Privacy Policy

1. Controller

The controller responsible for the processing of your personal data is:

For any privacy-related request (access, rectification, deletion, objection, complaint), please contact us using the email address above.

2. Categories of personal data

Depending on how you interact with the Services, we process the following categories of personal data:

• Account & identity data: username, email (optional), first name, middle name, last name, country code, gender, occupation, profile bio.
• Birth data & location: date and time of birth, place of birth, geographical coordinates (latitude / longitude) of the birth place, birth country. Required to compute astrological and numerological profile data.
• Derived personality data: astrological positions (planets, axes, houses, nodes), numerological values and approximately eighty (80) computed personality characteristics (e.g. ambition, empathy, openness). These values are generated algorithmically from your birth data.
• Photos: profile pictures, header images and additional pictures you upload. Files are stored as objects in Cloudflare R2; the database stores only metadata (file size, dimensions, MIME type, sort order).
• Social graph: likes you send/receive, matches, follow requests, follow relationships, social-media links you choose to add to your profile, profile groups you create.
• Chat content & AI-extracted data: messages you exchange with the in-app AI assistant. From these conversations we automatically extract structured personal information into separate records, including: relationships and persons you mention, mood entries, past topics, fears, strengths, recurring questions, life topics, goals, habits, values and beliefs, energy sources and drains, decisions, physical-health observations and self-image statements.
• Authentication & device data: per-device bearer tokens, device identifier, timestamps of token issuance and last use.
• Technical & log data: IP address, HTTP endpoint, method and status code, response time, AI model used and token counts, error messages. Used for security, rate-limiting and operational analytics.
• Reports & moderation data: reports you submit about other users, reports submitted about you, and any related moderation actions.
• Early-access sign-ups (Website): name, email, region and optional phone number when you sign up via the website form.

3. Special-category data

The categories listed in Section 2 may include information that qualifies as "special categories of personal data" under Art. 9 GDPR / Art. 5 lit. c revFADP — in particular information relating to your health (extracted from chat messages), sex life or sexual orientation (if you voluntarily share it), or religious or philosophical beliefs (e.g. through your interest in astrology and numerology).

We process such data only on the basis of your explicit consent (Art. 9 para. 2 lit. a GDPR) or because you have manifestly made the data public (e.g. on a public profile). You can withdraw your consent at any time by deleting the relevant entries in the App or by requesting deletion of your account (see Section 9).

4. Purposes of processing

• Providing the core functionality of the App: creating and synchronising your profile, computing astrological and numerological data, displaying personality characteristics.
• Operating social features: discovering other users, sending and receiving likes, determining mutual matches, follow requests, group management.
• Operating the AI assistant: generating personalised responses, daily guidance, compatibility analyses, and extracting structured insights from your conversations to improve future personalisation within your own account.
• Account security: authenticating devices, enforcing rate limits, detecting abuse, preventing fraud.
• Trust & safety: reviewing reports, moderating content, enforcing our terms of service.
• Operational analytics: aggregated, mostly de-identified statistics about API usage, performance and error rates to maintain and improve the Services.
• Communication: responding to support requests, sending essential service messages, and — with your consent — informing you about product updates or early access.
• Compliance with our legal and regulatory obligations.

5. Legal bases (GDPR)

Where the GDPR applies, we rely on the following legal bases:

• Art. 6 (1) (b) GDPR — performance of a contract: for providing the App and its core features once you create an account.
• Art. 6 (1) (a) GDPR — consent: for processing optional information such as photos, social-media links, AI-extracted insights, and any special-category data (Art. 9 (2) (a) GDPR).
• Art. 6 (1) (f) GDPR — legitimate interests: for security, abuse prevention, content moderation, and aggregated analytics. Our legitimate interest is to keep the Services safe, reliable and free of misuse. You may object at any time on grounds relating to your particular situation.
• Art. 6 (1) (c) GDPR — legal obligation: where we must comply with applicable law (e.g. responding to lawful requests by authorities).

Under Swiss law (revFADP), we process personal data based on contractual necessity, your consent, our overriding legitimate interests, or to comply with legal obligations.

6. Recipients and processors (sub-processors)

We use carefully selected service providers that act as processors on our behalf. They may only process your data according to our instructions and are bound by data-processing agreements:

• Cloudflare, Inc. (USA / global edge): object storage (Cloudflare R2) for photos, CDN and DNS for the Website.
• AI model providers (e.g. OpenAI, Anthropic and similar — used through their respective APIs): processing of chat prompts and generation of responses. We do not authorise these providers to use your content for training their models.
• Backend hosting provider: for hosting the application backend and database.
• Expo / Application Services (Expo, Inc., USA): mobile-app build, code signing and over-the-air updates.
• Google LLC / Google Play (USA): distribution of the Android app, crash-report data made available by the Play Store.
• Apple Inc. (USA): distribution of the iOS app via the App Store.

We do not sell your personal data. We share it with third parties only where strictly necessary to provide the Services, where required by law, or with your consent.

7. International data transfers

Some of our processors are located outside Switzerland and the EEA, in particular in the United States. When personal data is transferred to a country that does not provide an adequate level of data protection, we rely on appropriate safeguards under Art. 46 GDPR / Art. 16 revFADP, such as the EU Standard Contractual Clauses, the Swiss equivalents and — where applicable — the EU-US Data Privacy Framework. A copy of the relevant safeguards can be obtained from us upon request.

8. Retention

• Account, profile and derived data: for as long as your account exists. Upon account deletion, this data is removed from our active systems within 30 days. Backups are overwritten in the ordinary course of our backup cycle.
• Photos: deleted from Cloudflare R2 when you delete the photo or your account.
• Chat messages and AI-extracted insights: retained for the lifetime of your account; you can delete individual chat sessions in the App.
• Authentication tokens: active until you log out or revoke the device.
• API request logs & rate-limit counters: retained for up to 90 days for security and operational purposes, then deleted or fully aggregated.
• Reports and moderation actions: retained as required to ensure user safety and to comply with our legal obligations.
• Early-access sign-ups: retained until you opt out or for as long as reasonably necessary to evaluate and contact you about the program.

9. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you (Art. 15 GDPR / Art. 25 revFADP).
• Rectify inaccurate or incomplete data (Art. 16 GDPR / Art. 32 revFADP).
• Erase your data ("right to be forgotten", Art. 17 GDPR).
• Restrict processing (Art. 18 GDPR).
• Data portability: receive your data in a structured, commonly used and machine-readable format (Art. 20 GDPR).
• Object to processing based on legitimate interests (Art. 21 GDPR).
• Withdraw consent at any time, without affecting prior processing.
• Lodge a complaint with a supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern.

To exercise any of these rights, contact us at info@stalkintelligence.com. You can also delete most data directly in the App (e.g. individual chats, photos, profile fields) or delete your entire account from the settings.

10. Automated processing & AI-generated content

The App performs automated computations (astrology, numerology, personality characteristics) and generates AI-based responses and analyses. These outputs are intended for self-reflection and entertainment and do not constitute legal, medical, psychological, financial or any other professional advice. They produce no legal effects vis-à-vis you in the sense of Art. 22 GDPR.

11. Children

The Services are intended for users aged 16 and older. We do not knowingly collect personal data from children under the age of 16. If you believe that a child has provided personal data to us, please contact us and we will delete the data promptly.

12. Security

We implement technical and organisational measures to protect your personal data against accidental loss and unauthorised access, alteration or disclosure. These include encrypted transport (HTTPS/TLS), hashed credentials, scoped per-device bearer tokens stored in the operating system's secure storage, server-side rate-limiting, access controls and audit logs. No method of electronic transmission or storage is completely secure; we cannot guarantee absolute security.

13. Cookies and similar technologies

Our websites use only strictly necessary technical cookies/local storage required to operate the site. We do not currently use marketing or third-party tracking cookies. The App stores authentication tokens and small operational data in the device's secure storage.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be communicated through the App or by email where required by law.