Privacy Policy

Effective January 1, 2026. Last updated: May 9, 2026.

1. Who we are (Data Controller)

CosmoCast (the “Service”) is operated by Yegor Shustik (the “Operator”, “we”, “us”), trading as Synergize Digital. The Operator is the data controller for personal data processed through this Service.

Contact: hi@synergize.digital

2. What data we collect

2.1 From Telegram. When you open the bot, Telegram passes us your Telegram user ID, public username (if any), first name, and your Telegram interface language. We need this to deliver the bot's messages to you and choose the right language.

2.2 What you enter yourself. Your birth date, birth time (optional), and birth place (city). These are required to calculate a personal astrological forecast. Without this data the bot cannot work.

2.3 Usage events. The fact that you used a command, opened a forecast, or completed a payment, plus a timestamp. This is used for delivering the right content (e.g. daily morning broadcast) and detecting bugs.

2.4 Payment events. The fact and amount of a Telegram Stars purchase. We never see card, bank, or any financial details — Telegram processes payments end-to-end.

2.5 Connections to other people. If you use compatibility features and add a partner, we store the link between your profile and theirs (their Telegram user ID and birth data they entered) to compute compatibility.

3. What we do NOT collect

We do not request your phone number, email, postal address, ID documents, photos, or contact list. The bot has no access to your Telegram chats with other people, files, or location. We do not run any tracking pixels or third-party analytics on the bot itself.

4. Why we process this data (legal basis)

• Performance of a contract (GDPR Art. 6(1)(b)): to deliver the forecasting service you opened the bot for.
• Legitimate interest (GDPR Art. 6(1)(f)): to detect bugs, prevent abuse, and improve the Service.
• Consent (GDPR Art. 6(1)(a)): when you opt into a connection with another person for compatibility features.

5. Where data is stored and who has access

All personal data is stored in a PostgreSQL database hosted on a private server provided by Oracle Cloud Infrastructure (Oracle Corporation) in the European Union region. Data is encrypted in transit (TLS) and at rest (filesystem-level encryption).

Only the Operator has administrative access. We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

6. Data processors and service providers

We use the following sub-processors strictly for service delivery:

• Oracle Cloud Infrastructure (Oracle Corporation, EU region) — VPS hosting; stores the database.
• Cloudflare, Inc. (USA) — DNS and TLS termination for the website domain. Cloudflare does not see bot data.
• Telegram FZ-LLC (UAE) / Telegram Messenger Inc. — the Telegram platform itself; bot messages are delivered through Telegram. Subject to Telegram's privacy policy.
• Google LLC (USA) — we use the Gemini API to rephrase forecast text in plain language. We send only computed astrological facts (sign, lunar day, etc.) — never your birth date, name, or Telegram identifiers. Google does not retain or use this content for training. Subject to Gemini API terms.
• Meta Platforms, Inc. (USA) — when you view our public Threads feed (@mycosmocast), Meta's Threads platform shows you content. The Service itself does not transmit any of your personal data to Meta.
• GitHub, Inc. / Microsoft Corporation (USA) — code hosting and CI/CD; access tokens for service integrations are stored as encrypted secrets and used during deployment only.

7. International transfers

Some of our sub-processors are located outside the EU (USA, UAE). Where data is transferred outside the EU, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU–U.S. Data Privacy Framework, to ensure an adequate level of protection.

8. How long we keep your data (retention)

• Profile and birth data: as long as your account is active. Deleted immediately on your request (see Section 11) or after 24 months of inactivity.
• Usage events: 90 days, then aggregated and personal identifiers removed.
• Payment records: 6 years, as required by accounting and tax law.
• Connections to other people: deleted when either party deletes their data.

9. Your rights (GDPR / UK GDPR)

You have the right to:

• Access the personal data we hold about you (Art. 15).
• Rectify incorrect data (Art. 16) — you can edit your profile in the bot.
• Erase your data (Art. 17, “right to be forgotten”) — send /deletedata or /delete_me in the bot, or email us.
• Restrict processing (Art. 18).
• Data portability (Art. 20) — request a copy of your data in JSON via email.
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

10. Children

The Service is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided data to us, contact us and we will delete it immediately.

11. How to delete your data

Send /deletedata (or /delete_me) to the bot — all your personal data is deleted from our database immediately. This action cannot be undone. Alternatively, email hi@synergize.digital from your registered Telegram username.

12. Cookies and analytics

This landing uses Google Analytics 4 (measurement ID G-7SZNNDCH3K) so we can see how many visitors reach the bot and which pages they look at. The Telegram bot itself does not use any external analytics.

What GA4 collects: anonymised session identifier, page URL, referrer, browser language, truncated IP address and approximate country. Your name, email, phone, and Telegram data are not sent to GA4.

Cookies: GA4 sets _ga and _ga_* cookies, lasting up to 2 years. We implement Consent Mode v2: until you click "Accept" in our cookie banner, analytics is blocked (analytics_storage: denied) and no cookies are written. After consent — they are written; you can withdraw consent by clearing your browser cookies / localStorage.

Opt-out: install the Google Analytics Opt-out browser add-on — it blocks GA on any site.

13. Security

We use industry-standard measures: TLS for all network traffic, encryption at rest, principle-of-least-privilege access, automatic backups, and regular dependency updates. No system is 100% secure; if we discover a breach affecting your data, we will notify you within 72 hours per GDPR Art. 33.

14. Changes to this policy

If we materially change this policy, we update the “Last updated” date at the top and send a notification through the bot. Continued use after the change constitutes acceptance of the updated policy.

15. Contact

Questions, requests, or complaints — hi@synergize.digital. We respond within 30 days as required by GDPR.