Official documents
Privacy Policy
What we collect, why, how long we keep it, and the rights you have over your data. GDPR-compliant, transparent, and without false promises.
Preamble
This policy explains how AstroTeamFlow collects, uses, and protects your personal data, in accordance with the General Data Protection Regulation (GDPR).
Data controller
Yukaji ([TODO: final legal name upon LLC formation])
Contact: hello@astroteamflow.com
Data collected
3.1 Account data
- Email address (for authentication)
- Password (encrypted by Supabase Auth)
- Active plan (Discovery, Essential, Pro, or Custom)
- Account creation date
3.2 Team data (entered by you)
- Team name
- First name or alias and date of birth for each member
- Astrological sign and element, calculated automatically from the date of birth
Important: this data is entered by you for your own team management purposes. You are responsible for obtaining your team members' consent before entering their information.
3.3 Billing data (paid plans)
Payments are processed by Lemon Squeezy. AstroTeamFlow does not store your banking details. We retain only the subscription identifier and the status of your subscription.
3.4 Usage data (analytics)
With your explicit consent only, we collect anonymous usage data via PostHog (pages visited, features used). You may withdraw this consent at any time from your account settings.
Purposes of processing
- Enable the creation and management of your account
- Provide the team management service
- Manage subscriptions and billing
- Improve the product (analytics, with explicit consent)
- Respond to your support requests
Legal basis
- Performance of contract: account, team, and billing data
- Explicit consent: analytics (PostHog)
- Legitimate interest: security, fraud prevention
Retention periods
- Active account: for the duration of your use of the service
- Deleted account: personal data erased immediately
- Billing data: 10 years (legal accounting obligation)
- Technical logs: 12 months maximum
Sub-processors
We use the following services to operate AstroTeamFlow. Each is bound by a GDPR-compliant data processing agreement (DPA).
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting | USA (Standard Contractual Clauses) |
| Supabase | Database + Auth | EU / USA |
| PostHog | Analytics (opt-in only) | EU (eu.i.posthog.com) |
| Lemon Squeezy | Payments | USA (SCCs) |
Your GDPR rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your data (use the "Export my data" button in your account)
- Right of rectification: update your information at any time
- Right to erasure: delete your account (use the "Delete my account" button)
- Right to portability: retrieve your data in JSON format
- Right to object: opt out of usage data processing (PostHog)
To exercise these rights, write to hello@astroteamflow.com.
You also have the right to lodge a complaint with the CNIL, the French data protection authority (www.cnil.fr), or with the supervisory authority in your country of residence.
Security
We implement appropriate technical and organisational measures: encryption at rest (Supabase), mandatory HTTPS, Row Level Security, and passwords hashed with bcrypt.
Changes to this policy
This policy may be updated. Any material change will be notified to you by email at least 30 days before it takes effect.