Sign In Get API Key

Privacy Policy

Last updated: May 17, 2026
We collect the minimum data needed to run the Service and we don't sell it. This page explains exactly what we collect, why, how long we keep it, and how you can ask us to delete it.

1. Who this applies to

This policy applies to anyone who interacts with the StarsAPI platform — including customers (developers and businesses using our APIs), website visitors, and End Users whose data is processed through APIs operated by our customers.

If you are an End User of a third-party application built on StarsAPI, that application's operator is the primary data controller for your personal information. We act as a data processor on their behalf. Address your privacy requests to that application first; we'll cooperate with their response.

2. Information we collect

2.1 Account information

When you create a StarsAPI account we collect: your name, email address, password (stored hashed, never in plaintext), billing address, GST/VAT number if applicable, and payment method tokens (we don't see your full card number — that's handled by our payment processor).

2.2 API usage data

For every API request made with your key we log: the endpoint hit, request timestamp, response code, response time, request body size, response body size, the originating IP address, and basic User-Agent metadata. This data is used for billing, rate-limiting, debugging, and security monitoring.

2.3 Birth data submitted via APIs

To compute astrological charts, you (or your application) submit birth date, time, and location to our endpoints. By default this data is processed for the duration of the request and not retained — we compute and return the result. Exceptions:

  • Chart caching — for performance, computed chart summaries are cached against a hash of the input data for up to 30 days. The cache key is a non-reversible hash; the raw birth fields are not retained alongside it.
  • AI astrologer sessions — when an End User starts a chat or voice conversation, the chart and conversation history are stored against a session_id for the duration of the session and retained for up to 90 days after the last message, then deleted.
  • PDF reports — generated reports are stored on our servers for up to 7 days from the time of generation to allow download, then deleted. The input data used to generate the report is hashed and cached as above.

2.4 AI conversation content

The text of chat messages and the transcripts of voice conversations are stored to provide multi-turn context. Conversation content is processed by upstream AI providers — we do not use End User conversation content to train any model.

2.5 Website analytics

We use privacy-respecting analytics on the marketing website (starsapi.com) to measure page views and aggregate trends. We do not use third-party advertising trackers. We do not place tracking cookies that follow you across other sites.

2.6 Cookies & local storage

We use a small number of cookies and local-storage entries strictly for functionality: remembering your dark/light theme preference, keeping you logged in, and CSRF protection on form submissions. None of these are advertising cookies.

3. How we use information

We use the data described above to:

  • Provide the Service — compute charts, run AI conversations, generate reports;
  • Process billing and prevent fraud;
  • Enforce rate limits and detect abuse;
  • Respond to support requests;
  • Communicate service-critical updates (outage notices, security alerts, billing notices);
  • Improve the Service in aggregate (which endpoints are popular, which return errors, which are slow);
  • Meet legal obligations (tax records, financial regulations).

We do not sell your data, share it with advertisers, or use End User content for any purpose other than operating the Service.

4. Third-party processors

We rely on a small set of third-party providers to operate the Service. Each is bound by data-processing terms appropriate to their role:

  • Hosting infrastructure — for compute, storage, and network
  • Payment processing — for accepting card and UPI payments and handling subscription billing
  • Email delivery — for transactional emails (account verification, billing, support replies)
  • AI inference — upstream language and voice model providers that power the AI astrologer products. End User conversation content is sent to these providers for the duration of a session; they are contractually prohibited from using it to train models or for any purpose outside our service.

Email hello@starsapi.com for the current list of subprocessors.

5. International transfers

We operate primarily from India. Some processors may store data in other jurisdictions (United States, European Union, Singapore). Where required, transfers rely on standard contractual clauses and equivalent safeguards.

6. Data retention

Retention periods at a glance:

  • Account data — until you delete your account, plus up to 90 days for backup expiry
  • Billing records — minimum 7 years for tax and audit compliance (Indian Income Tax / GST requirements)
  • API request logs — 90 days, then aggregated and anonymised
  • Chart cache — 30 days from last access
  • AI sessions — 90 days from last message, then deleted
  • PDF reports — 7 days from generation, then deleted
  • Support emails — 2 years

7. Your rights

Depending on where you live, you have some or all of the following rights:

  • Access — request a copy of the personal data we hold about you;
  • Correction — ask us to correct inaccurate or incomplete data;
  • Deletion — ask us to delete your data, subject to legal retention requirements;
  • Portability — request your data in a structured, machine-readable format;
  • Objection — object to specific kinds of processing;
  • Withdraw consent — where processing relies on your consent, withdraw it at any time.

To exercise any of these rights, email hello@starsapi.com. We will respond within 30 days. If we cannot identify you from the information provided, we may ask for additional details to verify your identity before proceeding.

8. Security

We protect your data with industry-standard controls: HTTPS everywhere, encrypted data at rest, hashed passwords (bcrypt or stronger), API keys stored as cryptographic digests, principle-of-least-privilege access for staff, and security monitoring. No system is perfectly secure — if we ever detect a breach affecting your personal data we will notify you without undue delay, in line with applicable law.

9. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, contact us and we'll delete it.

10. Changes to this policy

We may update this policy from time to time. We'll update the "Last updated" date and, for material changes, notify active accounts by email. Continued use of the Service after the change constitutes acceptance.

11. Contact

For privacy questions, deletion requests, or to exercise any of the rights above: hello@starsapi.com or via the contact form. Mark the message "Privacy request" for fastest routing.