Official documents
Privacy Policy
What we collect, why, how long we keep it, and the rights you have over your data. GDPR-compliant, transparent, and without false promises.
Preamble
This policy explains how AstroTeamFlow collects, uses, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR).
Data controller
The data controller for your personal data is Yukaji. Full contact details are available in the Legal Notice.
For any request relating to your personal data, contact us at: hello@astroteamflow.com
No formal Data Protection Officer (DPO) has been appointed, as this is not required given the size of the organisation and the nature of the processing activities carried out. The data controller acts as the direct point of contact at the address above.
Data collected
3.1 Account data
- Email address (for authentication)
- Password (encrypted by Supabase Auth)
- Active plan (Discovery, Essential, Pro, or Custom)
- Account creation date
3.2 Team data (entered by you)
- Team name
- First name or alias and date of birth for each member
- Astrological sign and element, calculated automatically from the date of birth
Important: this data is entered by you for your own team management purposes. You are responsible for obtaining your team members' consent before entering their information.
3.3 Billing data
AstroTeamFlow is entirely free. No banking data is collected, stored, or processed.
3.4 Usage data (analytics)
AstroTeamFlow does not collect any usage data through a third-party service (PostHog, Google Analytics or equivalent). The only information retained is what is required to run the service (auth, team, birth dates).
Purposes of processing
- Enable the creation and management of your account
- Provide the team management service
- Respond to your support requests
Legal basis
- Performance of contract: account and team data
- Legitimate interest: security, fraud prevention
Retention periods
- Active account: for the duration of your use of the service
- Deleted account: personal data erased immediately
- Billing data: 10 years (legal accounting obligation)
- Technical logs: 12 months maximum
Sub-processors
We use the following services to operate AstroTeamFlow. Each is bound by a GDPR-compliant data processing agreement (DPA).
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Application hosting | USA (Standard Contractual Clauses) |
| Supabase | Database + Auth | EU (Frankfurt, Germany) |
| Resend | Transactional email delivery | EU |
| Cloudflare (Turnstile) | Bot protection on forms | USA (Standard Contractual Clauses) |
Your GDPR rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your data (use the "Export my data" button in your account)
- Right of rectification: update your information at any time
- Right to erasure: delete your account (use the "Delete my account" button)
- Right to portability: retrieve your data in JSON format
To exercise these rights, write to hello@astroteamflow.com.
You also have the right to lodge a complaint with the CNIL, the French data protection authority (www.cnil.fr), or with the supervisory authority in your country of residence.
Security
We implement appropriate technical and organisational measures: encryption at rest (Supabase), mandatory HTTPS, Row Level Security, and passwords hashed with bcrypt.
Changes to this policy
This policy may be updated. Any material change will be notified to you by email at least 30 days before it takes effect.