Privacy Policy

Last updated: February 2026. AstroSynthetix is owned and operated by bayata. This notice explains how we process personal data in line with the GDPR and Dutch AVG.

Data controller

bayata (owner and operator of AstroSynthetix)
Herengracht 320, 1016 CE Amsterdam, Netherlands
KvK: 99323206
Privacy / DPO: privacy@bayata.nl (you may also use privacy@astrosynthetix.com; messages are handled by bayata).

For data subject requests (access, deletion, portability, objection), contact us at the email above. We will respond within 30 days as required by the GDPR.

Personal data we process

• Account data: email address, optional birth data (date, time, place) you provide for chart and Vibe Score.
• Payment data: payment metadata (amount, currency, product, status) via Mollie; we do not store full card details.
• Usage data: session cookies (strictly necessary for login), and optionally analytics only if you consent.
• Contact form: name, email, and message when you use the contact form.

Lawful bases for processing

• Contract: to create and manage your account, provide the Vibe Score, Soul Map, and subscription.
• Consent: where we ask for consent (e.g. optional cookies, marketing). You can withdraw consent at any time.
• Legitimate interest: to answer contact requests, prevent abuse, and improve the service.
• Legal obligation: to retain payment and invoicing data as required by Dutch law (e.g. 7 years for fiscal records).

Your rights (GDPR Articles 15–22)

You have the right to:

• Access the personal data we hold about you.
• Rectification of inaccurate data.
• Erasure (“right to be forgotten”), subject to legal retention.
• Data portability in a machine-readable format.
• Object or restrict certain processing.
• Lodge a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens.

How to exercise your rights:

• If you have an account: use Dashboard → Download my data (export) or Delete my account (erasure).
• For other requests (e.g. access, portability, objection): email privacy@bayata.nl. We will respond within 30 days.

Retention & security

• Account data: retained while your account is active; after deletion we anonymise or remove PII and keep only what is needed for legal obligations.
• Payment records: retained as required by Dutch law (e.g. 7 years for fiscal and compliance).
• Contact form: retained as long as needed to handle your request and any follow-up; then deleted or anonymised.
• Data in transit is protected with TLS; access to personal data is restricted and logged. We use EU-based hosting where possible.

Processors & international transfers

We use the following processors to run the service:

• Mollie (Netherlands) — payment processing; Mollie’s privacy policy and DPA apply.
• Hosting — application and database hosted in the EU where possible.
• Any transfer of personal data outside the EEA is subject to appropriate safeguards (e.g. EU Standard Contractual Clauses) and we assess processors for GDPR compliance.

Data breach notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where required, and inform you without undue delay when the breach is likely to result in a high risk to you.

Cookies

We use:

• Strictly necessary cookies: session and authentication so you can log in. These cannot be disabled if you use the account.
• Optional cookies (e.g. Google Analytics 4): only if you accept them via our cookie banner. We use GA4 with Google Consent Mode (analytics only after consent). You can reject optional cookies and still use the site.

You can change your cookie choice at any time via the cookie notice (or “Manage cookies” if shown). For more detail, see the rest of this privacy policy.

Contact & DPO

For privacy requests, questions, or to exercise your rights:

Email: privacy@bayata.nl
Postal: bayata, Herengracht 320, 1016 CE Amsterdam, Netherlands | KvK: 99323206

Contact form