Privacy Policy

Effective date: May 4, 2026

1. Data Controller

StellarTies is operated by Invents.US, LLC, a Washington state limited liability company. StellarTies ("we," "us," "our") is the data controller for personal data collected through the StellarTies platform at stellarties.com. For privacy inquiries, contact us at privacy@stellarties.com.

2. Data We Collect

  • Account data: Email address
  • Birth data: Date, time, and location of birth for synastry calculations. Encrypted at rest using AES-256-GCM. Never stored without an account.
  • Usage data: Session tokens, consent records, and credit ledger entries.
  • Technical data: IP address and User-Agent string (recorded with consent events; also used at the CloudFront edge for the analytics described below).
  • Aggregate analytics derived from access logs: a short-lived random visitor hash (derived from IP + User-Agent), the pages you visit, time-on-page durations, the referring URL, and a coarse device-type classification (mobile, tablet, desktop, bot). The visitor hash is not linkable back to your identity and is not used to recognize you across sessions. See the Cookie & Storage Policy §3 for the first-party analytics beacon used to capture time-on-page.

We do not collect payment information directly (Stripe handles payment processing), social media profiles, or government-issued IDs.

3. Purposes & Legal Basis

PurposeLegal Basis (GDPR)
Provide synastry calculationsContract performance
Generate personalized relationship narrativesContract performance
Account management & authenticationContract performance
Health data processing (birth data as consumer health data under WA MHMDA)Explicit consent
Marketing communications (optional)Consent

4. Data Retention

Account data and encrypted birth data are retained until you delete your account. Consent records are retained for 3 years after withdrawal for compliance documentation. Session tokens are deleted upon logout. Sessions do not currently have a server-side TTL.

5. Third Parties

We do not sell, share, rent, or trade your personal data with any third parties. No third-party analytics or tracking services are used; analytics are first-party and derived from our own CloudFront access logs (see §2).

Infrastructure (AWS). StellarTies runs on Amazon Web Services. AWS provides hosting, encrypted database storage, authentication, language-model inference, and content delivery on our behalf under a data processing agreement. All processing occurs within the United States.

Authentication. Sign-in / sign-up redirects your browser to a hosted authentication page which receives your email address and password, the only personal data necessary to authenticate you.

AI processing (AWS Bedrock). Personalized narratives are generated by a language model. The model receives only planetary coordinates, aspect geometry, and privacy aliases — never raw birth dates, times, coordinates, or real names. Your data is not used to train any AI models.

Email transport . Transactional and lifecycle emails we send (account verification codes, partner invites, forecast digests, weekly connection bids, and trial-lifecycle reminders) are delivered through Resend, Inc. We share recipient email addresses and the email body with Resend for delivery. See Resend's Privacy Policy. AWS SES is used as a defensive fallback only. Payment receipts and dunning emails are sent directly by Stripe (see the Payments paragraph below) and do not flow through Resend.

Payments (Stripe). Payment information (card numbers, billing addresses) is collected and processed directly by Stripe, Inc. and is never stored on StellarTies servers. Stripe redirects your browser to its hosted Checkout and Customer Portal pages on checkout.stripe.com / billing.stripe.com, which set their own cookies on those domains (see Cookie & Storage Policy §2). We receive only a Stripe Customer ID, subscription status, and transaction metadata. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy. We share your email address with Stripe to create and manage your billing account.

6. Security

Birth data is encrypted at rest using AES-256-GCM. The language model receives only planetary coordinates, aspect geometry, and privacy aliases — never raw birth dates, times, or coordinates.

7. Your Rights

All Users

  • Access your data (Account > Export)
  • Delete your account and all data
  • Withdraw marketing consent at any time

GDPR (EU/EEA/UK)

Right to access, rectification, erasure, restriction, portability, and objection. Lodge complaints with your supervisory authority.

CCPA/CPRA (California)

Right to know, delete, correct, and opt out of sale/sharing. We do not sell or share personal information. No financial incentive programs. To exercise your rights, contact privacy@stellarties.com. We will respond within 30 days.

PIPEDA (Canada)

Right to access and challenge the accuracy of your personal information.

LGPD (Brazil)

Right to confirmation, access, correction, anonymization, portability, deletion, and information about sharing.

8. Age Restriction

StellarTies is intended for users aged 18 and older. We do not knowingly collect data from anyone under 18. Birth data submitted for calculation is validated to ensure the individual is at least 18 years old.

9. International Transfers

All data is currently processed and stored in the United States. If you access StellarTies from outside the US, your data will be transferred to and processed in the US. We rely on consent as the legal mechanism for such transfers.

10. Changes to This Policy

We will notify registered users of material changes via the email address on file. Continued use of StellarTies after changes constitutes acceptance.

11. Contact

For privacy inquiries, data subject requests, or complaints:
privacy@stellarties.com