Privacy Policy
Last updated: 2026-05-22
Who we are
Orabit is operated by Orabit SRL, a company registered in Romania. Contact: privacy@orabit.app.
What we collect
| Data | Purpose | Legal basis |
|---|---|---|
| Anonymous device ID (UUID in OS keychain) | Identify your local data, sync across reinstalls | Legitimate interest |
| Birth date, optional birth time and city | Generate astrology readings | Consent |
| Email (only if you sign in) | Account recovery, support | Contract |
| Journal entries | Provided by you, stored encrypted on your device | Consent |
| Purchase history | Subscription management | Contract |
| Crash logs | App stability | Legitimate interest |
We do not collect: contacts, photos, location (beyond birth city you enter), or advertising identifiers.
What we do NOT do
- We do not sell your data.
- We do not use cross-app tracking.
- We do not send your personal data to any external service for content generation.
Storage
Journal entries and birth details are stored on your device, encrypted at rest with a key held in the operating system’s secure enclave (iOS Keychain / Android Keystore).
If you enable cloud backup (off by default), entries are end-to-end encrypted before leaving your device. We cannot read them.
Your rights (GDPR, CCPA)
- Access: Settings → Privacy → Export My Data.
- Deletion: Settings → Delete Account. Requires email confirmation.
- Portability: included in the export.
- Object / restrict / lodge complaint with ANSPDCP (Romanian DPA): dataprotection.ro
Subprocessors
At this release, we use no third-party subprocessors other than the platform stores you bought the app from (Apple App Store / Google Play) which handle your purchases and push delivery.
When we add cloud sync, subscriptions through a vendor (e.g. RevenueCat), or crash reporting (e.g. Sentry), this section will be updated and we will notify you in-app at least 14 days before the change takes effect.
Children
Orabit is not directed to children under the digital-consent age in the user’s country. That is 13 in most jurisdictions, and up to 16 in some EEA Member States. We do not knowingly collect data from users below their country’s digital-consent age. If you believe a child has provided data to us, contact privacy@orabit.app and we will delete it.
Changes
Material changes will be communicated in-app at least 14 days before they take effect.
Contact
privacy@orabit.app — Orabit, Romania