Privacy

Privacy Policy

Privacy Policy

Last Updated: 15.6.26

Overview

This Privacy Policy explains how Mystly collects, uses, stores, and protects personal data when you use https://mystly.com/.

Mystly is operated by STEPURA VLADYSLAV YURII, a sole proprietorship established in Greece.

This Privacy Policy is intended to comply with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), and applicable Greek data protection law.

1. Data Controller

The data controller is:

Additional legal and business information is available in our Legal Notice.

For privacy-related questions or requests, contact: general.mystly@gmail.com

2. Personal Data We Collect

We may collect the following categories of personal data.

Account Data

If you create an account, we may collect:

  • name, if provided;
  • email address;
  • username;
  • password or authentication credentials;
  • account settings;
  • login information.

Astrology Profile Data

Depending on the features you use, we may collect:

  • date of birth;
  • time of birth;
  • place of birth;
  • gender or pronouns, if provided;
  • relationship or compatibility inputs, if provided;
  • astrology preferences;
  • saved charts or related astrology data.

Technical Data

When you use the website, we may collect:

  • IP address;
  • browser type;
  • device type;
  • operating system;
  • time zone;
  • language settings;
  • pages visited;
  • login timestamps;
  • error logs;
  • security logs.

Communication Data

If you contact us, we may collect:

  • your email address;
  • message content;
  • support requests;
  • related correspondence.

Marketing Data

If we offer newsletters or updates, we may collect:

  • email address;
  • newsletter subscription status;
  • email preferences;
  • consent records;
  • unsubscribe records.

Payment and Subscription Data

If you purchase a paid subscription or other paid service, payment processing is handled by Stripe through Stripe-hosted payment and billing pages.

We do not intentionally collect or store full payment-card numbers, card security codes, or complete payment credentials on our own systems.

Depending on your purchase and Stripe’s services, we may receive or access limited payment-related information, such as:

  • Stripe customer ID;
  • subscription status;
  • subscription plan or product selected;
  • payment status;
  • invoice status;
  • billing email;
  • billing name;
  • billing address, if provided;
  • tax information, if required;
  • last four digits, card brand, or payment-method type, where available;
  • transaction, invoice, refund, dispute, or cancellation information.

Stripe may collect and process additional payment, billing, fraud-prevention, authentication, and compliance data according to its own legal terms and privacy policy.

3. Data We Do Not Intentionally Collect

We do not intentionally collect:

  • government identification documents, unless legally required;
  • full payment-card numbers, card security codes, or complete payment credentials, because payments are processed by Stripe through Stripe-hosted pages;
  • health records;
  • financial account passwords;
  • children’s data under 16;
  • special-category data under GDPR unless you voluntarily provide such information and a valid legal basis applies.

Astrology birth data may feel sensitive to users, so we treat it carefully. However, birth data is not automatically a special category of personal data under GDPR unless it is combined with protected information.

4. How We Collect Data

We collect personal data when:

  • you create an account;
  • you enter birth details or astrology-related information;
  • you save or generate astrology content;
  • you contact us;
  • you subscribe to emails, if available;
  • you use the website;
  • cookies or similar technologies collect technical data;
  • third-party service providers send us data necessary to operate the website.

We also collect or receive personal data when you start, complete, update, renew, or cancel a subscription through Stripe-hosted pages; Stripe sends us payment, invoice, subscription, refund, cancellation, dispute, fraud-prevention, or tax-related information necessary to operate paid services.

5. Purposes and Legal Bases

We process personal data only where we have a lawful basis under GDPR.

Purpose — Data Used — Legal Basis

  • Create and manage accounts — Account data — Contract performance
  • Provide astrology features — Account data, astrology profile data — Contract performance
  • Provide paid subscriptions or paid services — Account data, payment and subscription data — Contract performance
  • Process payments, renewals, invoices, cancellations, refunds, and billing support — Payment and subscription data — Contract performance / legal obligation / legitimate interests
  • Prevent fraud, abuse, payment disputes, and unauthorized transactions — Account data, technical data, payment and subscription data — Legitimate interests / legal obligation
  • Respond to support requests — Communication data — Contract performance / legitimate interests
  • Secure the website — Technical/security data — Legitimate interests
  • Improve website functionality — Usage and technical data — Legitimate interests / consent where required
  • Send newsletters or updates — Email, marketing preferences — Consent
  • Send essential service messages — Account data, payment and subscription data — Contract performance / legitimate interests
  • Comply with legal, tax, accounting, and consumer-protection obligations — Relevant account, payment, technical, or communication data — Legal obligation

6. Astrology Data

Astrology services may require birth-related information to generate charts, interpretations, or related content.

We use astrology data only to:

  • generate or display astrology content;
  • save your profile if you choose to create an account;
  • provide website features;
  • respond to support issues;
  • improve technical functionality, where appropriate.

We do not use astrology data for medical, financial, legal, employment, insurance, or similarly significant decisions.

7. Cookies and Analytics

The website may use cookies and similar technologies.

Some cookies are necessary for the website to function. Others, such as analytics or marketing cookies, may require your consent.

Where required, we will request cookie consent before placing non-essential cookies.

More information is available in our Cookie Policy.

8. Email Communications

We may send:

  • account-related emails;
  • security emails;
  • service updates;
  • support replies;
  • marketing emails, if you consent.

You may unsubscribe from marketing emails at any time by using the unsubscribe link or contacting us. You may still receive essential service-related emails.

9. Sharing Personal Data

We do not sell personal data.

We may share personal data with service providers who help us operate the website, including:

  • hosting providers;
  • database providers;
  • email providers;
  • analytics providers, if used;
  • authentication providers, if used;
  • customer-support tools, if used;
  • security and fraud-prevention providers;
  • payment, billing, subscription-management, invoicing, tax, refund, and dispute providers, including Stripe;
  • professional advisers, such as accountants or lawyers;
  • public authorities where legally required.

Each provider should process data only according to our instructions or its own lawful role.

10. International Transfers

Some service providers may process data outside Greece or outside the European Economic Area.

Where personal data is transferred outside the EEA, we will use appropriate safeguards where required, such as:

  • adequacy decisions;
  • Standard Contractual Clauses;
  • contractual and technical protections;
  • other safeguards permitted by GDPR.

11. Data Retention

We keep personal data only as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods:

  • Account data: While the account is active or until deletion request
  • Astrology profile data: While the account is active or until deletion request
  • Payment and subscription data: As long as needed to provide paid services and meet legal, tax, accounting, refund, dispute, and fraud-prevention obligations
  • Communication data: As long as needed for support, legal, or business records
  • Marketing consent records: Until withdrawal plus a reasonable proof period
  • Security logs: Limited period unless needed for investigation
  • Technical analytics data: According to the retention settings of the analytics provider, if used

When data is no longer needed, we delete, anonymize, or securely restrict it.

12. Security

We use reasonable technical and organizational measures to protect personal data, including:

  • access controls;
  • password protection;
  • encryption where appropriate;
  • secure hosting;
  • limited access to personal data;
  • monitoring for abuse or security incidents.

No online service can guarantee absolute security.

13. Your GDPR Rights

If GDPR applies, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw consent at any time;
  • complain to a supervisory authority.

The Hellenic Data Protection Authority is responsible for supervising GDPR implementation in Greece.

To exercise your rights, contact: general.mystly@gmail.com

We may need to verify your identity before responding.

14. Account and Data Deletion

You may request deletion of your account and personal data by contacting: general.mystly@gmail.com

Subject line: Delete My Account

Include:

  • your account email;
  • your name, if applicable;
  • confirmation that you want account deletion.

We may retain limited data where required by law, security, fraud-prevention, or legal obligations.

15. Children’s Privacy

The services are not directed to children under 16. We do not knowingly collect personal data from children under 16.

If you believe a child under 16 has provided personal data, contact us at: general.mystly@gmail.com

16. Third-Party Links

The website may contain links to third-party websites. We are not responsible for third-party privacy practices, content, or terms. Review third-party privacy policies before using their services.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last Updated” date. For material changes, we may provide additional notice where appropriate.

18. Stripe Payments and Billing

Paid subscriptions and payment-related actions may be processed through Stripe-hosted pages, including Stripe Checkout and the Stripe Customer Portal.

Through Stripe-hosted pages, you may be able to:

  • enter or update payment details;
  • start a subscription;
  • manage billing information;
  • view invoices or payment history;
  • update or cancel a subscription, where available.

Stripe may process your personal data as an independent controller or processor depending on the specific payment activity and applicable law. Stripe’s processing is also governed by Stripe’s own legal terms and privacy policy.

We receive only the payment and subscription information necessary to provide the service, manage your account, confirm payment status, handle support, comply with legal obligations, and protect against fraud or misuse.

19. Contact

For privacy questions or GDPR requests, contact: general.mystly@gmail.com