Kyriel Services, publisher of https://synastra.fr, is committed to protecting the privacy of its platform users in accordance with the General Data Protection Regulation (GDPR - Regulation EU 2016/679) and the French Data Protection Act of 6 January 1978, as amended.
Last updated: January 30, 2026
1. Data controller
The data controller is:
- Kyriel Services
- Registered office: 97 Avenue Jean Jaures, 21000, Dijon, France
- Email: [email protected]
- Phone: 1007
2. Data collected
In the course of using the platform, Synastra collects the following categories of data:
Identification data
- First and last name
- Email address
- Password (encrypted)
Birth data (required for the service)
- Date of birth
- Time of birth
- Place of birth (geographic coordinates)
Transaction data
- Purchase history
- Payment data: processed exclusively by Stripe (never stored on our servers)
Technical data
- IP address
- Browser type and device
- Pages visited and date/time of access
3. Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Generation of astrological analyses | Performance of contract |
| User account management | Performance of contract |
| Payment processing | Performance of contract |
| Sending transactional emails | Performance of contract |
| Service improvement and statistics | Legitimate interest |
| Newsletter and marketing communications | Consent |
| Analytics cookies | Consent |
4. Data retention period
| Data type | Duration |
|---|---|
| User account | Duration of account + 3 years after deletion |
| Birth data | Duration of account (required for the service) |
| Transaction data | 10 years (accounting obligation) |
| Technical logs | 12 months |
| Cookies | 13 months maximum |
5. Data recipients
Personal data may be transmitted to the following sub-processors, strictly within the scope of the purposes described above:
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe | Payment | USA (standard contractual clauses) |
| OVH | Hosting | France |
| SendGrid (Twilio) | Transactional emails | USA (standard contractual clauses) |
| Anthropic | AI content generation | USA (standard contractual clauses) |
6. Transfers outside the European Union
Certain sub-processors are located in the United States. These transfers are governed by standard contractual clauses (SCCs) approved by the European Commission, in accordance with Article 46 of the GDPR.
Birth data transmitted to Anthropic for content generation is processed ephemerally (no retention by the sub-processor after generation).
7. Your rights
Under the GDPR, you have the following rights over your personal data:
- Right of access : obtain confirmation that data concerning you is being processed and obtain a copy
- Right of rectification : have inaccurate or incomplete data corrected
- Right to erasure : request the deletion of your data (subject to legal retention obligations)
- Right to data portability : receive your data in a structured, commonly used and machine-readable format
- Right to object : object to the processing of your data on legitimate grounds
- Right to restriction : request restriction of processing in certain cases
- Withdrawal of consent : withdraw your consent at any time for processing based on consent (newsletter, cookies)
8. Exercising your rights
To exercise your rights, you may contact us:
- By email: [email protected]
- By post: Kyriel Services, 97 Avenue Jean Jaures, 21000, Dijon, France
A response will be provided within one month of receiving your request. This period may be extended by two months in cases of complex requests.
9. Cookies
Synastra uses cookies to ensure proper functioning and improve the user experience.
Strictly necessary cookies
These cookies are essential for the site to function (user session, preferences, cart). They do not require consent.
Analytics cookies
These cookies measure site audience and analyse visitor behaviour for improvement purposes. They are only placed after your consent.
You can manage your cookie preferences at any time through your browser settings.
10. Data security
Kyriel Services implements appropriate technical and organisational measures to protect personal data:
- Communication encryption (HTTPS/TLS)
- Password encryption (bcrypt)
- Restricted data access (principle of least privilege)
- Secure hosting (OVH, ISO 27001 certified)
- Regular encrypted backups
11. Policy modification
This policy may be modified at any time. Users will be informed of any substantial modification by email or notification on the platform. The date of the last update is indicated at the top of this page.
12. Complaint to the data protection authority
If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with your local data protection authority. In France, this is the Commission Nationale de l'Informatique et des Libertes (CNIL):
- CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
- Website: www.cnil.fr