Privacy Policy

Last updated: 15 May 2026

We try to collect as little data as possible, only use it to make the service work for you, and give you control over what you share. This policy explains what we keep, why, and what your rights are.

1. What we collect

• Email and name when you join the waitlist or buy a Cosmic Code PDF.
• Birth data (date, time, and place of birth) for app users — used to calculate your astrology, Human Design, and Gene Keys chart.
• Profile context you volunteer — vocation, intentions, notes — used to personalize AI contemplation responses.
• Payment information for paid users. Stripe processes this and we never see your card numbers.
• Cookies and session data — minimal, see Section 7.
• Form submission metadata — when you submit a form on this site (waitlist, readings inquiry, practitioner discovery call, or newsletter signup), we capture your IP address (from your connection or the standard X-Forwarded-For / X-Real-IP proxy headers) and browser user agent alongside the fields you filled in. We use this only to follow up on your specific request and to distinguish real submissions from automated bots.
• Birth data is not collected at form submission. If a future version of the site offers a personalized cosmic reading directly on the page, your birth date is computed in your browser and is never sent to our servers unless you explicitly choose to share it when joining the waitlist.

2. How we use it

• To provide the service (calculate charts, save your insights).
• To personalize AI contemplation features so they reflect your actual chart and stated intentions.
• To send transactional emails — magic-link logins, waitlist invitations, receipts, and important account notices.
• To improve the product, by looking at aggregated usage patterns. We do not read individual journals or personal notes for product analytics.

3. Who we share data with

We use a small set of trusted vendors to run the service. We share only what each vendor needs to do its job:

• Supabase — database and authentication.
• Stripe — payments and billing.
• Anthropic (Claude API) — generates contemplation responses. We send your profile context with each request. To our knowledge, Anthropic does not use API content for model training.
• Kit (formerly ConvertKit) — waitlist and marketing emails.
• Resend — transactional email (logins, receipts).
• Our hosting provider — to serve the website and app.

We do not sell your personal data. We do not share it with advertisers.

4. International data transfers

We are based in Brazil. Some of our vendors (Supabase, Anthropic) store and process data on servers located in the United States. By using the service, you understand that your data may be transferred and processed outside your country of residence under appropriate safeguards.

5. Your rights

Under Brazil's LGPD and the EU's GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct it if it is inaccurate.
• Request deletion.
• Export your data in a portable format.
• Withdraw consent for marketing emails at any time.

We offer a 24-hour grace-period account deletion from Settings → Data Portability in the app: you can change your mind within 24 hours; after that, your data is permanently removed from our live systems. Email hello@cosmic-codex.com to make any other request — we aim to respond within 15 days.

6. Retention

We keep your data while your account is active. When you delete your account, we remove your personal data from our active systems within 30 days. Encrypted backups roll over and are purged within 90 days. We may keep limited records (such as billing receipts) where law requires.

Marketing-form submissions (readings inquiries, practitioner discovery calls, newsletter signups) are stored as plain-text logs on our hosting server until Felipe has processed your request. There is no automated cleanup at this stage — files are reviewed and removed manually. Waitlist signups are stored in our Supabase database and, if you opt in, forwarded to our email service (Kit) so we can send launch updates. You can ask us to delete any of this at any time using the contact in Section 11.

7. Cookies

We use a small number of cookies to keep you logged in and to remember your preferences. We do not use third-party advertising or cross-site tracking cookies at launch. If that ever changes, this page will be updated and we will ask for consent where required.

8. Children

The service is intended for users aged 18 and older. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Security

We use industry-standard practices to protect your data — HTTPS in transit, encryption at rest in our database, scoped access controls, and regular dependency updates. No system is perfectly secure; if we ever detect a breach involving your data, we will notify you in line with LGPD and GDPR timelines.

10. Changes to this policy

When we make material changes, we will update the "Last updated" date and, for active users, notify you by email or in-app message.

11. Contact

For privacy questions, data requests, or to reach our data protection contact, email hello@cosmic-codex.com .