Privacy Policy

We collect: email address (required), birth date (required for astrology), display name (optional), birth time and place (optional, for advanced charts), reading history (auto-generated), chat content (your input), usage logs, and device information. We do NOT collect: real name, physical address, phone number, or government ID. Payment information is handled entirely by Stripe — Stellara never stores your card details.

Your data is used for: generating astrology readings (birth date + chat history sent to Claude API), account management, subscription billing via Stripe, anonymous service improvement analytics, security and fraud prevention, and legal compliance (tax records retained for 7 years). We do NOT: sell your data, serve third-party ads, or build marketing profiles.

We share data with: Anthropic (Claude API — birth date and chat content for reading generation; data is NOT used for model training; Anthropic retains logs for up to 30 days for safety), Stripe (payment processing), Supabase (database hosting), Vercel (web hosting), and Google (OAuth authentication). All providers maintain Data Processing Agreements (DPAs) compliant with GDPR Art.28.

Profile data: retained while your account is active. Reading history: retained while your account is active. Session logs: automatically deleted after 90 days. Payment records: retained for 7 years (tax compliance). Anonymized statistics: retained indefinitely (not personally identifiable). When you delete your account, we soft-delete immediately (login disabled) with a 30-day recovery window, then permanently delete all data. Third-party data (e.g., Anthropic logs) follows each provider's retention policy.

You have the right to: access your data, export your data (JSON format, Phase 2), delete your account and all associated data, restrict certain processing, and withdraw consent at any time. We respond to all requests within 30 days (GDPR) or 45 days (CCPA).

We use only essential session cookies for authentication. We do not use tracking cookies or third-party cookies. Under the EU ePrivacy Directive, strictly necessary cookies do not require a consent banner.

Stellara does not knowingly collect data from anyone under 18. If we discover an underage user, we will promptly delete their account and data. If you are a parent or guardian and believe your child has provided data to us, contact hello@stellara.chat.

Stellara is based in Japan. Your data may be transferred to the United States (Anthropic, Vercel, Stripe) and AWS regions (Supabase). EU data transfers rely on Standard Contractual Clauses (SCCs) maintained by each service provider.

California residents have additional rights: the right to know what data is collected, the right to delete personal information, and the right to opt out of data sales. Stellara does not sell or share personal information. To exercise your rights, email hello@stellara.chat with subject "CCPA Request". We respond within 45 days.

We protect your data with: TLS/HTTPS encryption in transit, database encryption at rest (Supabase default), JWT-based authentication via Supabase Auth, rate limiting against abuse, and PCI DSS-compliant payment processing via Stripe.

Material changes will be communicated at least 30 days in advance via email. Minor clarifications may be made without prior notice. Continued use after changes constitutes acceptance. Change history is maintained on this page.

Data protection inquiries: hello@stellara.chat Expected response time: within 3 business days. EU residents retain the right to lodge a complaint with their local data protection authority.