Privacy Policy

Last updated: 19 May 2026

1. Who We Are

Cosmic Lessons is operated by Laura, based in Newbury, United Kingdom. We are the data controller for the personal information described in this policy.

2. What We Collect

We collect the following information when you use the Service:

• Account information: username, email address, and password (stored as a secure hash).
• Birth data: date, time, and place of birth for you and any people you add to the Service (partners, family, friends, children). This is necessary to compute natal charts. When you enter data for another person, we store it under your account — only you can see it.
• Payment information: processed and stored by Stripe. We receive your Stripe customer ID and subscription status but never see or store your card number, expiry, or CVV.
• Usage data: standard server logs (IP address, browser type, pages visited) for security and performance.

3. How We Use Your Data

• To compute and display your natal charts, transits, and interpretations.
• To process your subscription payment via Stripe.
• To send you essential account-related emails (e.g., payment confirmations, terms changes).
• To maintain security and prevent abuse.

We do not sell your data, use it for advertising, or share it with third parties beyond what is described here.

4. Third-Party Services

• Stripe: processes payments. Their privacy policy is at stripe.com/privacy.
• Heroku (Salesforce): hosts the application. Data is stored on servers in the EU/US.
• Nominatim (OpenStreetMap): geocodes place names to coordinates. Only the place name is sent; no personal data.

5. Legal Basis (UK GDPR)

• Contract: processing your birth data is necessary to provide the Service you've subscribed to.
• Legitimate interest: server logs for security and performance monitoring.
• Consent: when you enter birth data for another adult, you confirm you have their consent. For children under 13, parental responsibility provides the legal basis (see below).

6. Data Retention

• Your account and chart data are kept as long as your account is active.
• If you cancel and request deletion, we will delete your data within 30 days.
• Payment records are retained as required by UK tax law (typically 6 years).

7. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data ("right to be forgotten").
• Export your data in a portable format.
• Object to processing based on legitimate interest.
• Complain to the Information Commissioner's Office (ICO) if you believe your rights have been violated.

To exercise any of these rights, email laura@cosmiclessons.com.

8. Cookies

We use essential cookies only: a session cookie to keep you logged in and a CSRF token for form security. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Children's Data

Children under 13 cannot hold their own account or subscription. However, subscribers may enter birth data for their children in order to compute natal charts. This data is stored under the parent's account and is only visible to the parent. By entering a child's birth data, you confirm that you are their parent or legal guardian and are providing it on their behalf.

If you are a parent and wish to have your child's data removed, contact us at laura@cosmiclessons.com and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify active subscribers of material changes via email. The "last updated" date at the top reflects the most recent revision.

11. Contact

For any privacy-related questions or requests, contact us at laura@cosmiclessons.com.