Privacy Policy

Effective Date: January 17, 2026 Last Updated: January 17, 2026

1. Introduction

GnosisWay ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect information that identifies you personally to facilitate your use of the Service. This includes account details such as your name, email address, username, encrypted password, date of birth, and profile picture. To process transactions, we utilize third-party payment processors who handle your billing address and payment method details; we retain only the transaction history. Additionally, to provide our core astrological services, we collect specific profile data including your birth date, time, and location, alongside your preferences, settings, and saved reading results.

2.2 Automatically Collected Information and Cookies

When you access our Service, we automatically collect certain data regarding your device and usage. This includes technical specifications such as your IP address, browser type and version, operating system, device identifiers, and screen resolution. We also track usage data, comprising pages visited, features utilized, time spent on the platform, click patterns, referral sources, and search queries.

We utilize various tracking technologies, including session, persistent, analytics, and advertising cookies, as well as local storage data, to maintain Service functionality and analyze performance.

2.3 Information from Third Parties and User Content

We may receive information from third-party sources, such as social login providers (Google, Facebook, Apple) regarding your profile and authorized friends lists. Payment processors provide us with transaction confirmations and status updates, while analytics providers supply aggregated usage statistics and demographic information. Furthermore, we collect user-generated content, including questions submitted for readings, comments, feedback, and records of communications with our support team.

3. How We Use Your Information

We utilize your information primarily to provide, maintain, and improve our Service. This involves creating and managing your account, processing payments, delivering customer support, and providing personalized readings and insights. We also use this data to analyze usage patterns, develop new features, conduct research, and test performance optimization.

From a marketing perspective, we may use your data to send promotional emails, newsletters, and personalized recommendations, provided we have your consent. Legally, we use your information to comply with regulatory obligations, enforce our Terms of Service, prevent fraud, and resolve disputes.

Regarding our AI features, we use anonymized data to train and improve our machine learning models, generate personalized content, and enhance recommendation algorithms. Please note that personal identifiers are removed or anonymized before being used in AI training processes.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and the UK, our processing of your personal data is based on specific legal grounds: where you have given explicit consent; when processing is necessary to fulfill our contract with you; when required to comply with legal obligations; or when necessary for our legitimate business interests.

5. Data Sharing and Disclosure

We respect your data and only share it under specific circumstances. We share information with trusted third-party service providers who assist in our operations. This includes payment processors (such as Stripe and PayPal), analytics providers (including Google Analytics, Mixpanel, and Amplitude), AI service providers (such as OpenAI and Anthropic), infrastructure hosts (Vercel, AWS, Cloudflare), and communication platforms (SendGrid, Twilio).

We may also disclose information if required by law, such as in response to court orders, subpoenas, or government requests, or to protect our rights and safety. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. Aside from these scenarios, we may share information with your explicit consent or in an aggregated, anonymized format that does not personally identify you.

6. Data Retention and Deletion

We retain personal data only as long as necessary. Account data is retained while your account remains active. Usage logs are kept for a period of two years, while marketing data is held until you withdraw consent. To comply with legal requirements, we retain transaction records for seven years. Upon account deletion, we delete personal information within 30 days, though we retain legally required transaction records and anonymized data used for analytics.

7. Your General Rights

Regardless of your location, you possess specific rights regarding your personal data. You have the right to access, update, correct, or request a copy of your data in a machine-readable format. You may also request the deletion of your account and associated data, subject to legal retention obligations. Additionally, you retain the right to opt out of marketing communications, disable cookies (which may affect functionality), restrict data processing, or withdraw your consent at any time.

8. Security Measures

We employ a combination of technical and organizational safeguards to protect your data. Technical measures include encryption in transit (TLS/SSL) and at rest, secure authentication, firewalls, and regular security audits. Organizational measures involve strict access controls, employee training, and incident response procedures. However, please be aware that no system is 100% secure, and you use the Service at your own risk.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. We ensure these transfers comply with applicable laws through safeguards such as Standard Contractual Clauses (SCCs), Privacy Shield frameworks where applicable, or adequacy decisions. By using the Service, you consent to these international transfers.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect data from minors. If we discover that we have collected personal information from a child under 18, we will promptly delete such data. Parents or guardians who believe a child has provided us with data should contact us at gnosiswayapp@gmail.com.

11. Cookies and Third-Party Links

We use essential, analytics, marketing, and preference cookies to support Service functionality. You can manage cookie preferences through your browser settings or our consent banner. The Service may contain links to third-party websites; we are not responsible for their privacy practices and encourage you to review their policies.

12. Jurisdiction-Specific Rights

12.1 United States Privacy Rights

Residents of certain U.S. states-including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA)-are afforded specific rights regarding their personal information. These rights include the ability to confirm whether we are processing your personal data, to access and rectify such data, to request the deletion of data provided by or obtained about you, and to obtain a copy of your data in a portable format.

"Do Not Sell or Share My Personal Information" While GnosisWay does not sell personal information in the traditional sense of exchanging data for monetary consideration, we may share certain identifiers (such as cookies or device IDs) with third-party partners for analytics and targeted advertising purposes. Under laws like the CCPA and CPRA, this may be defined as a "sale" or "sharing" of personal information. You have the right to opt out of such sharing or targeted advertising at any time by contacting us or adjusting your cookie preferences. We will not discriminate against you for exercising any of your privacy rights.

12.2 European Privacy Rights (GDPR/UK GDPR)

Residents of the EEA, Switzerland, and the UK have the right to access, rectify, erase ("right to be forgotten"), restrict, and object to the processing of their data, as well as the right to data portability and the withdrawal of consent. You also have the right to lodge a complaint with your local supervisory authority.

To exercise rights under any jurisdiction, please contact us or our Data Protection Officer at gnosiswayapp@gmail.com.

13. Changes and Contact Information

We may update this Privacy Policy periodically. Material changes will be communicated via email, website banners, or in-app notifications, and are effective immediately upon posting. We encourage regular review of this policy.

For the purposes of the GDPR and other applicable privacy laws, the Data Controllers operating the Service are Mateusz Jakubowski, Sergiusz Gojszyk, and Kamil Sidorowicz.

For any privacy-related questions, requests, or to exercise your rights, please contact us at:

GnosisWay Tomcia Palucha 3 02-495 Warsaw, Poland

Email / Data Protection Officer: gnosiswayapp@gmail.com

We aim to respond to verified requests within 30 days (GDPR) or 45 days (US State Laws), subject to extensions permitted by law.

Last Reviewed: January 17, 2026 Version: 2.1