Privacy Policy

Updated legal information for GnosisWay

Privacy Policy

Effective Date: November 21, 2025
Last Updated: November 21, 2025

1. Introduction

GnosisWay ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect information that identifies you personally, including:

Account Information:

  • Name
  • Email address
  • Username
  • Password (encrypted)
  • Date of birth
  • Profile picture

Payment Information:

  • Billing address
  • Payment method details (processed by third-party payment processors)
  • Transaction history

Profile Data:

  • Birth date, time, and location (for astrological readings)
  • Preferences and settings
  • Saved readings and results

2.2 Automatically Collected Information

Device Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Screen resolution

Usage Data:

  • Pages visited
  • Features used
  • Time spent on pages
  • Click patterns
  • Referral sources
  • Search queries

Cookies and Tracking:

  • Session cookies
  • Persistent cookies
  • Analytics cookies
  • Advertising cookies
  • Local storage data

2.3 Information from Third Parties

Social Media:

  • Profile information from social login providers (Google, Facebook, Apple)
  • Friends lists (if authorized)

Payment Processors:

  • Transaction confirmation
  • Payment status

Analytics Providers:

  • Aggregated usage statistics
  • Demographic information

2.4 User-Generated Content

  • Questions submitted for readings
  • Comments and feedback
  • Communications with support

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Process transactions and payments
  • Provide personalized readings and insights
  • Deliver customer support
  • Send service-related communications

3.2 Improvement and Development

  • Analyze usage patterns
  • Improve Service functionality
  • Develop new features
  • Conduct research and analytics
  • Test and optimize performance

3.3 Marketing and Communications

  • Send promotional emails (with consent)
  • Provide personalized recommendations
  • Conduct surveys and research
  • Send newsletters and updates

3.4 Legal and Security

  • Comply with legal obligations
  • Enforce Terms of Service
  • Prevent fraud and abuse
  • Protect against security threats
  • Resolve disputes

3.5 AI and Machine Learning

  • Train and improve AI models
  • Generate personalized content
  • Enhance recommendation algorithms
  • Analyze patterns and trends

Note: Personal identifiers are removed or anonymized before use in AI training.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

  • Consent: You have given explicit consent
  • Contract: Processing is necessary to fulfill our contract with you
  • Legal Obligation: Required by law
  • Legitimate Interests: Necessary for our legitimate business interests

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with trusted partners who assist in operating our Service:

Payment Processors:

  • Stripe, PayPal (for payment processing)
  • PCI-DSS compliant providers

Analytics:

  • Google Analytics
  • Mixpanel
  • Amplitude

AI Services:

  • OpenAI (for AI-generated content)
  • Anthropic
  • Other AI providers

Infrastructure:

  • Vercel (hosting)
  • AWS (cloud storage)
  • Cloudflare (CDN and security)

Communication:

  • SendGrid (email delivery)
  • Twilio (SMS notifications)

5.2 Legal Requirements

We may disclose information when required by law:

  • Court orders or subpoenas
  • Government requests
  • Legal proceedings
  • Protection of rights and safety

5.3 Business Transfers

In the event of merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share information for purposes not listed here with your explicit consent.

5.5 Aggregated Data

We may share anonymized, aggregated data that cannot identify you personally.

6. Data Retention

6.1 Retention Periods

  • Account Data: Retained while your account is active
  • Transaction Records: 7 years (legal requirement)
  • Usage Logs: 2 years
  • Marketing Data: Until consent is withdrawn

6.2 Deletion

Upon account deletion, we:

  • Delete personal information within 30 days
  • Retain transaction records as legally required
  • Anonymize data used in analytics

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

  • Access your personal data
  • Request a copy of your data
  • Export your data in machine-readable format

7.2 Correction and Update

  • Update your account information
  • Correct inaccurate data

7.3 Deletion

  • Request deletion of your account and data
  • Subject to legal retention requirements

7.4 Opt-Out Rights

  • Unsubscribe from marketing emails
  • Disable cookies (may affect functionality)
  • Opt out of personalized advertising

7.5 Data Restriction

  • Request limitation of data processing
  • Object to certain processing activities

7.6 Withdraw Consent

  • Withdraw consent for data processing at any time
  • Does not affect prior lawful processing

7.7 Lodge a Complaint

  • File complaints with data protection authorities
  • Contact us directly with concerns

8. Security Measures

8.1 Technical Safeguards

  • Encryption in transit (TLS/SSL)
  • Encryption at rest
  • Secure authentication
  • Regular security audits
  • Intrusion detection systems
  • Firewall protection

8.2 Organizational Measures

  • Access controls and permissions
  • Employee training on data protection
  • Confidentiality agreements
  • Incident response procedures

8.3 Limitations

No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You use the Service at your own risk.

9. International Data Transfers

9.1 Cross-Border Transfers

Your data may be transferred to and processed in countries other than your own, including the United States.

9.2 Safeguards

We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Privacy Shield frameworks (where applicable)
  • Adequacy decisions

9.3 Consent

By using the Service, you consent to international data transfers.

10. Children's Privacy

10.1 Age Restriction

The Service is NOT intended for children under 18. We do not knowingly collect data from minors.

10.2 Parental Notice

If you believe a child has provided us with personal information, contact us immediately at gnosiswayapp@gmail.com.

10.3 Deletion

We will promptly delete any data from users under 18 upon discovery.

11. Cookies and Tracking Technologies

11.1 Types of Cookies

Essential Cookies:

  • Required for Service functionality
  • Cannot be disabled

Analytics Cookies:

  • Track usage and performance
  • Can be disabled

Marketing Cookies:

  • Personalized advertising
  • Can be disabled

Preference Cookies:

  • Remember your settings
  • Can be disabled

11.2 Cookie Management

You can control cookies through:

  • Browser settings
  • Cookie consent banner
  • Opt-out tools (e.g., NAI, DAA)

11.3 Do Not Track

We do not currently respond to Do Not Track signals.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.

13. California Privacy Rights (CCPA)

13.1 Rights Under CCPA

California residents have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed
  • Opt out of sale of personal information
  • Request deletion of personal information
  • Non-discrimination for exercising rights

13.2 Sale of Personal Information

We do NOT sell your personal information.

13.3 Exercising Rights

Contact us at gnosiswayapp@gmail.com to exercise your rights.

14. European Privacy Rights (GDPR)

14.1 Rights Under GDPR

EEA residents have the right to:

  • Access personal data
  • Rectify inaccurate data
  • Erase data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent
  • Lodge complaints with supervisory authorities

14.2 Data Protection Officer

Contact our DPO at gnosiswayapp@gmail.com for GDPR-related inquiries.

15. Changes to This Privacy Policy

15.1 Updates

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification
  • Website banner
  • In-app notification

15.2 Effective Date

Changes are effective immediately upon posting. Continued use constitutes acceptance.

15.3 Review

We encourage you to review this policy regularly.

16. Contact Us

For privacy-related questions or to exercise your rights:

Email: gnosiswayapp@gmail.com
Data Protection Officer: gnosiswayapp@gmail.com

16.1 Response Time

We will respond to requests within:

  • 30 days (GDPR)
  • 45 days (CCPA)
  • Reasonable timeframe for other jurisdictions

17. Consent

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND CONSENT TO THIS PRIVACY POLICY.

Last Reviewed: November 21, 2025
Version: 2.0