Privacy Policy
Last updated: April 11, 2026 · Effective: April 11, 2026
Your rights at a glance
- Data we collect: email, birth date, birth time (optional), country
- How long we keep it: until you delete your account
- Your rights: access, correction, deletion (GDPR Art. 15–17)
- How to delete: My Reports → Delete my account, or email lifestrategylab100@gmail.com
- Contact: lifestrategylab100@gmail.com
1. Who We Are
MeMyBias is operated by Lifestrategylab (“we”, “us”, “our”).
Contact: lifestrategylab100@gmail.com
Address: Seoul, South Korea
2. What Data We Collect
| Category | Examples | How collected |
|---|---|---|
| Birth data | Birth date, birth time (optional), country | You enter it on the landing page |
| Account data | Name, email, Google profile photo URL | Google OAuth at sign-in |
| Email (pre-auth) | Email address | Optional capture after snapshot |
| Payment data | Gumroad transaction ID, product, amount | Gumroad webhook — we never see card numbers |
| Report content | Your generated AI report (up to 7 chapters) | Generated and stored for re-access |
| Usage data | Pages visited, events, IP address, browser/device | Collected automatically |
| Cookies | Session token, consent preference | Set by the service |
We do not collect precise location, social media handles, or sensitive categories of data (health, race, religion, etc.).
3. How We Use Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Generate your birth chart report | Contract performance (Art. 6(1)(b)) |
| Enable account login and report re-access | Contract performance |
| Process payment and fulfill purchase | Contract performance |
| Send transactional emails (receipt, report ready) | Contract performance |
| Improve the service (aggregate analytics) | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing emails (if opted in) | Consent (Art. 6(1)(a)) |
We do not sell your data. We do not use your data for advertising profiling.
4. Third-Party Data Processors
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase (US) | Database, authentication | All account and report data |
| Anthropic (US) | AI report generation | Birth data, country |
| Gumroad (US) | Payment processing | Email, product purchased |
| Uunse Wiki API | K-Saju calculation | Birth date, birth time |
| AstroAPI | Western astrology calculation | Birth date, time, coordinates |
| Vercel (US) | Hosting and CDN | IP address, request logs |
| Sentry (US) | Error monitoring | IP address, error stack traces |
5. International Data Transfers
Your data is stored and processed in the United States (Supabase, Vercel, Anthropic, Gumroad). If you are in the EU/UK/EEA, this constitutes a cross-border transfer. We rely on Standard Contractual Clauses (SCCs) where processors offer them. By using this service from the EU, you consent to this transfer.
6. Data Retention
- Account & report data: until you delete your account
- Email captures (pre-auth): 24 months, or until deletion request
- Payment records: anonymized indefinitely (financial audit requirement — user_id nulled on deletion)
- Usage/event logs: 12 months rolling
- Error logs (Sentry): 90 days
7. Your Rights (GDPR / CCPA)
If you are in the EU, UK, or EEA, you have the following rights under GDPR:
- Access (Art. 15): Request a copy of your data
- Rectification (Art. 16): Correct inaccurate data
- Erasure (Art. 17): Delete your account and all personal data
- Restriction (Art. 18): Pause processing while a dispute is resolved
- Portability (Art. 20): Receive your data in a machine-readable format
- Object (Art. 21): Object to processing based on legitimate interests
- Withdraw consent: Unsubscribe from marketing at any time
How to exercise your rights: Self-service via My Reports → Delete my account (immediate & permanent), or email lifestrategylab100@gmail.com with subject “Data Request” — we respond within 30 days.
California (CCPA): You have the right to know what data we collect, request deletion, and opt out of sale. We do not sell data.
EU users may lodge a complaint with their local data protection authority (e.g., the Irish DPC, German BfDI, or your national authority).
8. Cookie Policy
| Cookie | Purpose | Duration |
|---|---|---|
| sb-* (Supabase) | Authentication session | Session / 1 week |
| admin_verified | Admin panel access | 24 hours |
| cookie_consent | Remember your consent choice | 1 year (localStorage) |
We do not use third-party advertising cookies. You can decline non-essential cookies via the banner on first visit.
9. Security
- Row-Level Security (RLS) on all database tables — users can only access their own data
- TLS encryption in transit (enforced by Vercel and Supabase)
- Service role keys server-side only — never exposed to the client
- Rate limiting on all API endpoints
- Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
In the event of a data breach affecting EU users, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.
10. Children's Privacy
MeMyBias is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided data, contact us immediately.
11. Changes to This Policy
We will post material changes to this page and update the “Last updated” date. For significant changes, we will notify account holders by email at least 14 days before changes take effect.
12. Contact
Lifestrategylab · lifestrategylab100@gmail.com · Seoul, South Korea