Privacy Policy

We collect only what is needed to generate the readings you ask for, plus minimal operational data:

• Birth details — name, date, time, and place of birth, used to compute astrological and numerological charts.
• Email address — only if you create an account or subscribe to our newsletter.
• Payment metadata — handled by our payment processors (Razorpay in India, Stripe globally). We never see your full card details.
• Operational logs — request timestamps, error logs, and Cloudflare-provided geo signals (country only) used for currency selection and abuse prevention.

Your data is used only to:

• Generate the reading or report you requested.
• Send transactional emails (receipts, report-ready notifications, password resets).
• Send the weekly newsletter if you opted in (one click to unsubscribe).
• Operate, debug, and secure the service.

We do not use your data to train public AI models. We do not sell, rent, or share your birth data with third-party advertisers, data brokers, or other astrology services.

Birth details are encrypted at rest using industry-standard AES-256. Data is stored in Cloudflare's globally distributed infrastructure (D1 SQLite, KV, and R2). We do not run our own database servers — there is no on-premises copy of your data.

Backups are encrypted and follow the same deletion rules as primary storage.

You have the right to:

• Access a copy of all data we hold on you.
• Correct any inaccurate data (especially birth time/place — this matters for chart accuracy).
• Delete everything we hold on you. One click in your account, no questions asked, no "hold period."
• Export your readings and account data in a portable format.
• Withdraw consent for newsletter or non-essential communications at any time.

Requests can be made from the Account → Privacy panel once you are signed in, or by emailing legal@cosmicpath.ai.

To generate the human-language portion of a reading, we send the calculated chart data and your specific question to an AI provider (currently OpenAI). We do not send your name, email, or other directly identifying details to the AI provider.

AI provider interactions are not retained for training under our enterprise agreement. We also keep a local copy of the prompt/response solely so you can re-view your reading — encrypted, deletable, and visible only to you.

We use the minimum necessary cookies: a session cookie when you sign in, and optionally a preference cookie for currency/system display. We do not use third-party advertising trackers, behavioral profiling, or fingerprinting scripts.

If you reach our marketing pages from a campaign, we may use first-party UTM parameters to understand which channels are working — without identifying you.

CosmicPath is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has submitted data, please contact legal@cosmicpath.ai and we will delete it immediately.

If we materially change how we handle your data, we will notify you by email (for active users) and post a notice on this page at least 14 days before changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Privacy questions, data requests, or complaints: legal@cosmicpath.ai

For users in the EU, you also have the right to lodge a complaint with your local data protection authority.