Legal

Privacy Policy

How Mysteral processes data, who may receive it, and what rights users have.

Effective date: [complete before publication]

Last updated: [complete before publication]

1. Data controller

The controller of personal data processed within Mysteral is [full name / company name], mailing address: [address], e-mail: [contact e-mail].

For privacy and data protection matters, you can contact the controller at: [privacy contact e-mail].

If the controller has appointed a data protection officer, their contact details should be added here before publication.

2. What data we process

The scope of processed data depends on how the service is used and which features the user chooses to use.

The numerology module is currently based primarily on local processing in the user browser. As long as data entered into that module is not sent to the server and not stored there, the controller does not retain it on the server side.

Please do not enter data that is not necessary, especially sensitive data or third-party personal data without an appropriate legal basis.

  • account data such as username, e-mail address, password hash, account identifier, and role;
  • login and session data, including session identifiers and information necessary to keep the user signed in;
  • service settings such as language preference and the stored cookie decision;
  • data saved by the user in the Moon Ritual module, including session date, chosen focus, session duration, completed steps, and note content;
  • technical data, if recorded by the infrastructure, including error information, technical logs, IP address, user-agent, or request identifiers;
  • content voluntarily submitted by the user in other forms, if a given feature allows it.

3. Purposes and legal bases

  • account registration, login, and account management: Article 6(1)(b) GDPR;
  • delivery of app features, including saving user progress and notes: Article 6(1)(b) GDPR;
  • service security, error detection, abuse prevention, and defense against claims: Article 6(1)(f) GDPR;
  • compliance with legal obligations binding the controller: Article 6(1)(c) GDPR;
  • cookies and similar technologies based on consent: Article 6(1)(a) GDPR;
  • cookies necessary for the service to function or to provide a feature expressly requested by the user: Article 6(1)(b) and 6(1)(f) GDPR.

4. Cookies and similar technologies

The service uses cookies and similar technologies to maintain login sessions, provide security, remember the selected language, and store the user cookie choice.

As of publication, the service mainly uses strictly necessary cookies or cookies closely tied to a feature explicitly requested by the user.

Detailed information about cookies, their purposes, and storage periods is available in the Cookie Policy.

5. Data recipients and transfers outside the EEA

Data may be disclosed to entities supporting the controller in maintaining and developing the service, but only to the extent necessary for a given purpose.

If the controller uses processors acting on its behalf, data is entrusted under appropriate agreements and only to the extent necessary.

If any user data is transferred to an AI provider or another external provider outside the standard app infrastructure, the provider name, data scope, and purpose should be specified here before publication.

If data is transferred outside the European Economic Area, the controller will use an appropriate transfer mechanism, such as an adequacy decision or standard contractual clauses.

  • hosting and server infrastructure providers;
  • database maintenance, backup, and technical service providers;
  • providers of tools used for security, administration, and maintenance of the app;
  • entities authorized to receive data under applicable law.

6. Retention periods

  • account data: for the lifetime of the account and afterwards for the period necessary to defend or pursue claims or comply with legal obligations;
  • Moon Ritual data: for a period that should be defined before publication, for example until deleted by the user, until account deletion, or for the period of active use of the feature;
  • technical data and security logs: for a period that should be defined according to hosting and infrastructure practice;
  • cookies: for the period stated in the Cookie Policy or until deleted by the user.

7. User rights

  • right of access to data;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability where processing is based on a contract or consent and carried out by automated means;
  • right to object where processing is based on the controller legitimate interests;
  • right to withdraw consent at any time where processing is based on consent;
  • right to lodge a complaint with the competent supervisory authority.

8. California users and the .com domain

The .com domain alone does not change the main legal framework. However, if the service is also visited by users in the United States, this policy is intended to explain the categories of collected data, the purposes of use, the categories of recipients, and how changes to the document are communicated.

Before publication, the service response to Do Not Track signals and the existence of any cross-site advertising tracking by third parties should be confirmed here.

9. Contact and policy updates

This Privacy Policy may be updated in response to legal, organizational, technical, or product changes.

A new version will be published in the service together with the updated date. If a change materially affects user rights or the way data is processed, the controller may also provide an additional notice within the service or electronically.

Privacy contact: [privacy contact e-mail], [mailing address].