AstroWay/api v2.19.0 · legal
all systems operational
UA EN

// legal · privacy · GDPR

Privacy policy

What we collect, why we collect it, where it lives, and how to get it back. Written for humans first, regulators second. EU-hosted, GDPR-aligned, no data brokers, no ad networks, no dark patterns.

Effective · 2026-04-12 Version · 1.4 DPO · api@astroway.info Hosting · EU · Germany

Last updated: April 12, 2026

1. Who we are

AstroWay API is an astrology calculation service operating at api.astroway.info. Operator: sole proprietor Maksym Burkhan, Ukraine.

2. What data we collect

2.1 Account data

  • Email address (for registration and communication).
  • Hashed password.
  • Selected plan.

2.2 API request data

  • Request parameters (date, time, coordinates) — stored for credit accounting.
  • We do NOT store names, cities, or any identifying data of your app’s end users. These fields are optional and processed only in memory.

2.3 AI endpoints (audit log)

  • For /interpret/* and /horoscope/*: input parameters (date, coordinates) and generated text are stored for 90 days for audit trail and service quality.
  • IP addresses are stored as SHA-256 hashes (irreversible) — for rate limiting and anti-abuse.

2.4 Technical data

  • IP address (hashed), User-Agent, timestamp — standard access logs, 30-day rotation.

3. How we use data

  • Service delivery: running calculations, credit accounting, rate limiting.
  • AI content quality: audit log analysis to improve system prompts and safety filters.
  • Communication: service changes, SLA incidents, terms updates.
  • Anti-abuse: detecting free-tier abuse and attacks.

We do NOT:

  • Sell your data to third parties.
  • Use data for targeted advertising.
  • Share calculation data with other users.

4. Storage and security

  • Data is stored on a dedicated VPS in the EU (Hetzner, Nuremberg, Germany).
  • API connections — HTTPS only (TLS 1.3).
  • Passwords hashed via bcrypt.
  • IP addresses stored as SHA-256 hashes.
  • Database access — localhost only (not exposed externally).

5. Data retention

Data typeRetention
AccountUntil account deletion
API usage log365 days
AI audit log90 days
Access logs30 days

6. Your rights (GDPR)

As a data subject, you have the right to:

  • Access: request a copy of all your data via Dashboard or email.
  • Deletion: delete your account and all related data via Dashboard or email.
  • Rectification: update email or profile via Dashboard.
  • Portability: export data in JSON format.
  • Objection: opt out of data processing for marketing (we don’t do marketing anyway).

To exercise your rights, contact: api@astroway.info. Response within 30 days.

7. Cookies

AstroWay API uses no cookies. The Dashboard uses:

  • Session token (localStorage) — for authentication. Cleared on logout.

8. Third parties

  • AI providers — top-tier market LLMs (Google Gemini, Groq, OpenRouter, Mistral, and others) routed through our private AI gateway with multi-provider failover. They receive anonymized astrological data (date, coordinates, no names) for generating interpretations. Each provider has its own privacy policy.
  • Cloudflare: CDN and DDoS protection. Processes HTTP requests before routing to our server. EU/global edge.
  • Hetzner: VPS hosting within the EU.
  • SMTP provider (Brevo for transactional email): delivery of service emails — confirmations, password resets, usage notifications. Detailed sub-processor information available in the DPA for Pro+ customers.

9. Changes

Material changes to this policy will be notified via email 30 days in advance.

10. Contact

Privacy questions: api@astroway.info