← Back to Home

Privacy Policy

Last updated: 23 June 2026

1. Controller Information & Compliance Statement

Data Controller: FENG YU (sole proprietor, ZodiacSync), resident in Kowloon, Hong Kong SAR, China.

Contact Address: 636 Nathan Road, Bank Centre, 15th Floor, Mong Kok, Kowloon, Hong Kong

Contact Email: [email protected]

This Privacy Policy is governed by the Hong Kong Personal Data (Privacy) Ordinance (PDPO) and other applicable data protection laws, including:

  • United States: California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and other applicable U.S. state privacy laws.
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec Law 25 (modernized).
  • United Kingdom: UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
  • European Union: EU General Data Protection Regulation (GDPR).
  • Australia: Privacy Act 1988 and Australian Privacy Principles (APPs).
  • New Zealand: Privacy Act 2020.
  • South Africa: Protection of Personal Information Act (POPIA).
  • Singapore: Personal Data Protection Act (PDPA).
  • Indonesia: Personal Data Protection Law (PDP Law).
  • Malaysia: Personal Data Protection Act 2010 (PDPA 2010).
  • Hong Kong SAR: Personal Data (Privacy) Ordinance (PDPO).

2. Personal Data We Collect

We collect the following categories of personal data when you use our service:

2.1 Account & Authentication Data: Email address, display name, password hash, authentication tokens, and social login information (if you sign up via Google/Apple).

2.2 Profile & Astrological Data: Birth date, birth time, birth location, gender, profile photo, bio, and other information you provide to generate astrological charts, compatibility scores, and AI insights.

2.3 Service Usage Data: Chat messages with AI astrologer, birth chart queries, app usage patterns, and feature engagement data.

2.4 Device & Technical Data: Device type, operating system, unique device identifier, IP address, browser type, language settings, crash logs, and network information, used for account security, fraud prevention, service stability, and regional adaptation.

2.4.1 Analytics Data: We use PostHog to collect anonymous usage events, feature interactions, page views, and crash reports. This data is associated with a randomly generated anonymous user ID, not your personal identity. You may opt out of analytics collection by contacting us at [email protected].

2.4.2 Error Monitoring Data: We use Sentry to collect crash reports and error monitoring. Data collected: device type, OS version, app version, stack trace, anonymous session ID, and truncated IP address. We do not collect personal information through Sentry.

2.5 Payment Data: ZodiacSync is currently free during the MVP phase. We do not collect any payment data at this time. Should we introduce paid features in the future, we will update this Policy with at least 30 days' prior notice. For iOS, any paid features will be implemented exclusively through Apple In-App Purchase (IAP) per Apple's App Store Review Guidelines 3.1.5.

2.6 Marketing & Communication Data: Email open/click tracking data, push notification engagement data, and your marketing preferences.

2.7 iOS App Permissions:

When you use our iOS App, you may be asked to grant the following permissions. All permissions are optional, and you can revoke them at any time through your iOS Settings.

  • (a) Camera: To take profile photos for your account. We do not access your camera at any other time.
  • (b) Photo Library: To select existing photos from your library for your profile. We only access photos you explicitly choose.
  • (c) Notifications: To send you daily horoscope forecasts, important account updates, and (with your consent) marketing communications. You can disable notifications in iOS Settings at any time.
  • (d) Location: To provide accurate astrological readings based on your birth location (only if you choose to use auto-detect). We do not track your real-time location.
  • (e) Apple Sign In: To allow you to sign in using your Apple ID. Apple may provide us with your email address (or a private relay email) and your name.

If you choose not to grant these permissions, you can still use the core features of the App, but some optional features (such as profile photo upload) will be unavailable.

3. How We Use Your Personal Data

We use your personal data solely for the purposes we disclose to you at the time of collection:

3.1 To provide core services: Create and manage your account, generate astrological charts and dual chart compatibility analysis, facilitate AI astrologer consultations, daily energy forecasts, and AI-powered astrological insights.

3.2 To improve our service: Analyze app usage patterns through anonymous analytics (PostHog), monitor crash reports and error logs (Sentry), optimize product features, fix bugs, and develop new functions. Analytics data is associated with an anonymous ID only and is not used to personally identify you.

3.3 To ensure account security: Verify your identity, prevent fraud, unauthorized access, and other malicious activities, enforce our Terms of Service.

3.4 To process payments and subscriptions: Verify your purchase, manage your subscription, and process refunds in accordance with our Refund Policy.

3.5 To communicate with you: Send service-related notifications (account verification, subscription updates, security alerts), respond to your support requests, and send marketing communications (only with your prior consent).

3.6 To comply with legal obligations: Meet tax, accounting, and regulatory requirements, respond to lawful requests from courts or government authorities, and exercise our legal rights.

4. Data Storage & Security

Your data is stored on secure servers with encryption at rest and in transit. We use industry-standard security measures including TLS 1.3 encryption for data transmission and AES-256 encryption for data at rest. We implement strict least-privilege access controls, regular security audits, and employee confidentiality agreements to protect your personal information.

However, no data transmission or storage system can be guaranteed to be 100% secure. We cannot warrant absolute security of your personal data, and you provide your data at your own risk.

5. International Data Transfers

Your personal data may be transferred to and processed in jurisdictions outside of Hong Kong SAR China, including Singapore, the United States, and other countries where our third-party service providers are located. These jurisdictions may have different data protection laws than Hong Kong.

We ensure all cross-border data transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and contractual obligations requiring service providers to maintain the same level of data protection as required under Hong Kong law. You may request a copy of the relevant safeguards by contacting us at [email protected].

6. Data Sharing & Third-Party Service Providers

We do NOT sell your personal data to any third parties. We only share your personal data with the following trusted third-party service providers, who are contractually bound to process your data securely, only for the purposes we specify, and in compliance with applicable data protection laws:

6.1 Payment Processing: Currently not applicable. ZodiacSync is free during the MVP phase and does not collect any payment data. Should we introduce paid features in the future, we will update this Policy with at least 30 days' prior notice. For iOS, any paid features will be implemented exclusively through Apple In-App Purchase (IAP) per Apple's App Store Review Guidelines 3.1.5.

6.2 Infrastructure & Hosting:

6.3 AI & Analytics:

  • Google Gemini: Provides AI-powered astrological insights. Privacy Policy: https://policies.google.com/privacy
  • PostHog: Anonymous product analytics. Data collected: feature interactions, screen views, anonymized user IDs (randomly generated, not tied to your personal identity), and basic device info. Privacy Policy: https://posthog.com/privacy

6.4 Error Monitoring:

  • Sentry: Crash reporting and error monitoring. Data collected: device type, OS version, app version, stack trace, anonymous session ID, and truncated IP address. We do not collect personal information through Sentry. Privacy Policy: https://sentry.io/privacy/

6.5 Communication Services:

  • Expo Push Notification Service: Push notification delivery. iOS uses Apple Push Notification service (APNs); Android uses Firebase Cloud Messaging (FCM) under the hood. Data collected: device push tokens and notification delivery status. Privacy Policy: https://expo.dev/privacy

6.6 Authentication Services:

  • Apple Sign In: Allows you to sign in with your Apple ID. Data collected: Apple-provided user identifier, name (only on first sign-in), and email (real or private relay). Privacy Policy: https://www.apple.com/legal/privacy/
  • Google Sign In: Allows you to sign in with your Google account. Data collected: Google-provided user identifier, name, email, and profile photo (if granted). Privacy Policy: https://policies.google.com/privacy

6.7 Email Service:

  • Resend: Transactional and marketing email delivery. Data collected: your email address, name (optional), and email engagement metrics (open/click). Privacy Policy: https://resend.com/privacy

7. Your Data Protection Rights

In accordance with the PDPO and applicable data protection laws, you have the following rights regarding your personal data:

7.1 Right of Access: You have the right to request a copy of all personal data we hold about you.

7.2 Right of Rectification: You have the right to correct any inaccurate or incomplete personal data we hold about you.

7.3 Right of Erasure: You have the right to request the deletion of your account and all associated personal data, subject to legal retention requirements.

7.4 Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.

7.5 Right to Data Portability: You have the right to receive your personal data in a structured, machine-readable format, or request that we transfer it to another data controller, where technically feasible.

7.6 Right to Object to Direct Marketing: You have the right to opt out of marketing communications at any time, free of charge, by clicking the unsubscribe link in our emails or contacting us at [email protected].

7.7 How to Exercise Your Rights: To exercise any of these rights, please send an email to [email protected] from the email address associated with your account. We will verify your identity to prevent unauthorized access, and respond to all valid requests within 30 days. We will not discriminate against you or charge you a fee for exercising your data protection rights, except for excessive, repetitive, or unfounded requests, where we may charge a reasonable administrative cost.

7.8 Right to Lodge a Complaint: If you are dissatisfied with our handling of your personal data, you have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data of Hong Kong SAR China, or the relevant data protection authority in your jurisdiction.

8. Tracking Technologies

8.1 In Our Mobile Apps (iOS & Android): Our mobile apps do not use Apple's Identifier for Advertisers (IDFA) and do not track you across other companies' apps or websites for advertising purposes. We do not engage in cross-app tracking or behavioural advertising.

Our apps may use the following technologies strictly for service functionality and internal product improvement:

  • (a) Anonymous Analytics (PostHog): We use PostHog to collect anonymous usage events (feature interactions, screen views) associated with a randomly generated anonymous user ID. This data is used solely for internal product analytics and is never sold or shared with advertisers. You may opt out by contacting us at [email protected].
  • (b) Error Monitoring (Sentry): We use Sentry to collect crash reports and error logs (device type, OS version, stack trace, anonymous session ID). We do not collect personal information through Sentry.
  • (c) Local Storage: Your app preferences (such as language and theme) are stored locally on your device. You can clear them at any time by clearing the app's data in your device settings.

8.2 On Our Website (zodiacmeet.com): Our website may use cookies and similar tracking technologies (including web beacons, local storage, and pixel tags) to improve your experience on the site. Cookies are small text files stored on your device that help us remember your preferences, analyze site traffic, and understand how you interact with our website.

We use the following types of cookies on our website:

  • (a) Strictly Necessary Cookies: Required for the core functionality of our website, including account login, session persistence, and security features. You cannot disable these cookies in your browser settings without affecting the core functionality of the website.
  • (b) Analytics Cookies: Help us measure and improve the performance of our website, including user engagement and feature usage.
  • (c) Preference Cookies: Remember your settings and preferences, such as language and region settings.

You can disable or delete non-necessary cookies in your browser settings at any time. However, disabling strictly necessary cookies may affect the core functionality of our website, including login persistence and preference storage. Some cookies are set by our third-party service providers, as detailed in Section 6 of this Policy. We do not control the cookies set by these third parties, and we recommend you review their respective privacy policies for more information about their cookie practices.

9. Data Retention

We retain your data as follows:

  • Account core data: Retained for the duration your account is active, plus 30 days after account deletion.
  • Chat messages & user-generated content: Retained for the duration your account is active, plus 30 days after account deletion.
  • Payment & tax records: Retained for 7 years in accordance with Hong Kong and Chinese tax legal requirements.
  • Security & fraud prevention logs: Retained for 90 days after collection.

Upon account deletion, we permanently remove all personal data within 30 days, except where retention is required by applicable law, to resolve disputes, or to enforce our legal agreements.

10. Direct Marketing

We will only send you marketing communications (including promotional emails, in-app offers, and event notifications) if you have given your explicit prior consent. You can withdraw your consent at any time, free of charge, by clicking the unsubscribe link in our emails or contacting us at [email protected]. We will not share your personal data with any third parties for their marketing purposes without your explicit written consent.

11. Children's Privacy

ZodiacSync is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover we have inadvertently collected personal data from a minor, we will immediately delete the data. Parents or guardians who believe we have collected data from a minor may contact us at [email protected] to request deletion.

12. Data Breach Notification

In the event of a personal data breach that poses a significant risk to your rights and freedoms, we will notify you and the relevant data protection authorities in accordance with applicable law, without undue delay. We will take all reasonable measures to mitigate the harm caused by the breach.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes to how we handle your personal data, we will notify you via email or in-app notice at least 30 days before the changes take effect. Your continued use of the App after the effective date of the updated Policy constitutes your acceptance of the changes.

14. Governing Law

This Privacy Policy is governed by the laws of Hong Kong SAR China, without regard to its conflict of law principles.

15. Contact

For privacy-related inquiries, contact us at [email protected].

16. Automated Decision-Making

Our astrological analysis system, dual chart compatibility scoring, and AI-generated insights are based on automated decision-making using the astrological data you provide. These automated processes are for entertainment purposes only, and do not produce legal or similarly significant effects on your rights. You have the right to object to automated decision-making by contacting us at [email protected].

17. Account Deletion

You have the right to delete your ZodiacSync account and the personal data associated with it at any time. This section explains how to request account deletion, what data will be removed, and what data we are required or permitted to retain.

17.1 How to Delete Your Account:

You can request account deletion in any of the following ways:

  • In-App: Go to Profile → Settings → Account → Delete Account, follow the on-screen instructions, and confirm deletion with your account password. A confirmation email will be sent to your registered email address.
  • Email: Send a deletion request from the email address associated with your account to [email protected] with the subject line "Delete My Account". We will verify your identity before processing the request.

17.2 What Data Will Be Deleted:

When your account is deleted, we will permanently remove the following personal data within 30 days of your confirmed request:

  • Account profile (display name, avatar, email, phone number, login credentials);
  • Birth information and astrological chart data;
  • AI chat history, match records, swipe history, and memory palace data;
  • User-generated content (photos, posts, comments, reviews);
  • Device push notification tokens and device identifiers;
  • VIP subscription status (excluding records with the App Store / Google Play / Stripe, which are governed by their respective refund policies).

17.3 Data We May Retain:

In accordance with applicable laws and legitimate business purposes, we may retain the following data even after account deletion:

  • Transaction and payment records required to be retained for tax and accounting purposes (typically 7 years);
  • Records required to investigate fraud, abuse, or violations of our Terms (typically up to 2 years);
  • Backups that have already been generated will be deleted in the normal backup rotation cycle (typically within 90 days).

17.4 Important Notice — Subscription Cancellation:

Deleting your account does not automatically cancel your active paid subscription. To avoid being charged for the next billing cycle, you must cancel your subscription through Apple App Store, Google Play Store, or the Stripe customer portal before submitting your account deletion request. Subscription cancellations are governed by our Refund Policy.

17.5 Effect of Deletion:

Once deletion is complete, your account cannot be recovered. You will not be able to log in again, and your match history, chat records, and other personalized data will be permanently lost. If you reinstall the App or register a new account with the same email, you will start from scratch as a brand new user.

17.6 Deletion Timeline:

We will complete the deletion process and send you a completion confirmation email within 30 days of receiving your verified request. In most cases, deletion is completed within 7 days. If you have not received a confirmation email within 30 days, please contact us at [email protected].

17.7 Contact:

For any questions about account deletion, contact us at [email protected].

18. Content Moderation

We use content moderation to ensure user-generated content (chat messages, community posts, profile information) complies with local laws and cultural norms in our distribution countries, including Indonesia's MOCI Regulation No. 5 of 2020 on Private Electronic System Operators and Malaysia's Communications and Multimedia Act 1998. Our content moderation includes:

  • Automated filtering: We use automated systems to detect and filter prohibited content (including hate speech, sexual content, violence, spam, and content that violates local cultural or religious norms) before and after it is posted.
  • User reporting mechanism: Users may report inappropriate content through the in-app reporting feature available on every chat message, post, and profile.
  • Manual review: All user reports are reviewed by our moderation team. We aim to review and take appropriate action within 7 days of receiving a report; urgent safety reports are prioritized.

To carry out moderation, we process the reported content, metadata (timestamps, sender, recipient), and the reporter's identity. Moderation outcomes (warnings, content removal, account suspension, or termination) and supporting evidence are retained for up to 2 years for audit, appeal handling, and legal compliance purposes, after which they are securely deleted.

We reserve the right to remove content and suspend or terminate accounts that violate our content guidelines or applicable local laws. Users may appeal a moderation decision by contacting [email protected].