Privacy

Privacy Policy

Effective Date: June 2026

This Privacy Policy explains how Xivena collects, uses, discloses, and safeguards your personal information when you use our website at xivena.com and our mobile applications (together, the “Service”). The Service offers AI-assisted astrology and self-reflection features, including horoscopes, tarot, live transits, palm reading, a dream journal, compatibility reports, zodiac insights, and conversations with AI experts.

Please read this policy alongside our Terms of Use. By using the Service, you confirm you have read and understood this policy.

1. Who We Are

Xivena is operated by Babakulov Shakhzodbek, an individual sole trader (“Xivena,” “we,” “us,” or “our”). For the purposes of UK and EU data protection law, we are the data controller responsible for your personal data.

If you have any questions about this policy or how we handle your data, you can reach us at babakulov@xivena.com.

2. What We Collect, Why, and Our Legal Basis

We only collect data we need to run the Service and give you personalised readings. Under the UK GDPR and EU GDPR (Article 6), our legal basis for each use is one of: performance of a contract with you, your consent, our legitimate interests in operating and improving the Service, or compliance with a legal obligation.

2.1 Identity & account

Your name, email address, and avatar (a photo URL or chosen emoji). Collected to create and secure your account. Legal basis: contract.

2.2 Birth data

Your date of birth and, optionally, your time and place of birth (including the latitude, longitude, and timezone derived from the place you enter). We use this to calculate your natal chart, current transits, and personalised readings. Legal basis: contract and, where you provide optional details, consent.

2.3 Derived astrological signs

Your sun, moon, and rising signs, calculated from your birth data and stored to personalise the Service. Legal basis: contract.

2.4 Data about other people (partner / compatibility)

If you use compatibility features, you may enter another person’s name, birth date, birth time, location, and gender. Only enter another person’s details if you have their permission to do so. You are responsible for ensuring you have the right to share this information with us. Legal basis: consent and legitimate interest.

2.5 Palm photographs (sensitive data)

If you use palm reading, the photograph you take is stored in Firebase Cloud Storage so we can generate your reading and so you can revisit it later. We treat palm photographs as sensitive personal data. They may be considered biometric in some jurisdictions. We use them only to generate your palm reading — never to identify you, and never for any other purpose. Legal basis: explicit consent.

2.6 Content you create

Your reading history, dream journal entries, and compatibility reports, stored so you can return to them. Legal basis: contract.

2.7 Voice audio

When you use Expert Voice, your speech is transcribed in real time by our voice provider so the AI can respond. The audio is processed transiently for the session and is not stored at rest; only the session transcript is used to power the conversation. Legal basis: consent.

2.8 Payment data

Your subscription tier and purchase history. Your card details are handled entirely by our payment providers (Paddle on the web, Apple on iOS) and are never seen or stored by Xivena. Legal basis: contract and legal obligation.

2.9 Usage & game data

Feature-usage counters and scores from in-app games, used to operate features, enforce fair-use limits, and improve the Service. Legal basis: legitimate interest.

2.10 Technical & security data

Your IP address, request logs, error logs, and rate-limit counters, used to keep the Service secure, reliable, and free from abuse. Legal basis: legitimate interest and legal obligation.

3. How We Use Artificial Intelligence

Xivena uses AI to generate horoscopes, tarot, dream interpretations, palm analysis, psyche insights, and expert conversations. We send the relevant inputs (such as your birth data or a question you ask) to our AI providers to produce your reading.

We do not use AI to make automated decisions that produce legal or similarly significant effects about you. No profiling under Article 22 of the GDPR takes place.

Important: All AI-generated content is provided for entertainment and general informational purposes only. It does not constitute professional medical, psychological, financial, or legal advice. Always consult a qualified professional for important decisions.

4. Who We Share Your Data With

We share personal data only with the service providers (sub-processors) that help us operate the Service. Each processes data on our behalf under contractual safeguards:

ProviderWhat it doesLocation
Google FirebaseAuthentication, database, file storage (including palm photographs), and analyticsUnited States
Google GeminiPrimary AI for horoscopes, tarot, dream interpretation, palm analysis, psyche, and compatibilityUnited States
Anthropic ClaudeFallback AI, expert chat, and extended reasoning on the Celestial tierUnited States
ElevenLabsVoice-to-text and text-to-voice for Expert Voice (audio is transient and not stored at rest)United States
HeyGenAnimated video avatar for Expert Video sessionsUnited States
PaddleWeb payments — acts as Merchant of Record and processes your card detailsUnited Kingdom / EU
Apple (In-App Purchase)iOS purchases and subscriptions. Refunds are handled by Apple, not by XivenaUnited States
VercelWebsite hosting and Vercel Analytics (page views and Web Vitals)United States
Google Sign-In & Sign in with AppleAuthentication when you choose to sign in with Google or AppleUnited States

We do not sell your personal data. We do not share it with third parties for their own marketing. We may disclose data if required to do so by law, by a court order, or to protect the rights, safety, and security of our users or the Service.

5. International Data Transfers

Most of our infrastructure and several of our providers are based in the United States, so your data may be transferred to and processed outside the United Kingdom and the European Economic Area. Where we make such transfers, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, and the EU-US Data Privacy Framework where applicable. By using the Service from outside these regions, you consent to your data being processed in the countries described above.

6. How Long We Keep Your Data

We keep your personal data only as long as we need it:

  • Account & profile data — kept while your account is active; permanently deleted within 30 days of you deleting your account.
  • Palm photographs — kept while the reading and your account exist, so you can revisit them; deleted when you delete the reading or your account.
  • Payment records — kept for at least 7 years, as required by UK tax and accounting law.
  • Technical & security logs — kept for up to 90 days.
  • Support emails — kept for up to 24 months.

7. Your Rights

Depending on where you live, you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected (rectification)
  • Have your data deleted (erasure, or the “right to be forgotten”)
  • Restrict how we process your data
  • Receive your data in a portable format
  • Object to processing based on our legitimate interests
  • Withdraw consent at any time, where processing is based on consent
  • Complain to a supervisory authority (in the UK, the Information Commissioner’s Office)

To exercise any of these rights, email us at babakulov@xivena.com from the address linked to your account. We will respond within 30 days. You can also delete your account at any time from within the app.

8. Children

The Service is intended for adults. You must be at least 18 years old to use Xivena. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

9. Security

We protect your data using industry-standard measures: encryption in transit (TLS), encryption at rest, Firebase security rules, and access controls that limit who can reach your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a data breach occurs that affects your rights, we will notify you and the relevant authorities as required by law.

10. Cookies & Local Storage

We keep our use of cookies and local storage to a minimum:

  • Firebase Authentication uses essential cookies required for you to sign in and stay signed in.
  • Paddle.js is used during checkout to process payments securely.
  • Vercel Analytics measures page views and performance (Web Vitals) without using cookies or tracking you across other sites.
  • Local storage on your device holds your session and interface preferences.

In our mobile apps we use Google Analytics for Firebase to understand which screens are viewed, time spent per screen, and which features are used, so we can improve the app. This data is not used to track you across other apps and does not power App Tracking Transparency requests.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. If the changes are significant, we will take reasonable steps to let you know. Continued use of the Service after changes take effect means you accept the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Xivena — Babakulov Shakhzodbek, individual sole trader

Email: babakulov@xivena.com