Privacy Policy

1. Introduction

At Mystika GmbH, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3. Information We Collect

Account Information

• Name (optional)
• Email address
• Password (encrypted)
• Birthday and birth time (optional, for horoscope personalization)

Usage Information

• IP address
• Browser type and version
• Pages visited and time spent
• Tarot reading history

Payment Information

We do not store your credit card information. All payments are processed securely by Stripe. We only receive confirmation of successful transactions.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services to you
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legitimate Interests: For fraud prevention, security, and service improvement
• Legal Obligation: Where required by law (e.g., tax records)

5. How We Use Your Information

• To provide and maintain our service
• To process your transactions
• To send you service-related communications
• To personalize your horoscope and reading experience
• To improve our service and develop new features
• To comply with legal obligations

6. Third-Party Services

We share your data with the following third-party service providers:

7. Cookies

We use cookies and similar tracking technologies to enhance your experience:

Essential Cookies

Analytics Cookies

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect service functionality.

8. Data Retention

We retain your personal data only for as long as necessary:

• Account Data: Until account deletion + 30 days
• Transaction Data: 10 years (German tax law requirement)
• Analytics Data: 26 months
• Server Logs: 90 days

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at privacy@mystika.app. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for all data in transit
• Encrypted password storage using bcrypt
• Regular security audits and updates
• Access controls and employee training

11. International Data Transfers

Some of our service providers are located outside the EU/EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and the EU-US Data Privacy Framework, to protect your data during such transfers.

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority:

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. The date of the latest revision will be indicated at the top of this page.

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us: