Privacy Policy
Last updated: June 18, 2026
Introduction
SoulMetric ("we", "us", "our") operates the SoulMetric web application at www.soulmetric.app (the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and the choices you have.
By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
Information we collect
We collect information in the following categories:
Account and authentication data
- Email address — when you sign up with email/password or a social login provider.
- Password — if you use email/password sign-up, stored only as a cryptographic hash by our authentication provider; we never store your plain-text password.
- Social login identifiers and profile metadata — when you use Google or Facebook sign-in (see dedicated sections below).
- Session cookies — to keep you signed in and secure your account.
Profile and birth data
To generate astrology, Human Design, and related readings, you provide (or we derive):
- Display name
- Birth date
- Birth time and whether the birth time is known
- Birth place (city/location label)
- Birth coordinates and timezone
- Language/locale preference
Birth data is sensitive personal information. We use it only to provide chart calculations, personalized content, and features described in this policy.
Charts, readings, and generated content
- Natal astrology charts, Human Design bodygraphs, numerology summaries, and related computed data stored as structured records.
- Daily insights, transits, and personalized feed content generated for your account.
- Tarot spreads, card draws, and interpretations you request.
- AI-generated interpretations (e.g., Luna chat responses, Human Design deep sections) created from your chart data and prompts.
- Cached copies of third-party chart API responses, keyed to your calculations, to improve performance.
Luna AI conversations
- Conversation titles and message history (your prompts and Luna's replies).
- Token usage counts for billing and rate limits.
- Optional conversation memory used to personalize ongoing chats within your account.
Match / saved people
If you use compatibility or "people" features, we store names, relationship labels, and birth data for individuals you add. You are responsible for having a lawful basis to provide third parties' birth information.
Subscription and payment data
- Subscription tier, status, and billing period.
- Stripe customer and subscription identifiers. Payment card details are collected and processed directly by Stripe; we do not store full card numbers on our servers.
- Purchase history for reports, credits, and gift subscriptions where applicable.
- Gift redemption codes and recipient email addresses you provide for gifts.
Push notifications
If you enable morning brief push notifications, we store:
- Web push subscription endpoint and encryption keys
- Your preferred notification time and timezone
- A push-enabled flag on your profile
Usage analytics
We use PostHog to understand how the Service is used (e.g., page views, feature interactions). Analytics are tied to an internal user identifier when you are signed in. We configure analytics to avoid collecting unnecessary personal data. You can limit tracking via your browser settings and ad/tracking controls.
Support and communications
If you contact us, we retain your message and email address to respond and maintain a record of support requests.
How we use your information
We use personal information to:
- Create, authenticate, and secure your account.
- Calculate and display charts, daily insights, tarot readings, and match features.
- Power Luna AI and other personalized interpretations.
- Process subscriptions, one-time purchases, and gift redemptions.
- Send transactional emails (welcome, receipts, report delivery, account notices).
- Deliver push notifications you opt into.
- Enforce usage limits by subscription tier.
- Monitor performance, fix bugs, and improve the Service.
- Comply with law and protect the security of our users and systems.
We do not sell your personal information. We do not use your data for third-party advertising. We do not use Google user data to train generalized AI/ML models.
AI processing
Certain features send portions of your profile, chart data, and chat messages to Anthropic (Claude API) to generate text responses and interpretations. This processing occurs only to provide features you request. Prompts may include your display name and relevant chart facts. We do not authorize Anthropic to use your data to train their public models beyond Anthropic's own API terms and policies.
AI output is generated automatically and may be inaccurate. It is provided for entertainment and self-reflection only (see our Terms of Service).
Google user data
SoulMetric offers "Continue with Google" sign-in. We use Google OAuth only for authentication and account management. We do not access Gmail, Google Calendar, Google Drive, Google Contacts, or any other Google API beyond basic sign-in profile information.
Data accessed from Google
When you choose Google sign-in, we receive the following through Supabase Auth (which implements the Google OAuth flow):
- Email address — to create and identify your account.
- Full name — to pre-fill your display name and show your name in the app.
- Google account ID — to link your Google account and maintain your session.
- Profile picture URL — if available; stored in your auth record. We do not currently display this image in the product UI.
- Email verification status — to assess account trust during sign-in.
Scopes requested: openid, email, and profile only.
How we use Google user data
- Create, authenticate, and secure your account.
- Maintain signed-in sessions.
- Pre-fill your display name during onboarding (editable anytime in Settings).
- Send account-related emails and associate your account with Stripe for paid plans.
- Display your name and email in the account UI.
We do not use Google user data for advertising, selling to data brokers, credit scoring, or training generalized AI/ML models.
Google data — storage, sharing, and retention
- Storage: Supabase Auth and our
profilestable (display name). - Sharing: Supabase, Stripe (checkout/receipts), and Resend (transactional email), as described in "Service providers" below.
- Retention: Until you delete your account, after which auth and profile data are removed.
Google API Services compliance
SoulMetric's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Facebook login data
If you choose "Continue with Facebook", we receive basic profile information permitted by Facebook's login permissions (typically name and email address) through Supabase Auth. We use this data only to create and authenticate your account, pre-fill your display name, and communicate about your account. We do not access your Facebook friends list, posts, photos, or messages.
Service providers
We share personal information with vendors that process data on our behalf, under contracts that require appropriate safeguards:
- Supabase — authentication, database, and file storage.
- Vercel — application hosting and delivery.
- Stripe — payment processing and subscription management.
- Resend — transactional email delivery.
- PostHog — product analytics.
- Google Analytics — website traffic and marketing measurement.
- Anthropic — AI text generation for Luna and interpretations.
- Chart calculation providers — our servers send birth date, time, and location to external astrology/Human Design APIs to compute charts; responses are cached server-side.
We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets (with notice where legally required).
Cookies and similar technologies
We use cookies and similar storage for:
- Essential cookies — authentication session (required for the Service to work).
- Analytics — PostHog and Google Analytics may set cookies or use local storage to measure usage and marketing performance.
You can control non-essential cookies through your browser settings. Blocking essential cookies may prevent you from staying signed in.
Legal bases (EEA/UK users)
If you are in the European Economic Area or United Kingdom, we process personal data under:
- Contract — to provide the Service you signed up for.
- Legitimate interests — security, analytics, and product improvement, balanced against your rights.
- Consent — where required (e.g., optional push notifications).
- Legal obligation — where we must retain or disclose data by law.
International transfers
We and our service providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.
Data retention
- Account data is kept while your account is active.
- When you delete your account (Account → Settings → Delete account), profile data, charts, conversations, and related records are removed via cascade deletion from our primary database.
- Backups, logs, and payment records may persist for a limited period as required for security, fraud prevention, accounting, or legal compliance.
- Stripe retains payment records according to Stripe's policies and legal requirements.
Security
We use industry-standard measures including encryption in transit (HTTPS), access controls, and row-level security in our database. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
Your rights and choices
- Access and update — edit birth data and display name in Account → Settings.
- Delete — delete your account anytime in Account → Settings; this removes your profile and associated data from our systems.
- Push notifications — disable in Account → Settings or via browser/OS notification controls.
- Marketing — unsubscribe using links in promotional emails (if sent).
- EEA/UK rights — you may have rights to access, rectify, erase, restrict, port, or object to processing, and to lodge a complaint with your supervisory authority.
- California residents — you may have rights to know, delete, and opt out of sale/sharing. We do not sell personal information.
To exercise rights, contact hello@soulmetric.app. We may verify your identity before responding.
Children
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be notified by email or in-app notice where appropriate.
Contact
Questions about privacy or your data: hello@soulmetric.app
Entertainment and self-reflection only — not medical, financial, or legal advice. See our Terms of Service for full disclaimers.