Privacy Policy

The short version

We collect the minimum we need to deliver what you asked for. We do not sell your data. We do not run third-party ad pixels. If you have a question or want your data removed, email hello@northstaralmanac.com and we'll respond within five business days.

1. What we collect

• Your email address when you take the Big Three quiz, subscribe to the newsletter, or buy a product. Used to send the reading, product downloads, and the nurture sequence.
• Your first name, birth date, birth time, and birth place when you complete the quiz. Used only to calculate your sun, moon, and rising signs and to render your personalized reading. Stored against your email so we can re-send the reading if it fails to deliver.
• Stripe checkout metadata (purchase amount, SKU, transaction ID, email). We never see or store your card details — Stripe handles those directly.
• Aggregate site usage via Vercel Web Analytics — page views, country (from IP, not stored), referrer, device type. No cookies, no personal identifiers, no cross-site tracking.
• localStorage on your deviceremembers your selected sun sign and the contents of your shopping basket so the site feels normal across page loads. This stays on your device; we don't read it from our servers. You can clear it any time from your browser settings.

2. What we don't do

• We do not sell or rent your data.
• We do not run Google Analytics, Meta Pixel, or TikTok Pixel.
• We do not share your quiz answers with any third party.
• We do not use your data to train AI models.
• We do not knowingly collect data from anyone under 13. If we learn we have, we delete it. See §6.

3. Who we share with

We use a small number of vendors (processors) to operate the site. Each has its own privacy policy — links provided.

• Vercel — hosting + web analytics. vercel.com/legal/privacy-policy
• Stripe — payment processing. stripe.com/privacy
• ConvertKit — marketing email delivery. convertkit.com/privacy
• Resend — transactional email (the message that delivers your purchased PDFs). resend.com/legal/privacy-policy
• Cloudflare R2 — storage for rendered PDFs. Files are served via signed URLs valid for 30 days. cloudflare.com/privacypolicy
• Railway (or equivalent) — hosts the ephemeris + PDF rendering service. Quiz answers (name + birth date / time / place) are POSTed there at render time and not retained. railway.com/legal/privacy

4. How long we keep your data

• Quiz answers(birth data): kept for 90 days so we can re-send the reading if it didn't deliver, then automatically deleted.
• Email + subscriber tags: kept until you unsubscribe. Deleted within 30 days of unsubscribe.
• Purchase records: kept for the period required by tax law (typically 7 years), in line with Stripe's retention.
• Aggregate analytics: anonymized; kept indefinitely with no path back to you.

5. Your rights

You can:

• Unsubscribe from any email with one click.
• Ask us to show you what data we hold about you.
• Ask us to delete your data.
• Ask us to exportyour data (we'll send it back as JSON).
• Ask us to correctanything that's wrong.

Email hello@northstaralmanac.com with any of these requests. We respond within five business days.

EU/UK readers (GDPR): our legal basis for processing your quiz answers + email is the contract you enter when you ask us for a reading or a purchase. For the follow-up nurture emails, our basis is legitimate interest; you can opt out at any time. You have the right to lodge a complaint with your local data protection authority.

California readers (CCPA / CPRA): you have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any sale or sharing for cross-context behavioral advertising. We do not sell or share your personal information under either of those definitions. To exercise any of the above, email us. We will not discriminate against you for doing so.

6. Children

The service is intended for adult readers (18+). We do not knowingly collect personal information from anyone under 13 (COPPA in the US) or under 16 (GDPR in the EU). If you believe a child has submitted personal data to us, email us and we'll delete it.

7. Security

The site runs over HTTPS. Payment data goes directly from your browser to Stripe; we never touch your card. Birth data is transmitted over encrypted channels to the rendering service and discarded after the PDF is built. Vendor accounts use two-factor authentication.

8. Changes

If we materially change how we handle data, we will update this page and email subscribers. We will not retroactively use data we collected under an older policy for a newer purpose you didn't agree to.