Privacy Policy

Last updated: July 2026

Overview

This Privacy Policy explains how CyberMystic (“we”, “us”) collects, uses, and shares personal information when you use cybermystic.cc and related services. By creating an account or using the service, you agree to this policy.

What we collect

Account data: email, password hash (or OAuth identifiers if you sign in with Google), and optional display name. Chart inputs you provide: birth date and time, location (latitude/longitude and timezone), and gender — used to compute your energy blueprint. Usage and product data: report views, feature usage, and technical logs needed for security and reliability. Payment metadata: when you buy a report, Paddle shares limited transaction and billing details with us (we do not store full card numbers).

How we use data

  • Generate personalized reports and dashboard features
  • Process payments and deliver purchased digital goods
  • Authenticate accounts and keep the service secure
  • Improve reliability, prevent abuse, and diagnose issues
  • Send transactional emails (receipts, report-ready notices) and respond to support requests

Legal bases (where applicable)

Where GDPR or similar laws apply, we process data to perform our contract with you (providing reports and account features), based on legitimate interests (security, fraud prevention, product improvement), and where required by law. Marketing emails, if any, are sent only with consent or as otherwise permitted by law.

Cookies & similar technologies

We use essential cookies and similar storage for sign-in sessions, locale preferences, and security. If analytics (e.g. Google Analytics) is enabled, it may use cookies or similar identifiers to understand site usage. You can control cookies through your browser settings; disabling essential cookies may break login or checkout.

Third parties

Payments are processed by Paddle as merchant of record; Paddle’s privacy terms also apply to checkout and billing data. Authentication may use Google Sign-In. AI report generation uses configured LLM providers; chart inputs needed to write your report may be sent to those providers under our instructions. Hosting, email (e.g. Resend), and error monitoring providers may process data to run the service. We do not sell your personal data.

International transfers

Our operators and service providers may process data in countries other than yours. Where required, we use appropriate safeguards (such as standard contractual clauses or provider mechanisms) for such transfers.

Retention & deletion

We keep account and report data while your account is active and as needed to provide the service, meet legal obligations, resolve disputes, and enforce agreements. You may delete individual profiles from your dashboard. You may permanently delete your entire account from the dashboard (account deletion), which removes profiles, reports, orders, and activity logs associated with your account, subject to data we must retain for legal or accounting reasons (including payment records held by Paddle).

Your rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, object to or restrict certain processing, and lodge a complaint with a supervisory authority. To exercise these rights, contact [email protected]. We may need to verify your identity before responding.

Children

The service is not directed to children under 16 (or the minimum age required in your country). If you believe we have collected data from a child, contact us and we will take appropriate steps to delete it.

Contact

For privacy requests, contact [email protected] or the support email shown on your purchase receipt from Paddle.