GDPR Notice - Astro Dozi

1. Data Controller

Controller: Bardino Technology
App: Astro Dozi (com.bardino.zodi)
Website: astro.dozi.app
Contact / data protection: astrodozi@dozi.app

If you are based in the EEA, Switzerland or the UK, you can contact us at the address above for any privacy-related question. We will route requests to the appropriate person responsible for GDPR compliance.

2. Categories of Personal Data

We process the following categories of personal data, described in detail in our Privacy Policy:

Identity and contact data (Google / Apple sign-in details, email, profile picture).
Astrology profile data (birth date, optional birth time and place, sun/rising sign).
Application activity (Yıldız Tozu balance, AI chats, tarot history, streaks).
Device and diagnostic data (model, OS, app version, language, truncated IP, crash logs).
Advertising identifier (only in the free tier and only with your consent under ePrivacy / ATT).
Subscription / receipt data (anonymous product ID, store order ID, status — handled by Google Play, Apple App Store and RevenueCat).

We do not knowingly process data from children under 16 in the EEA without verifiable parental consent.

3. Lawful Bases (Art. 6 & Art. 9 GDPR)

Art. 6(1)(b) — Performance of a contract: creating your account, providing the Service and managing subscriptions.
Art. 6(1)(a) — Consent: personalisation based on birth data, push marketing, personalised advertising. You can withdraw consent at any time.
Art. 6(1)(c) — Legal obligation: tax, accounting, consumer protection, lawful authority requests.
Art. 6(1)(f) — Legitimate interests: security, fraud prevention, error correction, product analytics. A balancing test has been performed and is available on request.
Art. 9(2)(a) — Explicit consent where any data could amount to special-category data in your jurisdiction.

4. Purposes of Processing

Authentication and account management.
Personalised astrology, tarot and AI chat content (via Google Gemini).
Subscription management and entitlement sync (RevenueCat, Google Play, Apple).
Push notifications (Firebase Cloud Messaging / Apple Push Notification Service).
Crash reporting, performance, analytics (Firebase Crashlytics, Performance, Analytics).
Advertising in the free tier (Google AdMob, AppLovin and Unity mediation partners) — only after your consent / iOS App Tracking Transparency permission.
Compliance with legal obligations and enforcement of our terms.

5. Recipients and Sub-processors

Google LLC / Google Ireland Ltd — Firebase, Google Cloud, Gemini AI, AdMob, Play Billing.
Apple Inc. / Apple Distribution International Ltd — Sign in with Apple, App Store, APNs.
RevenueCat, Inc. — subscription state and receipt validation.
AppLovin Corporation, Unity Technologies — AdMob bidding/mediation partners (free tier only).

Each sub-processor is bound by a data processing agreement (DPA) and acts only on documented instructions. We do not sell your personal data and we do not share it with third parties for their own marketing purposes.

6. International Data Transfers

Your data is primarily stored on Google Cloud infrastructure in europe-west regions, with limited replication to the United States for service reliability. Where transfers leave the EEA / UK, we rely on:

Adequacy decisions of the European Commission (e.g. UK Adequacy Decision, EU-US Data Privacy Framework where applicable),
Standard Contractual Clauses (SCCs, 2021/914) and the UK International Data Transfer Addendum / IDTA,
Supplementary technical and organisational measures (encryption in transit and at rest, pseudonymisation, access logging, sub-processor audits).

You can request a copy of the relevant transfer mechanism by emailing astrodozi@dozi.app.

7. Storage Periods

Account data: while your account is active.
Inactive accounts: deleted after 24 months of inactivity following a notice.
Account deletion requests: removed from production within 30 days, from backups within 90 days.
Diagnostics / crash logs: 90 days.
Analytics events: anonymised after 14 months.
Billing records: up to 10 years where required by tax law.

8. Your Rights (Art. 12-22 GDPR / UK GDPR)

Access — obtain a copy of your personal data.
Rectification — correct inaccurate or incomplete data.
Erasure ("right to be forgotten") — delete data when no longer necessary.
Restriction — limit processing in specific cases.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests or for direct marketing.
Withdraw consent at any time, without affecting the lawfulness of prior processing.
Not be subject to automated decision-making producing legal or similarly significant effects (we do not perform such decisions).
Lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement (see section 10).

9. How to Exercise Your Rights

In-app: open Profile → Account Management to delete your account and associated data instantly.
By email: send a request from your registered email to astrodozi@dozi.app with the subject line "GDPR Request".
We will respond within 30 days. If your request is complex we may extend the period by a further two months and inform you of the reason.
We do not charge a fee unless requests are manifestly unfounded or excessive (Art. 12(5) GDPR).

10. Supervisory Authorities

You can lodge a complaint with the supervisory authority in your country (e.g. Datenschutzbeauftragte in Germany, CNIL in France, Garante in Italy, AEPD in Spain, Datatilsynet in Denmark).
UK: Information Commissioner's Office (ICO) — ico.org.uk.
A list of EEA authorities is available at edpb.europa.eu.
We would appreciate the chance to address your concerns directly first by writing to astrodozi@dozi.app.

11. Updates to This Notice

We may update this notice from time to time to reflect legal or operational changes. Material changes will be communicated in-app and the "Last updated" date above will be revised.

GDPR & UK GDPR Notice