SoulMetric

Legal · Privacy

Privacy Policy

Effective date: 30 May 2026

This Privacy Policy explains how SoulMetric (“we”, “us”) collects, uses, shares, and protects personal data when you use soulmetric.app and related services (the “Service”). We comply with the GDPR, UK GDPR where applicable, and other privacy laws that apply to you.

1. Who is responsible

SoulMetric is the data controller for personal data described here. Contact: privacy@soulmetric.app for privacy requests and Data Protection enquiries.

2. Data we collect

Depending on how you use SoulMetric, we may process:

  • Account data — email address, authentication identifiers, display name, subscription tier, and preferences.
  • Birth and chart data — birth date, time, timezone, birth location coordinates, calculated natal chart, Human Design bodygraph, saved charts, and compatibility inputs you provide.
  • Generated content — AI forecasts, tarot readings, chat transcripts, journal entries, lunar notes, and exports you create.
  • Usage data — feature interactions, forecast cache keys, rate-limit counters, referral or affiliate attribution where enabled, and technical logs (IP address, device/browser type, timestamps) when analytics are enabled with your consent.
  • Payment data — Stripe customer ID, subscription status, invoice metadata, and purchase history. Card numbers are handled by Stripe; we do not store full payment card details.
  • Communications — support messages and marketing emails if you opt in.
  • Cookie preferences — your choices about analytics and support cookies, stored locally and listed on our Cookie Policy page.

3. How we collect data

Directly from you when you register, complete onboarding, edit your profile, purchase plans, use chat or journaling, or contact support.

Automatically through strictly necessary cookies, local storage (for example PWA install state and theme), and server logs when you use the Service.

Through optional technologies only after consent — product analytics (PostHog, Google Analytics 4) and support chat (Crisp).

From third parties you connect (for example OAuth profile basics from Google or Apple sign-in) and from payment events Stripe sends via webhooks.

4. Why we use your data

We use personal data to:

  • Provide and secure the Service — authenticate you, calculate charts, deliver forecasts, enforce tier limits, and prevent abuse.
  • Personalize experiences — tailor AI outputs to your chart, selected life areas, and stated interests.
  • Process payments — manage subscriptions, one-time reports, message packs, and gift cards.
  • Communicate — send transactional email (receipts, security, onboarding), and marketing only with consent where required.
  • Improve the product — aggregated analytics when you opt in, debugging, and quality review of AI prompts (not selling your journal to advertisers).
  • Comply with law — tax, fraud prevention, and lawful requests.

5. Legal bases (GDPR)

Where the GDPR applies, we rely on:

  • Contract — delivering the Service you signed up for.
  • Legitimate interests — security, fraud prevention, and core personalization balanced against your rights.
  • Consent — analytics cookies, support chat, and marketing where required. You can withdraw consent anytime via Cookie settings.
  • Legal obligation — records we must keep for accounting or compliance.

6. AI and automated processing

Forecasts, tarot narration, chat replies, and similar features send relevant context (chart summaries, selected sphere, recent messages) to Anthropic’s API. Responses stream to you and may be cached under keys such as user, date, period, and life area to reduce cost and latency.

We configure providers not to use your content to train public foundation models for their general products. SoulMetric does not sell your journal or chat text to AI training datasets.

Automated outputs can be inaccurate or insensitive; you should treat them as reflective tools, not facts about health, relationships, or finances.

7. Who we share data with

We share data only with processors that help us run the Service, under contracts that require appropriate safeguards:

We do not sell your personal information. We may disclose data if required by law, to protect rights and safety, or in connection with a merger or acquisition with notice where legally permitted.

  • Supabase — authentication, database, and file storage (row-level security on user data).
  • Stripe — payment processing and subscription management.
  • Anthropic — AI text generation.
  • Vercel (or equivalent hosting) — application delivery and edge functions.
  • Human Design and ephemeris providers — chart calculation from birth parameters you supply.
  • Google — geocoding for birth place search when you use location autocomplete.
  • Resend or similar — transactional email delivery.
  • PostHog and Google Analytics 4 — only if you accept analytics cookies.
  • Crisp — only if you accept support cookies.

8. International transfers

Our processors may store or process data in the United States or other countries. Where required, we use Standard Contractual Clauses or equivalent mechanisms and assess transfer risk.

9. How long we keep data

We retain account and chart data while your account is active. After deletion, we remove or anonymize personal data within a reasonable period, except where backups, legal holds, or aggregated analytics require longer retention.

Forecast and usage caches expire on rolling schedules (often daily or per billing period). Stripe retains payment records per their policies and tax law. Cookie consent choices are stored for 12 months before we may ask again.

10. Security

We use HTTPS, authenticated API routes, Supabase Row Level Security, server-only access to AI and payment keys, and access controls for production systems. No method of transmission is 100% secure; report concerns to privacy@soulmetric.app.

11. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, object to processing, port data, and withdraw consent. You may lodge a complaint with your local data protection authority.

In the app: export data from settings where available, edit birth data on your profile, delete your account (cascading deletion of user-linked rows and auth removal), and open Cookie settings from the footer or this site’s cookie banner.

Email privacy@soulmetric.app to exercise rights; we respond within applicable deadlines (typically one month under GDPR).

12. California and other US notices

California residents may have rights to know, delete, and opt out of certain “sales” or “sharing” under CPRA. SoulMetric does not sell personal information for money. We honor applicable opt-out signals where legally required.

13. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from children. Contact us to request deletion if you believe a minor provided data.

14. Cookies and similar technologies

We use strictly necessary cookies and local storage for authentication, security, affiliate attribution, theme, and calculator-to-signup bridging.

Analytics (PostHog, GA4) and support chat (Crisp) load only after you opt in via our cookie banner or Cookie settings. Full details, durations, and providers are listed on the Cookie Policy page at /cookies.

Withdrawing analytics consent stops new tracking events; previously collected aggregated data may remain in provider dashboards per their retention policies.

15. Changes to this policy

We will post updates here with a revised effective date. Material changes will be communicated through the Service or email when appropriate.

16. Contact

privacy@soulmetric.app — privacy requests, GDPR enquiries, and cookie questions.

Terms of Service →
Privacy Policy · SoulMetric