Personal Data Processing Policy

This Personal Data Processing Policy (hereinafter — the Policy) has been developed in accordance with Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" and defines the procedure for processing and protecting personal data of users of the Sky Celestial platform (hereinafter — the Platform).

• Data Controller: OOO "TRADE MARKET", TIN 7734715982, OGRN 1147746019068.
• Controller's location: 129281, Moscow, Losinoostrovsky Municipal District, Lyotchika Babushkina Str., 32, build. 1, apt. 79, Russian Federation.
• Contact email: privacy@sky-celestial.ru.
• This Policy applies to all personal data that the Controller may receive from the data subject when using the Platform.

Personal data is processed on the following legal grounds in accordance with Art. 6 of Federal Law No. 152-FZ:

• Consent of the data subject (Art. 6, Part 1, Clause 1 of 152-FZ) — upon registration on the Platform.
• Performance of a contract to which the data subject is a party (Art. 6, Part 1, Clause 5 of 152-FZ) — to provide paid services.
• Fulfillment of obligations imposed on the controller by law (Art. 6, Part 1, Clause 2 of 152-FZ) — for accounting and tax purposes.
• Processing of publicly available personal data (Art. 6, Part 1, Clause 10 of 152-FZ) — for data made public by the subject.

The Controller processes the following categories of personal data:

• Registration data: name, email address, password (in hashed form).
• Data for astrological calculations: date, time, and place of birth, gender.
• Payment data: transaction details, order number, amount (bank card data is processed by the Robokassa payment system and is not stored on the Controller's servers).
• Technical data: IP address, browser type and version, operating system, cookies, data about actions on the Platform.
• Correspondence data: content of support inquiries and Stasya chat messages.
• Partner data: when using the 'Compatibility' feature, users may add a partner's astrological data (date, time, and place of birth). This data is processed with the user's consent, confirmed when adding the partner profile.

When using the compatibility analysis feature, the user may enter personal data of third parties (partner). In this case:

• The user confirms having the third party's consent for data processing (checkbox when adding a partner).
• The user is responsible for the lawfulness of transmitting third-party data in accordance with Article 9 of Federal Law 152-FZ.
• Partner data is used exclusively for calculating astrological compatibility.
• Partner data is NOT transmitted to processors — only anonymized astrological positions (zodiac signs, aspects) are transmitted.
• The partner has the right to request deletion of their data by contacting privacy@sky-celestial.ru.
• All operations with partner data are logged in the audit journal in accordance with Article 19 of Federal Law 152-FZ.

When using Stasya (astrologer chat), the following data processing rules apply:

• User messages may be processed using artificial intelligence technologies for response generation.
• Transmission is anonymized: the user's name, birth date, city, and coordinates are NOT transmitted to the processor.
• Only astrological data is transmitted to the processor: zodiac signs, planetary positions, aspects.
• If the user voluntarily enters personal data in the chat, the platform displays a risk warning.
• Stasya is programmed NOT to request and NOT to repeat personal data (names, birth dates, addresses, phone numbers) in responses.
• Chat data is stored encrypted on servers in the Russian Federation for the period necessary for processing purposes, after which it is deleted.

The Controller processes personal data exclusively for the following purposes:

• User registration and identification on the Platform.
• Provision of astrological services: natal chart calculations, horoscopes, compatibility analysis, and other features.
• Payment processing and subscription management.
• Providing technical support and responding to inquiries.
• Improving service quality based on anonymized analytical data.
• Fulfillment of obligations under Russian Federation law (accounting, tax reporting).
• Ensuring information security of the Platform.

Personal data is processed in compliance with the principles and rules established by 152-FZ. The Controller may engage third parties — contractors providing technical and operational services (payment services, hosting, email delivery, AI services for the AI-astrologer functionality) — to process personal data on the Controller's behalf. Such engagement is governed by agreements obligating contractors to maintain confidentiality and comply with the requirements of 152-FZ Art. 6 §3. Data is shared with contractors only to the minimum extent necessary to perform the assigned task. For AI functionality, only anonymized data is transmitted after sanitization by a specialized module (without full name, exact date/time/place of birth, coordinates, email, or phone number).

• Processing is carried out by automated means using computing equipment.
• Personal data is not distributed or transferred to third parties without the subject's consent, except as provided by Russian Federation law.
• Engagement of contractors is formalized through agreements requiring confidentiality and compliance with 152-FZ.
• Contractors receive only the minimum data required; AI functionality receives only anonymized data after automated sanitization.
• Bank card data is processed by certified payment providers in accordance with PCI DSS standards.
• The Controller takes necessary organizational and technical measures to protect personal data from unauthorized access, destruction, modification, blocking, and other unlawful actions.

Personal data is stored no longer than required by the purposes of processing, unless otherwise established by law:

• Account data — for the duration of the account and 30 days after deletion.
• Payment and transaction data — 5 years from the date of the transaction (in accordance with Russian tax legislation requirements).
• Consent records — 3 years from the date of obtaining consent (to confirm the fact of obtaining consent).
• Technical logs (IP addresses, sessions) — 12 months.
• Support correspondence — 1 year after the inquiry is closed.
• Upon expiration of the retention period, data is destroyed within 30 days.

In accordance with Chapter 3 of Federal Law No. 152-FZ, the data subject has the following rights:

• Right to obtain information about the processing of their personal data (Art. 14 of 152-FZ).
• Right to request clarification, blocking, or destruction of personal data if it is incomplete, outdated, or inaccurate (Art. 14 of 152-FZ).
• Right to withdraw consent to personal data processing (Art. 9, Part 2 of 152-FZ) by sending a written notification to privacy@sky-celestial.ru.
• Right to delete their account and all associated data through dashboard settings or by contacting support.
• Right to receive personal data in a machine-readable format (JSON/CSV) — export is provided within 2 business days.
• Right to appeal the Controller's actions or inaction to Roskomnadzor (rkn.gov.ru) or through the courts.

The data subject may withdraw consent to processing at any time:

• Send a written request to privacy@sky-celestial.ru specifying your full name, account email, and request to cease processing.
• Delete your account through "Settings" → "Delete Account" in your dashboard.
• The Controller will cease processing within 30 days of receiving the request.
• Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
• The Controller may continue processing if other legal grounds exist under Art. 6 of 152-FZ (e.g., contract performance or legal requirements).

The Controller may engage foreign contractors to provide technical services, in particular for processing anonymized requests within the AI functionality. In such processing, only anonymized data is transmitted after sanitization, which does not allow identification of the subject. Transmission is performed over secure protocols (TLS 1.3) and is based on the consent expressed by the subject upon registration. Consent may be withdrawn by sending a request to privacy@sky-celestial.ru or through the personal account.

• Only anonymized data is transmitted, after automated sanitization
• Full name, exact date/time/place of birth, coordinates, email, and phone number are not transmitted
• Transport-channel encryption is used (TLS 1.3)
• The right to withdraw consent can be exercised at any time via privacy@sky-celestial.ru

The Controller takes the following organizational and technical measures to protect personal data in accordance with Art. 19 of 152-FZ:

• Data encryption in transit (TLS 1.3) and at rest.
• Role-based access control (RBAC) for personal data.
• Regular software and security system updates.
• Password hashing using bcrypt.
• Logging of personal data processing activities for audit purposes.
• Regular testing and evaluation of protection measure effectiveness.

This Policy is a publicly available document and is published on the Platform at sky-celestial.ru/privacy.

• The Controller reserves the right to amend the Policy. The current version is published on the Platform with the date of the last update.
• Last updated: May 25, 2026.
• For all questions regarding personal data processing, contact: privacy@sky-celestial.ru.
• Support: support@sky-celestial.ru.