Legal

Privacy Policy

Last updated: 27 April 2026

1. Who we are

BirthBrief is operated by Matteo Rigo, an individual trader, ul. Popieluszki 2a/190, 80-864 Gdańsk, Poland. Contact: [email protected].

This policy explains what personal data we collect when you use birthbrief.com, why we collect it, and your rights under the General Data Protection Regulation (GDPR, EU 2016/679).

2. What data we collect and why

When you purchase or generate a natal chart report, we collect:

Name — to personalise your report
Email address — to deliver your report and provide support
Date of birth — required to compute your natal chart
Birth time (optional) — improves accuracy of house placements
Birth city and geographic coordinates — required to compute planetary positions at your exact location

We also log a one-way hash of your IP address for rate-limiting and fraud prevention. The hash cannot be reversed to identify you.

Legal basis (GDPR Art. 6(1)(b)): All data above is processed to perform the contract — i.e. to generate and deliver the natal chart report you purchased or requested. We do not use this data for advertising or sell it to third parties.

3. Sub-processors (third parties who handle your data)

To deliver the service we share your data with the following processors, each bound by data processing agreements:

Anthropic, Inc. (United States) — AI model that generates the written report from your birth data. Privacy policy
Stripe, Inc. (United States) — payment processing. Your card data is handled entirely by Stripe and never reaches our servers. Privacy policy
Resend, Inc. (United States) — transactional email delivery (sending you your report). Privacy policy
Railway Corp. (United States) — hosts the astronomical computation service (Swiss Ephemeris) that calculates planetary positions. Privacy policy
Cloudflare, Inc. (United States) — website hosting, CDN, and database. Privacy policy
Beehiiv, Inc. (United States) — email list management. When you request a free reading, your email is added to our newsletter so we can send your reading and future insights. Privacy policy

All processors are based in the United States. Data transfers are covered by Standard Contractual Clauses (SCCs) where applicable.

4. Cookies and tracking

BirthBrief uses a cookie consent banner (cc.js, self-hosted — no external scripts). On your first visit, you can choose to accept or reject analytics and marketing cookies. Your choice is stored in a cookie called bb_cc.

We set one functional cookie (bb_gate_passed) that does not require consent — it records that you completed the free reading email gate. We also use browser localStorage for the gate status (bb_teaser_gate) and, if you accept analytics, an anonymous GA4 client ID (bb_ga4_cid).

Analytics (optional, consent required): If you accept analytics, we send page view events to Google Analytics 4 via a server-side proxy on our own domain. No Google cookies are set in your browser. The proxy forwards only anonymous usage data to Google's Measurement Protocol.

Marketing (optional, consent required): If you accept marketing cookies, the Meta Pixel (Facebook/Instagram) loads and tracks page views for ad measurement. You can withdraw consent at any time via the cookie preferences link in our footer.

Our fonts are self-hosted — no requests are made to Google Fonts or any font CDN. See our Cookie Policy for a complete table of all cookies.

5. How long we keep your data

Your report and birth data are retained for 12 months from the date of generation, then automatically deleted from our database. Payment records (held by Stripe) are retained in accordance with Stripe's policies and applicable accounting law.

6. Your rights

Under GDPR you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your data before the 12-month retention period
Restriction — ask us to limit how we process your data
Portability — receive your data in a machine-readable format
Complaint — lodge a complaint with the Polish supervisory authority, UODO (Urząd Ochrony Danych Osobowych)

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. Continued use of the service after a change constitutes acceptance of the updated policy.

8. Contact

Matteo Rigo
ul. Popieluszki 2a/190, 80-864 Gdańsk, Poland
[email protected]