Privacy Policy
Last updated: 12 June 2026 · Policy version 2026-06-12
This policy explains what personal information NebulaMap / 星圖命理 ("we", "us", "the Service") collects, why, how it is protected, where it is sent, how long it is kept, and the rights you have. The Service produces a Zi Wei Dou Shu (紫微斗數 / Purple Star Astrology) chart and an AI-generated guidance report. The report is for self-reflection and entertainment only and is not medical, financial, psychological, or legal advice.
This English text is the master version. Localized versions (繁體中文 / 简体中文 / 日本語) are available via the language selector. Please have local counsel review before launch.
1. Who is responsible
The data controller is the operator of NebulaMap. For any privacy request, contact: gary@nebulamap.com. The Service is available only in selected markets and may not be available in your region.
2. What we collect
| Data | Why | Required? |
|---|---|---|
| Date of birth, hour of birth, sex at birth, calendar type, optional birthplace | To compute your astrological chart. These are the core inputs. | Yes (birthplace and hour are optional) |
| Name / nickname | To personalize the report and email greeting. | No |
| Email address | Only if you provide it — to email you the link to your finished report. | No |
| Your consent record | A timestamp and policy version recording that you agreed to this policy. | Yes |
| Payment data | Handled entirely by a third-party PCI-DSS-compliant payment processor if you purchase a paid tier — we never receive or store your card number. | Only for purchases |
| Technical data | IP address and request metadata, used transiently for rate-limiting and abuse prevention. | Automatic |
We treat your birth information as sensitive and handle it with heightened care, even where local law may not strictly classify it as such. We do not collect race, religion, health records, biometric, or government-ID data.
3. Why we may process this (legal bases)
We rely on your explicit, opt-in consent — given when you tap a report option to generate your reading — and on the necessity of processing to deliver the report you request. You may withdraw consent at any time by deleting your report (see Section 7) or contacting us; withdrawal does not affect processing already carried out.
4. Cross-border transfer to our AI provider
To generate your report, your computed chart is sent to a third-party AI provider located in the United States, which returns the written analysis. Your name and email address are not sent to the AI provider. The data sent is derived from your birth details and is processed solely to produce your report. Under our contract with this provider, the data is protected by contractual safeguards, is used only to generate your report, is not used to train any AI models, and is retained only briefly before deletion. This is an international transfer of personal data outside your country: the United States does not hold an EU-style national adequacy recognition, so we rely on your consent together with these contractual safeguards as the basis for the transfer.
5. How your data is protected
All traffic is encrypted in transit (HTTPS/TLS). Stored reports are held in an access-controlled datastore reachable only by the Service. Reports are addressed by an unguessable random identifier; anyone with your report link can view that report, so treat the link as private. We apply security headers, input validation, and per-IP rate limiting, and we restrict who can access production systems. No system is perfectly secure, but we work to protect your information.
6. How long we keep it
Reports and the birth details, name, email, and question stored with them are automatically and permanently deleted after 7 days. IP-based rate-limit counters expire within about 2 days. Payment records are retained by our payment processor and by us only as required for tax and accounting law.
7. Your rights and how to exercise them
Depending on where you live, you have rights to access, correct, delete, or obtain a copy of your data, to withdraw consent, and to object to or restrict processing. Because reading data carries no login:
- Delete now: open your report link and use the delete option, or send a
DELETErequest for your report. Your data is erased immediately. - Do nothing: your data is erased automatically within 7 days.
- Other requests: email gary@nebulamap.com and we will respond within the timeframe your local law requires.
You also have the right to lodge a complaint with your local data protection authority.
8. Sharing
We do not sell your personal information and do not share it for advertising. We share data only with the categories of service providers needed to run the Service: our third-party AI provider (Section 4), our cloud hosting and storage provider, our email-delivery provider, and a third-party payment processor.
9. Children
The Service is intended for adults. If you are not yet of the age of majority where you live, you may use it only with the consent of a parent or guardian. We do not knowingly collect data from children under 14 without verified guardian consent; if you believe a child has used the Service, contact us and we will delete the data.
10. Cookies and local storage
We do not use advertising or tracking cookies. We use your browser's local storage only for functional preferences (chosen language and currency) and to resume an in-progress report. This data stays on your device.
11. Changes
If we make material changes we will update the date and version at the top of this page. Continued use after a change means you accept the updated policy.
12. Contact
Questions or requests: gary@nebulamap.com.