Skip to content
◆ PRIVACY POLICYDocument · v2.3Effective 2026-03-23

Your data is yours.

◆ Last updated2026-03-23
◆ Reading time~7 min
◆ Legal entityMarius Misiūnas · Lithuania
◆ Contact[email protected]
◆ 01 · 09

Plain-language summary #

This is the short version in human language. The full legal document follows — every section is a plain-English expansion of the same promises.

We store your birth data to calculate your blueprint. We store your conversations so The Architect has context. We never sell any of it and never use it to train AI models. You can export or delete everything at any time.

If you only read one section, read this one. The rest is elaboration.

◆ 02 · 09

What we collect #

When you create an account, we collect the minimum data required to calculate and maintain your blueprint across the nine systems and provide The Architect with context.

Foundational data

  • Account data — name, email, and password (stored as a bcrypt hash).
  • Birth data — date, time, location (city, coordinates, timezone), and gender. Required for Human Design, Western Astrology, Ba Zi, Numerology, Feng Shui, Qi Men Dun Jia, Xuan Kong Da Gua, Water Formula, and Zi Wei Dou Shu.
  • Current location (optional) — for transit calculations and directional advice.
  • Relationship status (optional) — for personalised insights. Can be cleared at any time.

Derived data

  • Nine-system chart calculations (HD, Western, Ba Zi, Numerology, Feng Shui, Qi Men, XKDG, Water, Zi Wei) computed from your birth data.
  • Conversations with The Architect, stored to enable conversation continuity.
  • Memory facts extracted from your conversations — visible to you in Settings → Memory.

Technical data

  • Anonymised product analytics (PostHog) — opt-in only, disabled until you accept the cookie banner.
  • Device and browser info for security and compatibility.
  • IP address, used only to detect unusual account access. Not stored beyond 30 days.
◆ 03 · 09

How we use it #

Data you provide is used exclusively to make K A X A N T A work for you. Specifically:

  • Compute and display your blueprint across all nine systems.
  • Give The Architect contextual memory so its answers are grounded in who you are.
  • Send transactional emails (billing, security alerts, your opted-in morning digest).
  • Improve product reliability via aggregate, non-identifying analytics.
◆ NEVER
We never sell your data. We never use your conversations, birth data, or memory facts to train AI models. We never share your information with advertisers. There is no third-party advertising pixel, remarketing tag, or cross-site tracker on any K A X A N T A page.
◆ 04 · 09

Third-party services #

K A X A N T A runs on a small number of vetted processors. Each one operates under a Data Processing Agreement (signed or accepted via their standard terms) and cannot use your data for any independent purpose. The table below lists every processor, the region data is processed in, and the legal mechanism for any transfer outside the European Economic Area.

  • Google AI (Gemini Developer API) · Global (Google Cloud) · SCCs
    The Architect chat. Chart summary, transit data, and recent messages are sent per request.
    Google's Data Processing Addendum applies by default; paid-tier prompts and responses are not used to train foundation models.
  • MongoDB Atlas · EU (Stockholm, eu-north-1) · EEA-internal
    Primary database — accounts, charts, chat history.
    MongoDB standard DPA; encryption at rest and in transit.
  • PostHog · EU (eu.i.posthog.com) · EEA-internal
    Opt-in product analytics. Never receives birth data, chart content, or chat messages. Routed through our same-origin reverse proxy.
    Signed DPA on file.
  • Sentry · EU (de.sentry.io) · EEA-internal
    Error monitoring. PII-stripping beforeSend removes user identifiers from events.
    Sentry's standard DPA applies.
  • Stripe · Global (Stripe infrastructure) · SCCs
    Payment processing for paid subscriptions. Receives name, email, and billing address — never birth data or chat content.
    Stripe's standard DPA with SCCs embedded applies.
  • Resend · EU · EEA-internal
    Transactional email — verification, password reset, receipts.
    Resend's standard DPA applies.

EEA-internal means the processor keeps data within the European Economic Area. SCCs means any transfer to a third country (typically the United States) happens under EU Commission Standard Contractual Clauses per GDPR Art. 46(2)(c).

◆ 05 · 09

Your rights #

You have the following rights over your data, always, regardless of jurisdiction. These are not privileges we grant — they are obligations we follow under GDPR Articles 15–21 and equivalent laws in the UK, US, Canada, Australia, New Zealand, Brazil, India, Singapore, and South Africa.

  • Access — export everything as structured JSON from Account Settings.
  • Rectification — edit your profile, birth data, or memory facts directly.
  • Erasure — delete your account, which permanently removes all data from our systems immediately.
  • Portability — the blueprint JSON is an open format readable by other tools.
  • Objection — disable optional analytics at any time from Account Settings → Privacy.
  • Withdraw consent — you may revoke processing consent at any time without affecting the lawfulness of prior processing.

Exercise any of these from Account Settings → Privacy, or email [email protected]. We respond within 30 days.

◆ 06 · 09

How long we keep things #

We retain data only as long as it serves your account:

  • Active account — all data retained until you delete it.
  • Deleted account — erased from primary storage immediately; cached derived data within 30 days; backups within 90.
  • Server logs — 90 days, then auto-purged.
  • IP logs — 30 days maximum.
  • Error events (Sentry) — 90 days.
  • Redis cache — ephemeral, TTL-based; never persisted long-term.
  • Billing records — retained as required by tax law (typically 7–10 years).
  • Anonymised analytics — aggregated indefinitely; cannot be traced back to you.
◆ 07 · 09

AI transparency #

The Architect chat feature uses Google AI (Gemini Developer API) to generate responses. All chat responses are generated by artificial intelligence and are labelled as such in the interface. AI-generated content may contain inaccuracies.

When you use the chat feature, your chart data, transit information, and recent conversation history are sent to Google's AI service for processing with each message. This processing is based on your explicit consent, which you can withdraw at any time by ceasing to use the chat feature.

Google may retain input and output for up to 30 days for abuse monitoring and service integrity purposes. Under the paid Gemini Developer API tier, Google does not use customer prompts or responses to train its foundation models.

◆ 08 · 09

When this changes #

If we make a material change — anything that expands what we collect or how we use it — we will email you at least 30 days before it takes effect, with a plain-language explanation of what is different and why.

Non-material changes (clarifications, typos, or replacing a sub-processor with one doing the same work) are reflected in the "Last updated" date at the top and do not trigger an email.

◆ 09 · 09

How to reach us #

For privacy questions, data requests, or complaints that cannot be resolved in-product:

  • Email[email protected] (30-day response SLA)
  • Data controller — Marius Misiūnas, Gėlių g. 13, Kalviškės, Rudaminos sen., LT-14106 Vilniaus r. sav., Lithuania. Registration number 1508672. VAT ID Not registered.
  • EU supervisory authority — State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija), vdai.lrv.lt.
  • UK residents — Information Commissioner's Office, ico.org.uk.
◆ Questions?

Plain-language answers, real humans.

Typical response: within 3 business days. Privacy and data-rights requests are always answered within 30 days (GDPR statutory). No legal-bot replies.

Email [email protected]