Privacy Policy for Atrium

1. Information We Collect

To provide you with personalized astrological insights, we collect the following types of information:

A. Information You Provide to Us

• Account Information: Your name or nickname, email address, and an avatar URL (provided via Supabase authentication, Apple, Google, or email OTP).
• Birth Data (Core Product Data): To calculate natal charts and generate astrological insights, we collect your birth date (year, month, day), birth time (hour, minute), birth location (city, region, country, latitude/longitude coordinates, and timezone), and any optional biographical notes you choose to add.

B. Information Collected Automatically

• Financial & Payment Data: When you make a purchase, we collect purchase history metadata (amount, currency, status), payment gateway identifiers (Stripe session/payment intent IDs, Apple transaction IDs, or PayOS.vn order IDs for VietQR payments), and your country code (detected locally via your IP address to determine pricing).
• Device & Technical Data: We collect your IP address (used solely for offline country detection), your operating system platform (e.g., iOS), and your Apple Push Notification service (APNs) device token if you opt-in to receive push notifications.
• Anonymous Product Analytics: Via Google Firebase / Google Analytics 4 we collect aggregate counts of screen views, feature usage (profile creation, chart interactions, purchase flow), errors, and session duration. These events carry a pseudonymous Firebase Instance ID that resets when you uninstall the app or clear browser data, and are not linked to your account, email, or any personal identifier. No advertising identifiers (IDFA/IDFV on iOS, advertising cookies on web) are collected, and Google Signals (cross-site / cross-app audience tracking) is disabled. Event data retention is 2 months.

C. Generated Content

Based on your Birth Data, our Service generates AI-driven astrological interpretations, reports, and natal chart calculations.

2. What We Do NOT Collect

We believe in minimizing data collection. We explicitly do not collect or use the following:

• No Identity-Linked Tracking: The anonymous product analytics described above are never tied to your account, email, or any personal identifier. We do not build user-level behavioral profiles and do not record your sessions (no screen recordings, no keystroke capture).
• No Advertising or Cross-Site Tracking: We do not use advertising identifiers (IDFA/IDFV), advertising cookies, remarketing audiences, or Google Signals. Atrium does not sell, share, or exchange data with any advertising network.
• Cookies (Web Only): Authentication uses bearer tokens in local storage, not cookies. Firebase Analytics on the website sets two first-party analytics cookies (_ga and _ga_<ID>) used to stitch anonymous events into sessions; they expire after 2 months and are never shared with third parties.
• No Unnecessary Device Permissions: We do not request access to your camera, contacts, or GPS location services.

(Note for iOS users: The Facebook SDK privacy manifest is bundled due to transitive CocoaPods dependencies from Google Sign-In, but we do not utilize any Facebook features or tracking. Firebase SDK privacy manifests are also bundled as part of the Google Firebase / Analytics dependency described above — they declare the categories of data the Firebase SDK is technically capable of collecting; our configuration (no advertising IDs, Google Signals disabled, no user IDs) restricts actual collection to the anonymous events described in section 1).

3. How We Share Your Information (Sub-processors)

We do not sell your personal data. We only share necessary data with trusted third-party service providers (sub-processors) to operate the Service:

• Supabase: Handles user authentication and management. Receives your email, name, and OAuth tokens.
• Google Gemini & xAI/Grok: Data about the user, including birth information, are processed and generated by these LLMs.
• Stripe, Apple (In-App Purchases) & PayOS.vn: Processes web, iOS, and VietQR payments. Receives purchase metadata, account/transaction IDs, and country data.
• MapBox: Powers our city search geocoding. Receives location query strings when you search for a birthplace.
• Google Cloud Platform (GCP) Cloud Logging: Stores our server logs.
• Apple APNs: Delivers push notifications using your device token.
• Google LLC (Firebase / Google Analytics 4): Aggregates anonymous product-usage events. Receives only anonymous event data and a pseudonymous Firebase Instance ID. Receives no advertising identifiers, no email, and no birth data. Google Signals is disabled on the property.

(Note: We use MaxMind GeoLite2 for IP-to-country detection, but this operates via a local, offline database. Your IP address is never sent to MaxMind).

Public Sharing by You

If you choose to use our "Profile Sharing" feature, you can generate a public link. Anyone with this URL will be able to view the name, birth data, natal chart, and AI interpretations associated with that specific profile.

4. Data Storage and Local Caching

To ensure the Service runs smoothly and is accessible offline, we store certain data locally on your device:

• Local Storage: Stores your authentication session, account information, and locale/user preferences.
• IndexedDB: Caches your generated profiles, interpretations, and avatar images for offline access.
• Service Worker: Caches static assets (like images and fonts) for up to 30 days.

Our server logs are stored securely via GCP Cloud Logging. Standard logs include HTTP request details and purchase events. For debugging complex astrological generations, our "Trace" level logs may temporarily store full LLM prompts and responses, which include your submitted birth data.

5. Data Retention and Deletion

You have full control over your data.

• Deleting Individual Profiles: You can delete any individual profile at any time. Doing so immediately cascades and deletes all associated interpretations, reports, purchases, and public share links tied to that profile.
• Deleting Your Entire Account: You can request full account deletion directly within the app or by contacting us.
• The 7-Day Grace Period: When you request account deletion, your account enters a 7-day grace period, allowing you to cancel the deletion if you change your mind. After 7 days, an automated system permanently deletes your Supabase authentication record, all profiles, interpretations, reports, purchases, device tokens, and share links.