Privacy Policy
Last updated: February 2026
This Privacy Policy explains how ZodiacID collects, uses, stores, and protects your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian and EU data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
Vadim Iljin
Tallinn, Estonia
[email protected]
2. Data We Collect
We collect the following categories of personal data:
- Identity data: Name (yours and, for relationship reports, your partner's name)
- Birth data: Date of birth, time of birth, and place of birth
- Contact data: Email address
- Payment data: Processed by our third-party payment processor. We do not see or store your full card details.
- Analytics data: Collected only with your explicit consent. Includes page views, scroll depth, and interaction data via Google Analytics (GA4).
- Communication data: Messages you send via our contact form or email
3. Purpose of Processing
We process your personal data for the following purposes:
- Report creation: To calculate your birth chart and write your report
- Order fulfillment: To process your payment and deliver your report via email
- Customer support: To respond to your inquiries and resolve issues
- Analytics: To understand how visitors use our website and improve the experience (with your consent only)
4. Legal Basis
We process your data under the following legal bases as defined by GDPR Article 6:
- Contract performance (Art. 6(1)(b)): Processing your birth data and email is necessary to fulfill your order and deliver your report
- Legitimate interest (Art. 6(1)(f)): Responding to customer support inquiries and maintaining business records
- Consent (Art. 6(1)(a)): Analytics cookies are loaded only after you provide explicit consent via our cookie banner
5. Data Sharing
We share your personal data only with the following categories of third parties, and only to the extent necessary:
- Payment processor: For processing your payment only. They operate under their own privacy policy and are PCI-compliant.
- Form service (Web3Forms): For processing contact form submissions only
We do not sell, rent, or share your personal data with marketing companies, advertisers, or other third parties.
6. Data Retention
- Birth data: Retained until you request deletion. You can request deletion at any time by contacting us.
- Order records: Retained for 6 years for accounting and tax compliance as required by Estonian law (Accounting Act §12).
- Analytics data: Retained according to Google Analytics default settings (14 months).
- Contact form messages: Retained for 2 years or until the inquiry is resolved, whichever is longer.
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data (subject to legal retention requirements)
- Right to data portability: Request your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interest
- Right to withdraw consent: Withdraw your consent for analytics cookies at any time by clearing your browser cookies
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
8. Cookies
We use minimal cookies on our website:
- Essential cookies: Cookie consent preference (stored in localStorage). No third-party cookies are loaded without your consent.
- Analytics cookies (Google Analytics GA4): Loaded only after you click “Accept” on our cookie banner. Used to understand page views, scroll depth, and user interactions. No advertising or tracking cookies.
We do not use advertising cookies, social media tracking pixels, or retargeting cookies.
9. Children's Data
We process children's birth data only at the explicit request of their parent or legal guardian for the purpose of the Parenting Guide product. This data is used solely to calculate the child's birth chart and prepare the parenting report. We do not collect data directly from children. The parent or guardian ordering the report is responsible for ensuring they have the authority to provide the child's birth data.
10. International Transfers
Your data is processed within the European Union where possible. Our website is hosted on Cloudflare Pages (with EU data centers available) and our servers are located in Germany (Hetzner). If any data processing occurs outside the EU, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses where applicable.
11. Security
We implement industry-standard technical and organizational security measures to protect your personal data, including:
- HTTPS encryption for all data in transit
- Encrypted database storage
- Access controls limiting who can access personal data
- Regular security reviews
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.
13. Contact
For any questions about this Privacy Policy or to exercise your data rights, contact us at:
[email protected]
ZodiacID
Tallinn, Estonia