Privacy Policy

Last updated: 2026-05-11

Zoria ("we", "us", "our") operates the Zoria platform at zoria.me. This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, and the rights you have under the EU General Data Protection Regulation (GDPR), the Ukrainian Law "On Personal Data Protection", and other applicable data protection laws. The controller of your personal data is the operator of Zoria; you can reach us at [email protected].

1. Data We Collect

We collect only what we need to provide the service. The categories below cover everything we store:

  • Account data — email address, display name, password hash. Created when you register; required to give you an account.
  • Birth data — date of birth, time of birth, place of birth. We treat this as sensitive because it is used to compute your natal chart and may be inferred to relate to your identity. It is stored only as long as your account exists, is never sold, and is never shared with advertisers.
  • Gender, relationship status, and similar profile fields — only when you provide them, used to personalize readings.
  • Dream descriptions and free-text questions you submit for AI interpretation.
  • AI conversation history — your prompts and the AI-generated responses, so you can return to previous readings.
  • Payment metadata — plan, amount, currency, transaction ID, billing country. We do not store full card numbers; card data is handled directly by our payment processor.
  • Technical data — IP address, user agent, device and browser information, language preference, and cookies necessary to keep you logged in.
  • Product analytics — if you consent, anonymized events about which pages you view and which features you use, so we can improve the product.

2. Lawful Basis for Processing

Under GDPR Article 6, we process your data only when we have a lawful basis:

  • Contract (Art. 6(1)(b)) — account data, birth data, dreams, AI conversations and payment data are processed to provide the service you signed up for.
  • Consent (Art. 6(1)(a), and Art. 9(2)(a) for any sensitive inferences from birth data) — analytics, session recordings, marketing cookies and optional marketing emails. You can withdraw consent at any time via cookie settings or by emailing us.
  • Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, abuse detection, basic server logs, and improving the service. We balance these against your rights and will stop on objection where required.
  • Legal obligation (Art. 6(1)(c)) — tax records, accounting records, and responses to lawful requests from authorities.

3. How We Use Your Data

We use your data to: (a) generate personalized horoscopes, natal charts, dream interpretations, numerology readings, and compatibility analyses; (b) operate your account, save your history, and let you return to previous readings; (c) process payments and manage subscriptions; (d) keep the service secure, prevent abuse, and debug issues; (e) communicate with you about your account and, with your consent, about product news. We do not sell your personal data and we do not use it to train third-party AI models.

4. How We Store and Secure Your Data

Your data is stored in a managed PostgreSQL database with disk-level encryption at rest and TLS encryption in transit. Passwords are hashed with a modern, salted algorithm — we never see your plaintext password. Access to production systems is restricted to authorized engineers, requires individual credentials, and is logged. We back up the database regularly and test restore procedures so we can recover from incidents without data loss.

5. Subprocessors and Service Providers

We share data with the following subprocessors strictly to deliver the service. Each operates under a data processing agreement that requires GDPR-equivalent safeguards:

  • Anthropic, PBC (USA) — Claude AI model provider. Receives the prompts you submit (dream descriptions, questions, and the contextual birth-chart data needed to personalize the reading) and returns generated content. Under Anthropic's API terms, prompts and responses are not used to train Anthropic's general-purpose models; they may be retained for a limited window for abuse monitoring and safety review.
  • Resend (EU/Frankfurt) — transactional and lifecycle email delivery. Receives your email address, name, and message content for emails we send to you (account verification, password reset, daily horoscope, billing notices).
  • Railway (USA) — cloud hosting and database infrastructure for the API, frontend and managed PostgreSQL. Effectively processes all data stored or transmitted by the service.
  • PostHog (EU cloud, Frankfurt) — product analytics. Only active after you consent via the cookie banner; receives pseudonymous event data and page paths so we can understand which features are used. We do not enable session recording or heatmaps.
  • Additional payment processors may be added for other regions (e.g., Poland, crypto). We will update this list before they go live.

6. International Data Transfers

Some subprocessors are located outside the European Economic Area, notably Anthropic and Railway in the United States. For these transfers, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical and organizational measures. You can request a copy of the relevant transfer mechanism by emailing [email protected].

7. Your Rights Under GDPR

If you are in the EU, UK, or another jurisdiction with similar laws, you have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data, including your birth details.
  • Right to erasure — request deletion of your account and personal data ("right to be forgotten").
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing — ask us to pause processing while a dispute or correction is resolved.
  • Right to object — object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent — for anything based on consent (analytics, session recordings, marketing), you can opt out at any time without affecting prior lawful processing.
  • Right to lodge a complaint — with your local data protection authority. In Ukraine, this is the Ukrainian Parliament Commissioner for Human Rights (Уповноважений Верховної Ради України з прав людини). In the EU, contact your national supervisory authority (in Poland, the President of the Personal Data Protection Office, UODO).

To exercise any of these rights, email [email protected] from the address associated with your account. We respond within 30 days; complex requests may be extended by up to two further months with notice.

8. Cookies and Analytics

We use a small number of cookies. Strictly necessary cookies (session token, language preference, cookie-consent state) are set automatically and cannot be disabled — they are required for the site to work. Analytics cookies (PostHog) and any future marketing cookies are set only after you choose your preferences in our cookie banner. You can change your choice at any time by clearing the cookie consent state or contacting us. Rejecting analytics does not affect your access to any feature.

9. Data Retention

We keep account, birth, and reading data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except: (a) payment and invoice records, retained for up to 7 years to comply with tax and accounting law; (b) security and access logs, retained for up to 90 days; (c) data we are legally required to keep longer. AI conversation logs are retained while your account is active so you can return to previous readings; on account deletion they are deleted with the rest of your data.

10. Children's Privacy

Zoria is not intended for users under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe a child has provided us with personal data, contact [email protected] and we will delete the account.

11. Changes to This Policy

We may update this Privacy Policy as the service evolves or the law changes. The "Last updated" date at the top reflects the most recent revision. For material changes (new subprocessors processing sensitive data, expanded use of your data, changes to your rights) we will notify you by email before the change takes effect. Continued use of Zoria after the effective date constitutes acceptance.

12. Contact

For privacy questions, data requests, or to exercise any of your rights, contact us at:

Email: [email protected]

We value your privacy

We use cookies to enhance your experience. Some are essential for the site to function, while others help us improve our services. Learn more in our Privacy Policy