Privacy Policy
Rebel Spirit Astrology is a local-first astrology charting application operated by Rebel Spirit LLC (“we”, “us”, or “our”). By default, everything you create stays on your device. For subscribers who want it, the App also offers an optional, end-to-end encrypted cloud backup so you can restore your data and sync it across your own devices. This Privacy Policy explains how we handle your information when you use our mobile application (the “App”).
By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
- No account is required. You can use every feature of the App without signing in.
- By default, your birth data, charts, journal, and settings are stored only on your device. We never receive them.
- Cloud backup is optional and available to subscribers. When you turn it on, your data is encrypted on your device with a key only you hold — our servers store only scrambled data that we cannot read.
- To use cloud backup you sign in with Apple or Google, so we hold a basic account record (such as your email address) — but never the readable contents of your charts or journal.
- The only other information that leaves your device is purchase information, handled by Apple or Google and our billing provider, RevenueCat.
- You can export all of your data, delete your cloud backup, or delete your account at any time.
1. Who we are & how to contact us
Controller: Rebel Spirit LLC
Email: rachael@rebelspirit.app
If you have questions about this Privacy Policy or our data practices, you can contact us at the address above.
2. Who can use the App
Rebel Spirit Astrology is intended for adults and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can address it.
The App does not require you to create an account. You can use all of its core features without signing in. Signing in is needed only if you choose to turn on optional cloud backup (see Section 4).
3. Information stored on your device
By default, the App stores the following information locally on your device using your operating system’s on-device storage. Unless you turn on cloud backup (Section 4), none of this information is uploaded to our servers.
3.1 Birth data
To calculate astrological charts, the App allows you to enter and save birth information, which may include:
- Date of birth
- Time of birth
- Place of birth (city, region, country, or coordinates)
- An optional name or label for each profile
This information is sensitive. It is stored on your device and is used to compute your chart and related astrological data within the App. We do not store your birth data in readable form on any server. If you enable cloud backup, your birth data is encrypted on your device before it is uploaded, and we cannot read it (see Section 4).
3.2 Saved charts
Charts you generate or save — including natal charts, transits, and related astrological calculations and configurations — are stored on your device.
3.3 Journal & reflections
Notes, reflections, and the entries that make up your story — including anything you write or save while exploring your chart — are stored on your device. Like your birth data, this content is never stored in readable form on our servers; if you enable cloud backup it is encrypted on your device first.
3.4 Settings & preferences
The App stores preferences on your device, such as:
- House system and aspect orb settings
- Display, theme, and appearance preferences
- Language and other usability preferences
- Onboarding completion flags
3.5 Device-level security
Information stored on your device is protected primarily by your device’s own security features (such as your passcode, biometric lock, or operating-system-level encryption). If someone gains access to your unlocked device or its backup, they may be able to view content stored in the App. You are responsible for maintaining the security of your device.
4. Optional cloud backup & sync
Cloud backup is an optional feature for subscribers that lets you back up your data, restore it on a new device, and keep your devices in sync. It is off until you choose to turn it on. If you never enable it, the App behaves exactly as described in Section 3 and your data never leaves your device (apart from the purchase information in Section 5).
4.1 Signing in
To use cloud backup, you sign in with Sign in with Apple or Google Sign-In. We do not operate passwords. When you sign in, our backend provider creates an account record that includes an account identifier and the email address associated with your Apple or Google sign-in (Apple’s “Hide My Email” relay address is supported). This account record lets us associate your encrypted backup with you and your devices.
4.2 End-to-end encryption & your recovery code
When you set up cloud backup, the App generates an encryption key on your device and encrypts your data with strong, authenticated encryption (AES-256-GCM) before anything is uploaded. That key is protected by a one-time recovery code that we show you once. Only a “wrapped” (encrypted) copy of your key is stored on our servers — it is useless without your recovery code.
We never receive your recovery code, and we cannot reset or recover it for you. If you lose your recovery code and no longer have a device that is already set up, your encrypted backup cannot be decrypted — by you or by us. Please keep your recovery code somewhere safe.
4.3 What our servers can see
Because your data is encrypted on your device before it is uploaded, our servers store only:
- opaque, encrypted data — which we cannot read;
- a “blinded” (one-way hashed) identifier used to match and update records without revealing what they contain;
- limited technical metadata, such as timestamps and the sequence of changes, used to sync your devices; and
- your account record (described in Section 4.1).
We cannot read the contents of your birth data, charts, journal, or settings on our servers. We also cannot tell one kind of entry from another (for example, a note from a saved chart), because that information is encrypted too.
4.4 What is included
When cloud backup is on, the encrypted backup covers the user-created content described in Section 3 — your birth data, saved people and profiles, journal and reflections, return reports, and your settings. Data that the App can simply re-compute on your device (such as cached charts) and purely device-local values are not included.
5. Purchases & subscriptions
We use RevenueCat together with the Apple App Store and Google Play Store to manage in-app subscriptions.
From these services, we and/or RevenueCat receive:
- Product identifiers (e.g., subscription tier IDs)
- Subscription status (active, in grace period, cancelled, expired)
- Purchase timestamps and renewal dates
- Transaction identifiers and purchase receipts (used to validate your purchases and prevent fraud)
- A RevenueCat App User ID for your install of the App, used to recognize and restore your purchases. If you sign in for cloud backup, this is linked to your account so your subscription follows you across your devices.
We do not collect or store your full payment card number, security code, or bank account details. Payments are processed by Apple or Google, and we receive only the information needed to recognize and validate your purchases.
6. Diagnostics
We may collect limited technical information to keep the App stable, such as:
- Device type and operating system version
- App version
- Crash logs and error reports
We do not use your birth data, chart data, or any content you create in the App for advertising, profiling, or to train AI models. We do not sell your personal information.
7. How we use your information
We use the limited information we do receive to:
- Provide and maintain the App and its features
- Store and sync your encrypted backup across your devices, when you enable cloud backup
- Validate and restore your subscription purchases through Apple/Google and RevenueCat
- Diagnose crashes and improve stability
- Comply with legal obligations
8. Legal bases for processing (EEA/UK users)
If you are located in the European Economic Area or the United Kingdom, we process the limited personal data described above on the following legal bases:
- Contract: To provide the App, to operate cloud backup when you enable it, and to deliver, validate, and restore subscription purchases.
- Consent: Where required, for optional features you actively turn on, such as cloud backup. You can withdraw consent at any time by turning the feature off, deleting your cloud data, or deleting your account.
- Legitimate interests: To prevent fraud, maintain security, and diagnose crashes and stability issues.
- Legal obligation: To comply with tax, accounting, and consumer-protection laws.
9. How we share information
We share the limited information described above with:
-
Service providers
- Supabase — provides the authentication and encrypted cloud-storage backend for optional cloud backup. Because your content is encrypted on your device first, Supabase stores only encrypted data and your account record.
- Apple (Sign in with Apple) and Google (Google Sign-In) — verify your identity when you sign in for cloud backup.
- RevenueCat — manages in-app subscriptions and purchase validation.
- Apple App Store and Google Play Store — process payments and distribute App updates.
- Analytics and crash-reporting tools used solely for stability and diagnostics.
-
Legal and safety purposes
- To comply with laws or legal processes
- To respond to lawful requests from authorities
- To protect our rights, property, or safety, or that of our users or others
We do not sell your personal data. Note that even in response to a lawful request, we cannot produce the readable contents of your encrypted backup, because we do not hold the key to decrypt it.
10. Data retention
Because your birth data, charts, journal, and settings are stored on your device, they are retained for as long as the App remains installed. Deleting the App, or clearing its data through your device settings, removes that content from the device.
If you enable cloud backup, your encrypted backup is retained while your account exists. You can delete your cloud data at any time from within the App, which removes your encrypted backup, the wrapped key, and your synced records from our servers. Deleting your account permanently removes your account record and all associated cloud data.
RevenueCat and the App Stores retain purchase and transaction records according to their own policies and applicable legal requirements (such as tax and accounting laws).
11. International data transfers
Our service providers (such as Supabase, RevenueCat, Apple, and Google) may process information in countries other than your own, including the United States. Where required by law, we and they take steps to ensure that such transfers are subject to appropriate safeguards.
12. Security
We take reasonable measures to protect the limited information we handle, including:
- Encrypting your backup on your device, before upload, so that it is unreadable to us and to our infrastructure providers (end-to-end encryption)
- Using encryption in transit (HTTPS) for communications with our backend, RevenueCat, and the App Stores
- Relying on reputable infrastructure providers with encryption at rest and access controls
- Limiting access to operational data to authorized personnel
No method of transmission or storage is 100% secure. While we work to protect the information we handle, we cannot guarantee absolute security. We also encourage you to use a strong passcode or biometric lock on your device, keep your recovery code safe, and keep your operating system up to date.
13. Your rights & choices
Depending on your location, you may have certain rights regarding your personal information, including access, correction, deletion, restriction, objection, and data portability.
You can exercise these rights directly within the App:
- Access & portability: Use the “download your data” option to export your content to a readable file. This is available to everyone, free of charge.
- Correction & deletion: Edit or delete your birth data, profiles, journal entries, and settings at any time, or uninstall the App or clear its data through your device settings.
- Delete cloud data: If you use cloud backup, you can delete your encrypted backup and synced records from our servers at any time.
- Delete your account: You can permanently delete your account, which removes your account record and all associated cloud data.
For purchase-related records held by RevenueCat or the App Stores, you can manage your subscriptions through your Apple ID or Google Account, or contact us at rachael@rebelspirit.app and we will assist where possible.
If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
14. Children’s privacy
The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that a child has provided us with personal information, we will take steps to address it promptly.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the “Last updated” date at the top of this page
- Provide additional notice within the App if a change is material
Your continued use of the App after the revised policy becomes effective means you accept the updated terms.
16. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:
Rebel Spirit LLC
Email: rachael@rebelspirit.app