Privacy

How we hold your data · last updated 2026-05-27

The Syncreticon is an oracle calibrated to you. To do that it needs data — your birth chart, the ten truths you offer at signup, the bookmarks and journal entries you set as you go. This page explains what we keep, why, and how we hold it.

1. Who's behind this

The Syncreticon is a UK-based sole-trader business and acts as the “data controller” of your data under the UK GDPR. The legal identity of the natural person behind the trading name will be provided on written request via the email below.

2. What we collect

• Account data — email address, nickname, hashed password.
• Natal data — date, time, and place of birth (used only to compute your chart; not shared).
• The ten truths — the answers you give the signup quiz that calibrate the oracle's voice.
• Subscription data — tier, billing cycle, payment-processor identifiers (we never see your card number).
• Reader data — bookmarks, reading progress, journal entries, saved references.
• Logs — request paths, user agent, IP address (kept 90 days for security/diagnostics).

3. Why we collect it — lawful basis

We process your data under three lawful bases under UK GDPR Article 6:

• Contract — to deliver the service you subscribed to (oracle readings, library access, journaling).
• Legitimate interest — to keep the site running, secure, and operational (logs, fraud prevention).
• Consent — for anything optional (e.g. marketing email opt-ins, if and when offered).

4. Encryption

Personally identifiable fields — natal data, the ten truths, journal text — are encrypted at rest with a per-deployment Fernet key. The database row is unreadable without the key, and the key is held separately from the database.

5. Who we share data with

We share with three categories of party only:

• Payment & merchant of record (Stripe) — through its Managed Payments service, Stripe is the merchant of record (the seller) for your subscription, handling billing and all applicable VAT/sales tax. Stripe processes your card details; we never see or store them. Your card statement shows LINK.COM* SYNCRETICON.
• Email infrastructure — outbound transactional email (signup verification, password reset) is sent from syncreticon.com via a self-hosted mail server.
• The oracle's voice model — Anthropic's Claude API is used to generate per-tier prose surfaces. Only the minimal day-pack context is sent (your tier, chart correspondences, hour-planet). No journal or bookmark content is ever sent to the model.

We do not sell your data, share it for advertising, or pass it to data brokers. No third-party tracking pixels are loaded.

6. Your rights under UK GDPR

You have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct anything wrong (your natal data, email, etc.) from your settings page.
• Erasure — delete your account permanently from your settings.
• Portability — download all your data as JSON at any time, including before you delete.
• Objection — object to any specific processing.
• Complain to the regulator — the UK Information Commissioner's Office (ICO) at ico.org.uk.

7. Retention

Account data is retained for as long as your subscription is active, plus 12 months after cancellation for accounting (HMRC requires invoicing records for six years; we keep the minimum subset required). Logs are retained 90 days. When you delete your account, PII fields are erased from the live database within 72 hours.

8. Cookies

We use one essential cookie for the Django session and one for the CSRF token. No analytics, advertising, or third-party cookies are set. The site is dark-mode by default; preference cookies are set client-side only and never transmitted.

9. International transfers

The Syncreticon's servers are located in the European Union. The Anthropic API (used for the oracle's voice surfaces) processes requests in the United States; Anthropic's UK GDPR-equivalent safeguards are documented at anthropic.com/legal/privacy. Stripe (payments) operates under EU Standard Contractual Clauses; transfers to Stripe Payments Inc. (US) are covered by the EU-US Data Privacy Framework.

10. Changes to this policy

Material changes will be announced at the top of this page and (where required by law) by email to registered subscribers thirty days before they take effect.

11. Contact

Privacy questions, access requests, and deletion requests go to privacy@syncreticon.com. We respond within 30 days (typically much sooner).

Last updated: 2026-05-27. Data controller: The Syncreticon (UK sole-trader business).