matching our request-log retention.
  • Purpose: we use your email only to reply to you. We never add you to a marketing list or share your message with third parties.

Cookies

We use the following cookies:

  • Essential (always on): a short-lived cf_session cookie that binds your chart-calculation requests to a specific browser, and NextAuth session cookies when you sign in. Without these, the site cannot function.
  • Analytics (optional): page-view measurement that helps us understand which content is useful. Disabled until you grant consent.
  • Advertising (optional): Google AdSense uses cookies to show ads on editorial pages. Disabled until you grant consent.

Visitors in the EEA, United Kingdom, and Switzerland see a Google-certified consent prompt on first visit, served by Google's Consent Management Platform and integrated with the IAB Europe Transparency & Consent Framework (TCF v2.2). Your choice is recorded as a standard TC string that downstream advertising vendors honour. Visitors elsewhere see a lighter first-party banner. In either case you can change your choice at any time — EEA/UK/CH visitors via the “Manage consent” link Google surfaces in the bottom-left, and all other visitors via the “Cookie preferences” link in the footer. Declining non-essential cookies will not affect your ability to use the calculator or read horoscopes.

Our AdSense publisher ID is ca-pub-4566304429270799, declared in our ads.txt.

Third parties

  • Cloudflare Turnstile — human verification on the chart form.
  • Google Places — birth-location autocomplete. Your typed query is sent to Google only when you use the autocomplete field.
  • Google AdSense — advertising on editorial pages. In EEA/UK/CH, ads load only after you record a choice in Google's certified TCF consent prompt; if you decline personalisation, non-personalised ads may still be served. Elsewhere, ads are gated behind our first-party cookie banner.
  • AI language models — AI-generated interpretations. Prompts sent to our AI providers never include your email, IP, or any account identifier.

Your rights

Under GDPR (EU/UK) and similar regimes, you can request a copy of your data, ask for corrections, or ask us to delete everything we hold about you. Use our contact form (select “Privacy request” as the subject) and we'll respond within 30 days.

Changes

We'll update this page when our practices change, and change the “last updated” date above. Material changes will be announced on the home page for at least 14 days.