Privacy Policy

1. Introduction

Sataksan ("we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data when you use our website at sataksan.com and related services (collectively, "the Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address and/or phone number, and a password. Your password is stored using a one-way cryptographic hash — we never store or have access to your plaintext password.

Location Data

With your permission, we use your device's geolocation (latitude, longitude, and timezone) to calculate accurate astrological data such as planetary hours, sunrise/sunset times, and local celestial positions. Location data is stored locally on your device and is not transmitted to our servers unless required for a specific calculation, in which case it is used transiently and not stored server-side.

Payment Information

If you subscribe to a paid plan, payment is processed by Stripe. We do not collect, store, or have access to your credit card number or payment details. Stripe provides us with a customer identifier, subscription status, and billing dates only. See Stripe's Privacy Policy for details on their data practices.

Technical and Usage Data

We automatically collect certain technical information when you use the Service, including IP address (used for rate limiting and security), browser type and version, device type, pages visited, and timestamps. This data is collected through server logs and is used for security, performance, and service improvement.

Cookies and Local Storage

We use browser local storage to maintain your login session (JWT token), user preferences (such as theme selection), and rate-limiting timestamps for verification codes. We do not use tracking cookies. Third-party services (Google AdSense) may set their own cookies — see Section 5 below.

3. How We Use Your Information

We use the information we collect to provide and operate the Service, including astrological calculations based on your location; to send verification codes via email or SMS when you register or reset your password; to process subscription payments through Stripe; to protect the Service against abuse, fraud, and unauthorized access; to communicate with you about your account, service updates, or changes to our policies; and to improve the Service based on aggregated, non-identifying usage patterns.

We do not sell your personal information. We do not use your data for profiling or automated decision-making beyond what is described here.

4. How We Share Your Information

We share information only with the following categories of third parties, and only to the extent necessary to operate the Service:

Stripe processes subscription payments. We share your user identifier with Stripe to create and manage your subscription. Stripe independently collects payment details you provide to them.

Twilio SendGrid delivers transactional emails (verification codes, password resets). We share your email address and the message content with SendGrid for delivery.

Twilio delivers SMS messages (verification codes, password resets). We share your phone number and the message content with Twilio for delivery.

Amazon Web Services (AWS) hosts the Service infrastructure, including our database and serverless functions. Data stored in AWS is encrypted at rest and in transit.

Google AdSense serves advertisements on the Service. Google may collect data through cookies and similar technologies as described in their privacy policy. See Section 5.

We may also disclose information if required by law, legal process, or government request, or if necessary to protect the rights, safety, or property of Sataksan, our users, or the public.

5. Advertising

We use Google AdSense to display advertisements. Google and its advertising partners may use cookies, web beacons, and similar technologies to serve ads based on your prior visits to this or other websites. You can opt out of personalized advertising by visiting Google's Ads Settings or aboutads.info. For more information, see Google's Privacy Policy.

6. Data Retention

Unverified accounts are automatically deleted after 24 hours. Verified account data is retained for as long as your account is active. If you delete your account or request deletion, we will remove your personal data from our systems within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or financial record-keeping). Server logs containing IP addresses are retained for up to 90 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption of data in transit (TLS/HTTPS) and at rest, one-way cryptographic hashing of passwords, rate limiting and IP-based abuse prevention, and minimal data collection (we only collect what is necessary to operate the Service). No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data: the right to access the personal data we hold about you; the right to request correction of inaccurate data; the right to request deletion of your data; the right to withdraw consent for data processing; and the right to data portability. To exercise any of these rights, contact us at our contact form. We will respond to requests within 30 days.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

10. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. The "Last updated" date at the top indicates when the policy was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

For questions or concerns about this Privacy Policy or our data practices, contact us at our contact form.