Data Processing Agreement
A clear and comprehensive overview of the Data Processing Agreement at YesAstrology, covering purpose, roles, data types, security measures, and user rights.

On this page
When you use YesAstrology to explore your birth chart, check your daily horoscope, or generate a personalized report, your personal data is processed in a structured and lawful manner. The Data Processing Agreement (DPA) is the formal document that defines how YesAstrology handles your information when acting as a data processor on your behalf or on behalf of a controller. This agreement is essential for ensuring transparency, security, and compliance with data protection laws like the GDPR.
Think of the DPA as a promise: it spells out what data is collected, why it is needed, who has access to it, and how it is protected. Whether you are a casual visitor or a premium report user, understanding this agreement helps you make informed decisions about your privacy. In this guide, we break down every key section of the DPA, from roles and responsibilities to your rights as a data subject, so you can navigate your astrological journey with confidence.
We also explain how YesAstrology implements technical and organizational measures to keep your data safe, what happens when data crosses borders, and how you can exercise your rights. By the end, you will have a clear picture of how your personal information is managed and what steps you can take to stay in control.
Purpose of This Agreement
The primary purpose of the Data Processing Agreement is to establish a clear legal framework for how YesAstrology processes personal data on behalf of its users. This agreement ensures that both the data controller (you or the entity that decides why and how data is processed) and the data processor (YesAstrology) understand their obligations under applicable privacy laws, especially the General Data Protection Regulation (GDPR).
In practice, this means that when you use our tools to calculate your Solar Return Chart or generate a compatibility report, the DPA defines the scope and limits of processing. It prevents YesAstrology from using your data for any purpose beyond what is necessary to deliver the requested service. For example, your birth date and time are used solely to compute astrological charts, not for marketing or profiling without your explicit consent.
The DPA also serves as a risk management tool. By documenting the processing activities, data categories, and security measures, both parties can demonstrate compliance during audits or regulatory inquiries. This transparency builds trust and ensures that your spiritual and personal information remains confidential and protected.
Why a DPA Matters for Astrology Services
Astrology platforms inherently process sensitive personal data – birth dates, times, locations, and sometimes even relationship details. A DPA is not just a legal formality; it is a practical safeguard. Without it, there would be no binding commitment on how the processor handles this information. For users, the DPA provides assurance that their data is not sold, mishandled, or exposed. For YesAstrology, it clarifies legal responsibilities and limits liability.
Moreover, the DPA aligns with the growing expectation of digital privacy. Users today want to know exactly what happens with their information. By having a transparent agreement, YesAstrology meets these expectations and fosters a secure environment for exploring personal astrology.
Roles and Responsibilities
Understanding who is who in the data processing relationship is crucial. Under the DPA, YesAstrology typically acts as the data processor, while you – the user – are the data controller or the data subject. This means you decide what personal data to provide and for what purpose, and YesAstrology processes that data strictly according to your instructions. For example, when you request a Moon Sign Compatibility Report, you are instructing YesAstrology to process your and your partner's birth details to generate the report.
As the processor, YesAstrology has specific responsibilities: it must implement appropriate security measures, ensure that only authorized personnel access the data, assist you in fulfilling your data subject rights, and notify you in case of a data breach. The processor cannot subcontract data processing to third parties without your prior consent, unless the DPA explicitly allows it and the subcontractor agrees to equivalent obligations.
On your side, as the controller, you are responsible for ensuring that the data you provide is accurate and that you have a lawful basis for processing it, especially if you share data about other individuals (e.g., for compatibility reports). This shared responsibility framework ensures that both parties work together to protect privacy.
Subprocessing and Third-Party Services
YesAstrology may use third-party services for hosting, analytics, or email delivery. The DPA lists any authorized subprocessors and requires them to meet the same data protection standards. Users are notified of any changes to the subprocessor list, allowing them to object. This transparency ensures that your data never falls into unvetted hands.
Categories of Personal Data
The DPA clearly defines what types of personal data YesAstrology processes. This includes basic identification data such as your name and email address, which are necessary for account creation and report delivery. More specifically for astrology services, we process special categories of data: your birth date, exact birth time, and birth location. These are considered sensitive because they can reveal intimate aspects of your personality and life path.
Additionally, YesAstrology may process technical data such as IP addresses, browser type, and usage patterns when you interact with the website. This data is used for analytics, security, and improving user experience. The DPA specifies that this technical data is anonymized or pseudonymized where possible, and it is never linked to your astrological profile without your consent.
Other data categories include communication data (e.g., support tickets, newsletter preferences) and payment data if you purchase premium reports. Payment data is handled by PCI-compliant third-party processors, and YesAstrology does not store full credit card numbers. The DPA ensures that all categories are processed lawfully, fairly, and transparently.
Sensitive Data and Explicit Consent
Because birth details are sensitive, the DPA requires explicit consent for processing. When you sign up or use a tool that requires birth data, you are asked to confirm that you understand and agree to the processing. This consent is recorded and can be withdrawn at any time. The DPA also restricts the retention of sensitive data – once a report is generated, the raw data is retained only as long as necessary for your account or as required by law.
Data Processing Activities
This section of the DPA lists every specific activity YesAstrology performs with your personal data. The main activity is astrological chart calculation: using your birth data to generate natal charts, solar returns, progressions, and compatibility analyses. This is the core service and the primary reason data is collected. Other processing activities include account management (creating and maintaining your profile), sending personalized horoscope emails, and providing customer support.
YesAstrology also processes data for internal analytics to improve our tools and content. For example, we may analyze aggregate usage patterns to understand which reports are most popular or how users interact with the Dominant Planet Calculator. However, this analysis is done on anonymized data, and individual users are not identified in the results.
The DPA specifies the duration of each processing activity. For instance, if you request a one-time report without creating an account, your data is deleted after the report is generated and delivered. If you have an account, your data is retained until you delete your account or withdraw consent. The agreement also covers data deletion procedures, ensuring that all copies are securely erased from backups and logs within a reasonable timeframe.
Automated Decision-Making
Astrology report generation involves automated processing based on your birth data. The DPA clarifies that this is not automated decision-making that significantly affects you (as defined by GDPR). Instead, it is a personalized content service. You always have the right to request human intervention if you believe the automated processing has produced an error.
Security Measures
YesAstrology implements a comprehensive set of technical and organizational security measures to protect your personal data, as detailed in the DPA. On the technical side, all data transmitted between your browser and our servers is encrypted using TLS 1.3 or higher. Stored data, especially sensitive birth details, is encrypted at rest using AES-256. Access to production systems is restricted to authorized personnel only, and multi-factor authentication is required for all administrative accounts.
Organizational measures include regular staff training on data protection, strict access controls based on the principle of least privilege, and periodic security audits. YesAstrology also maintains an incident response plan to quickly address any potential data breaches. In the unlikely event of a breach, the DPA obligates YesAstrology to notify affected users and relevant supervisory authorities within 72 hours, as required by GDPR.
Additionally, the DPA includes provisions for regular testing of security systems, vulnerability assessments, and penetration testing. These measures are designed to evolve with emerging threats, ensuring that your data remains protected against unauthorized access, alteration, or destruction.
Data Backup and Disaster Recovery
YesAstrology maintains encrypted daily backups of all data, stored in geographically separate locations. The DPA specifies that backups are retained for a maximum of 30 days and are subject to the same encryption and access controls as live data. In case of a disaster, recovery procedures ensure that services can be restored within 24 hours, minimizing any potential data loss.
International Data Transfers
YesAstrology operates globally, and your data may be transferred to and processed in countries outside your own. The DPA addresses this by ensuring that any international transfer complies with applicable data protection laws, particularly the GDPR's restrictions on transfers to third countries. If your data is transferred to a country not deemed adequate by the European Commission, YesAstrology relies on Standard Contractual Clauses (SCCs) approved by the European Commission to provide an equivalent level of protection.
The DPA lists the countries where data may be processed, typically including the United States (for cloud hosting) and the European Union (for primary processing). YesAstrology also conducts Transfer Impact Assessments to evaluate the legal and practical safeguards in the destination country. These assessments are updated regularly to reflect changes in local laws.
For users outside the EU, the DPA ensures that similar safeguards are applied, such as binding corporate rules or other recognized transfer mechanisms. You have the right to request a copy of the relevant SCCs or other transfer safeguards by contacting YesAstrology's support team.
Your Rights Regarding Transfers
You have the right to be informed about any international transfers of your data. The DPA obligates YesAstrology to provide transparent information about where your data is stored and processed. If you are concerned about a specific transfer, you can request details of the safeguards in place. YesAstrology will not transfer your data to a country without adequate protections unless you have explicitly consented or it is necessary for the performance of a service you requested.
Data Subject Rights
Under the DPA, you have a full set of rights regarding your personal data, and YesAstrology is committed to helping you exercise them. These include the right to access your data – you can request a copy of all personal information YesAstrology holds about you. The right to rectification allows you to correct any inaccurate or incomplete data, such as an incorrect birth time. The right to erasure (also known as the right to be forgotten) means you can request deletion of your data at any time, subject to certain legal exceptions.
You also have the right to restrict processing – for example, if you contest the accuracy of your data, processing can be paused until the issue is resolved. The right to data portability enables you to receive your data in a structured, commonly used format (such as JSON) and transfer it to another service. Additionally, you have the right to object to processing for direct marketing or analytics purposes. YesAstrology will honor such objections promptly.
To exercise any of these rights, simply contact our support team via the Help Center. The DPA requires YesAstrology to respond to your request within one month, free of charge, unless the request is manifestly unfounded or excessive. We may ask for proof of identity to ensure the request is legitimate.
How to Submit a Request
Visit the Help Center and submit a privacy request. Provide your account email and specify which right you wish to exercise. YesAstrology will verify your identity and process the request within the legal timeframe. If you are not satisfied with the response, you have the right to lodge a complaint with your local data protection authority.
Term and Termination
The DPA remains in effect for as long as YesAstrology processes personal data on your behalf. This typically aligns with the duration of your account or the period during which you use our services. The agreement can be terminated by either party under specific conditions. For example, you can terminate the DPA by deleting your account and requesting data erasure. YesAstrology may terminate the DPA if you breach its terms or if the legal basis for processing changes.
Upon termination, YesAstrology is obligated to delete or return all personal data within a specified period, usually 30 days, unless retention is required by law (e.g., for tax records). The DPA also outlines the process for data deletion, including the secure destruction of backups. Both parties agree that termination does not affect any rights or obligations that accrued before the termination date.
It is important to note that even after termination, certain clauses of the DPA survive, such as those related to confidentiality, security, and dispute resolution. This ensures that your data remains protected even after the processing relationship ends.
What Happens to Your Data After Termination
When you delete your account, YesAstrology initiates a secure deletion process. Your personal data is removed from active databases within 24 hours. Backups containing your data are retained for a maximum of 30 days and then overwritten. If you have requested a report without an account, your data is deleted immediately after the report is delivered. You can always request confirmation of deletion from our support team.
Frequently asked questions
Share this page
