We take your data seriously.

[Company name pending registration], [Company address pending registration].
Registration: [Company registration number]. VAT: [VAT number].
Privacy contact: privacy@cupiduo.com

We process the following categories of data:

• Account data — email, hashed password, display name, locale, role.
• Relationship profile — love language, activity level, interests, home city, parenting status & ages, living-together flag.
• Birth data — date, time, and place of birth used for astrology features.
• Cycle data (Art. 9 GDPR special category) — when you enable cycle tracking, we store your last-period dates, cycle-length range, and any day-1 entries you log. Processing is based on your explicit consent (Art. 9(2)(a)) given at the moment you toggle "I track a cycle".
• Mood & rating signals — mood check-ins and partner ratings you submit, plus their aggregated trends.
• Generated content — AI advice, weekly plans, and related cached responses we store to avoid re-billing for the same query.
• Billing data — subscription state, Stripe customer ID, last 4 digits of card and country (provided by Stripe). We never receive your full card number.
• Device & usage — language preference, push subscription endpoint (if you opt in), basic technical logs (IP, timestamp, error traces) for 30 days.

We rely on the following lawful bases (Art. 6 GDPR):

• Contract (Art. 6(1)(b)) — to provide the service you signed up for: account, AI advice, plan, marketplace, billing.
• Consent (Art. 6(1)(a) + Art. 9(2)(a)) — for cycle tracking, birth-data astrology features, push notifications, and any optional features you enable.
• Legitimate interest (Art. 6(1)(f)) — for product analytics, fraud prevention, and basic technical logging (balanced against your privacy).
• Legal obligation (Art. 6(1)(c)) — for tax and accounting records of paid transactions.

Your data is shared only with the sub-processors strictly required to operate the service:

• Anthropic (AI advice generation) — prompts (containing your relationship profile context) are sent to the Claude API. Anthropic does not train its models on Cupiduo API traffic.
• Stripe (payment processing, EU sub-processor). Card data is handled by Stripe, never by us.
• Resend (transactional email).
• MongoDB Atlas / our hosting provider (database and application hosting in the EU when possible).
• Web Push (Mozilla/Google) — only when you opt in to push notifications.

We have data processing agreements in place with each provider. Where data is transferred outside the EU/EEA we rely on Standard Contractual Clauses or an equivalent adequacy decision.

• Account & profile: while your account exists.
• Mood, ratings, advice history, cycle logs: while your account exists or until you delete them.
• Billing records: 8 years (statutory retention for tax records in most EU jurisdictions).
• Technical logs: 30 days.

When you delete your account, we permanently erase your data within 30 days, except billing records held for tax compliance.

We use one strictly-necessary httpOnly session cookie (lunaria_user_token) to keep you signed in. We do not use advertising or third-party tracking cookies. Your locale and a small set of UI preferences are stored in your browser's local storage on the same device.

Under GDPR you have the right to:

• Access the personal data we hold about you (Art. 15).
• Correct inaccurate or incomplete data (Art. 16).
• Erase your data ("right to be forgotten", Art. 17). You can delete your account from Settings, or write to us.
• Restrict processing (Art. 18) or object to it (Art. 21).
• Portability — receive your data in a structured, machine-readable format (Art. 20).
• Withdraw consent at any time (e.g. toggle off cycle tracking) — without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority (Art. 77). The data protection authority of your EU country of residence (e.g. NAIH for Hungary, CNIL for France, BfDI for Germany).

Email privacy@cupiduo.com to exercise any of these rights. We respond within 30 days.

Passwords are stored as bcrypt hashes. Sessions use HTTPS-only, httpOnly cookies. Health-adjacent data (cycle logs) is held in the same database with the same controls; we do not sell, rent, or trade your data under any circumstance.

We update this policy when the service changes substantively. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced in the app and by email.