Skip to main content
Sign In Get Started
HomeJournalDecisionsLearn
The SkyAboutPricing
EN·ES·DE·FR

Privacy Policy

Tailored Moon - Last Updated: February 11, 2026

1. Introduction

Tailored Moon ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your personal information when you use our website, application, and services (collectively, the "Service").

Your privacy matters. We don't sell your data, we don't show you ads, and we keep your information as secure as our infrastructure allows.

2. Information We Collect

2.1 Account & Profile Data

When you sign up, we collect:

  • Email address
  • Password (hashed using argon2id, never stored in plain text)
  • First name (optional)
  • Birth date and time (to generate your horoscope)
  • Birth location (optional)
  • Zodiac, Moon, and Rising signs (auto-derived from birth data or user input)

2.2 Journal Entries & Reflections

After each horoscope reading, you may write personal reflections. We store:

  • Your journal entry text (encrypted at rest)
  • Mood emoji (if you select one)
  • Moon phase and planetary transit tags (auto-tagged by our system)
  • Timestamps

2.3 Horoscope Reading History

We track:

  • Which daily/weekly/monthly readings you've viewed
  • The timestamp of each reading

2.4 Usage Data

We may collect:

  • Session metadata (login time, logout time)
  • Device type and browser information (for troubleshooting)
  • Pages/features you interact with
  • Error logs and crash reports

2.5 Payment Information

Payment processing is handled by Stripe. We do NOT store credit card information directly. Stripe processes and secures all payment details. We store:

  • Stripe customer ID (linked to your account)
  • Subscription status and tier
  • Subscription expiration date

3. How We Use Your Information

3.1 Core Service Delivery

  • Generating your daily horoscope: We use your birth data (sign, date, time, location) to create personalized readings.
  • Journaling: We store your reflections so you can review them later.
  • Account management: Email and password enable login and account recovery.

3.2 Product Improvement

  • We analyze anonymous, aggregated journaling patterns (e.g., mood trends, common transit associations) to improve our horoscope and journaling features.
  • We monitor feature usage to identify what resonates with you.

3.3 Communication

  • We may send you transactional emails (account confirmation, password reset, subscription updates).
  • We do NOT send marketing emails by default. Notification opt-in is always your choice.

3.4 Security & Compliance

  • We may access your data if required by law or to prevent fraud/abuse.
  • Error logs may contain partial user data for debugging purposes.

4. Data Storage & Security

4.1 Encryption & Infrastructure

  • Hosting: DigitalOcean Droplet (VPS).
  • In-transit encryption: All data travels over HTTPS (SSL/TLS). Your password and session token are encrypted in transit.
  • At-rest encryption: Journal entries are encrypted at rest using AES-256-GCM. Other data (birth data, user records) is stored in our database.
  • Key Management: Encryption keys are managed by us on the server. This means we have the technical ability to decrypt your journal entries (e.g., for customer support or data recovery), but they are protected from casual inspection or database leaks.
  • Mitigations we have:
    • Firewall rules limiting access to the database.
    • Regular backups stored securely.
    • Passwords hashed with argon2id.
    • Sessions signed with a secret key (cannot be forged).

4.2 Journal Entry Security

  • Encryption: Journal entries are encrypted at rest using AES-256-GCM before being stored in our database. Only founder/engineer-level staff can access the database directly, and entries must be decrypted to be read.
  • Future: We plan to offer optional client-side encryption (Private Mode) where entries are encrypted before leaving your device, making them inaccessible to us.

4.3 Staff Access

  • Limited access: Only founder/engineer-level staff can directly query user journal data.
  • Logging: Any direct database access is logged for audit purposes.
  • No unauthorized sharing: Your journal entries are never shared with third parties, researchers, or advertisers.

5. Data Retention & Deletion

5.1 How Long We Keep Your Data

  • Account & profile data: Retained while your account is active. Upon deletion, permanently deleted.
  • Journal entries: Retained while your account is active. Free users can create unlimited entries, but may only view a limited recent history in-app (e.g., the last 7). Subscribers can view their full history and export it. Journal entries are deleted when you delete your account.
  • Horoscope reading history: Retained while your account is active.
  • Payment data: Stripe retains payment information per their retention policy. We retain only your Stripe customer ID.

5.2 Account Deletion

You can request account deletion at any time via your Profile settings or by contacting us. Upon deletion:

  • Your account and all associated data are permanently removed.

6. Data Sharing

6.1 What We Don't Do

  • No sales: We do NOT sell, trade, or rent your personal information to third parties.
  • No advertising networks: We do NOT share your data with advertisers or ad networks.
  • No data brokers: We do NOT sell your data to data brokers or commercial processors.

6.2 Who We Share Data With

  • Stripe: Payment processor. Limited to email and subscription tier.
  • DigitalOcean: Hosting provider. Subject to their data processing agreements.
  • PostHog: Analytics provider (EU region, eu.posthog.com). Only activated if you consent to analytics cookies ("Accept All"). When active, we share: your email address and subscription tier (for user identification), page views, button clicks, device and browser information, IP address (used for approximate geolocation), and specific usage events (e.g., horoscope views, meditation sessions, journal creation, subscription changes). PostHog does NOT receive your journal entry content, birth data, or payment details.
  • Legal compliance: If required by law (court order, government request), we will disclose data to the minimum extent required.

6.3 Aggregated & Anonymized Data

  • We may publish aggregated insights (e.g., "users journaled 3x per week on average") that cannot identify you.

7. Your Rights

7.1 Access & Portability

  • Premium subscribers can export their journal entries in PDF or CSV format.
  • You can view your horoscope reading history and journal entries within the app.

7.2 Correction & Updates

  • You can update your birth date, name, and preferences directly in your Profile.

7.3 Deletion

  • You can delete individual journal entries.
  • You can request full account deletion (see Section 5.2).

7.4 Marketing Communications

  • You can opt-out of push notifications and email campaigns via your Notification Settings.
  • Transactional emails (password reset, subscription updates) will continue as long as your account exists.

8. Children's Privacy

Our Service is NOT intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will promptly delete the account and associated data.

9. Third-Party Links & Services

Our website may contain links to third-party sites (e.g., Stripe, app stores). We are NOT responsible for their privacy practices. Please review their privacy policies before providing your information.

10. Data Subject Rights (GDPR, CCPA)

For EU residents (GDPR):

  • Right of access: Request a copy of your data.
  • Right to rectification: Correct inaccurate data.
  • Right to erasure: Request deletion (right to be forgotten).
  • Right to data portability: Receive data in a structured, portable format.
  • Right to object: Opt-out of data processing (where applicable).

For California residents (CCPA):

  • Right to know: Request what personal information we collect.
  • Right to delete: Request deletion of your data.
  • Right to opt-out: Opt-out of "sale" of personal information (we don't sell, but you can opt-out of data processing).
  • Right to non-discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights: Contact us at [email protected]. We will respond within 30 days (GDPR) or 45 days (CCPA).

11. Cookies & Tracking

11.1 Essential Cookies

  • Session cookie (th_session): Signed, HTTP-only cookie for authentication. Required for login. Not used for tracking.
  • Consent cookie (tm_consent): Stores your cookie preference ("full" or "essential"). Expires after 1 year.

11.2 Analytics (Optional)

We use PostHog for product analytics to understand how users interact with our Service. PostHog is only loaded if you click "Accept All" on our cookie consent banner. Analytics data collection is entirely optional.

  • What PostHog collects: Page views, clicks, device/browser information, IP address (for approximate geolocation), and feature usage events.
  • User identification: When you are logged in and have consented to analytics, we send your email address and subscription tier to PostHog so we can understand usage patterns across sessions.
  • Specific events tracked: Waitlist signups, horoscope views (reading type, zodiac sign), meditation starts and completions, journal entry creation, decision timer creation (mode and type), and subscription changes (tier).
  • What is NOT sent: Journal entry content, birth date/time/location, passwords, or payment information are never sent to PostHog.
  • Data location: PostHog EU region (eu.posthog.com) for GDPR compliance.
  • Data retention: PostHog retains analytics data according to their data retention policy. You can request deletion of your analytics data by contacting us.
  • Purpose: Improve features, fix bugs, and understand user journeys.
  • Your control: Click "Only Essential" to opt out entirely. You can change your preference anytime via the "Cookie Settings" link in the footer.

If you choose "Only Essential," no analytics data is collected, PostHog is never loaded, and no data is shared with PostHog.

11.3 Server Logs

  • We collect aggregate, anonymized usage statistics from server logs (e.g., feature popularity, error rates).
  • You cannot be individually identified from this data.

12. Security Incident Notification

In the event of a data breach involving your personal information, we will:

  1. Notify you without unreasonable delay (within 30 days).
  2. Describe the nature of the breach and the data affected.
  3. Recommend protective steps you can take.

13. Contact Us

For questions about this Privacy Policy or your personal data:

Email: [email protected]

We will respond to privacy inquiries within 7 business days.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date.
  • Sending you an email notification (if the change significantly impacts your privacy).

Your continued use of the Service following notification of changes constitutes your acceptance of the updated Privacy Policy.

15. Jurisdiction

This Privacy Policy is governed by applicable European Union law, including the General Data Protection Regulation (GDPR). Any disputes will be resolved under applicable EU law.

16. Mobile Application Data Practices

When you use Tailored Moon through a mobile application (e.g., via Google Play or other app stores), the following applies in addition to the sections above:

  • Data collected: Account information (email, name, birth data), journal entries (encrypted), usage data, and device information.
  • Data shared with third parties: We share limited data with PostHog (analytics, optional), Stripe (payment processing), OpenRouter (content generation), Google Maps API (location geocoding), and Resend (transactional emails). See Section 6.2 for details.
  • Data encryption: All data is encrypted in transit (HTTPS/TLS). Journal entries are encrypted at rest (AES-256-GCM). Passwords are hashed with argon2id.
  • Data deletion: You can delete your account and all associated data at any time through your Account Settings. You can also request deletion by emailing [email protected].
  • Optional data collection: Analytics data (PostHog) is only collected with your explicit consent. You can opt out at any time.

Thank you for trusting Tailored Moon with your personal information. Your privacy is our priority.

Appendix: Future Privacy Features (Roadmap)

Phase 2+ (Coming Later):

  • Optional Private Mode (Premium): Client-side encryption of journal entries. Server-side inaccessible.
  • Advanced Consent Management: Granular controls over data usage (e.g., opt-out of mood pattern analytics while keeping journal visible).
  • Data Minimization: Auto-delete horoscope history after 180 days (configurable).