Privacy Policy
This Privacy Policy describes how CSO LLC, a Delaware limited liability company with its registered office at 2810 N Church St, Wilmington, DE 19802, United States (“CSO LLC,” “we,” “us,” or “our”), collects, uses, discloses, retains, and otherwise processes personal information in connection with the website located at mycosmicreport.com and any associated services (collectively, the “Service”). This Policy is intended to satisfy our transparency obligations under applicable data-protection legislation, including, where relevant, the European Union General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the United Kingdom Data Protection Act 2018, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, “CCPA”), and other comparable laws.
1. Data Controller
For the purposes of GDPR and analogous legislation, the data controller in respect of the personal information processed through the Service is CSO LLC, contactable at [email protected] or by post at the address set forth above.
2. Categories of Personal Information We Collect
In the course of operating the Service, we collect the following categories of personal information:
- Identification and contact data. Your email address and, where you choose to provide it, your name or preferred form of address.
- Biographical and astrological inputs. Your date of birth, time of birth, place of birth, and any responses you submit through the on-site questionnaire concerning preferences, relational context, lived experience, or chosen areas of focus.
- Third-party inputs. Where you elect to purchase a compatibility reading, the analogous biographical inputs of the third party in respect of whom the reading is generated, which you submit on the basis of your representation that you are authorised to do so.
- Transaction and payment metadata. Records of purchase, order identifiers, the products purchased, and limited payment metadata (such as the last four digits and brand of the payment card) returned to us by our payment infrastructure provider; we do not collect, see, or store full payment card numbers, expiry dates, or security codes.
- Technical and device data. Information automatically collected when you visit the Service, including IP address, device type, browser identifier and version, operating system, referring URL, pages viewed, timestamps, and similar telemetry, together with strictly necessary and functional cookies and analogous storage technologies.
- Communications data. Records of correspondence where you contact us for support or other reasons.
3. Purposes and Legal Bases for Processing
We process the categories of personal information described above for the following purposes and, where GDPR applies, on the following legal bases:
- To compose and deliver the reading you have purchased, to provide the associated downloadable document, and to operate, maintain, and improve the Service generally. Legal basis: performance of a contract to which you are a party (GDPR Art. 6(1)(b)).
- To process payments, prevent and detect fraud, abuse, and misuse, enforce our terms, and protect the rights, property, and safety of CSO LLC, our users, and the public. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).
- To respond to your enquiries and to provide customer support. Legal basis: performance of a contract or, as applicable, legitimate interests.
- To send optional periodic communications such as a weekly cosmic update, where you have separately opted in. Legal basis: consent (GDPR Art. 6(1)(a)), which you may withdraw at any time without affecting the lawfulness of processing carried out before withdrawal.
- To comply with our legal, tax, accounting, regulatory, and dispute-resolution obligations. Legal basis: compliance with a legal obligation (GDPR Art. 6(1)(c)) or legitimate interests.
4. How the Interpretive Narrative is Composed
The personalised narrative you receive is composed through the operation of a proprietary symbolic interpretation methodology that combines deterministic ephemeris-driven computations, internal editorial templates, and third-party computational inference service providers engaged by us as data processors. The submission of your biographical inputs is, by necessity, transmitted to such third-party computational inference service providers strictly for the purpose of composing your reading. Those providers process the inputs on our instructions, are contractually restricted from using the inputs to train any general-purpose model, and apply industry-standard confidentiality and security controls. The inputs are not used for marketing, profiling, or any purpose other than composing the reading you requested.
5. Recipients, Sub-Processors, and Disclosures
We share personal information with the following categories of recipients, each engaged as a data processor or sub-processor and bound by appropriate contractual safeguards:
- Payment infrastructure provider (Stripe, Inc.) for the purpose of processing transactions, preventing payment fraud, and remitting funds.
- Third-party computational inference service providers for the purpose of composing the Interpretive Content described in Section 4.
- Application-hosting and platform infrastructure providers for the purpose of operating, scaling, and securing the Service.
- Object-storage and content-delivery infrastructure providers for the purpose of caching and delivering downloadable documents.
- Transactional-messaging service providers for the purpose of dispatching order confirmations, document-delivery emails, and, where you have consented, optional periodic communications.
- Error-monitoring and observability providers for the purpose of detecting and diagnosing operational defects.
- Professional advisers (such as legal, tax, and accounting advisers) where strictly necessary for the establishment, exercise, or defence of legal claims or the discharge of regulatory obligations.
- Acquirers or successors in connection with any contemplated merger, acquisition, reorganisation, or sale of assets, subject to customary confidentiality protections.
We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioural advertising, in each case as such terms are defined under CCPA.
6. International Transfers
Because CSO LLC is established in the United States and engages certain service providers located in the United States and other jurisdictions, personal information collected through the Service may be transferred to, processed in, and stored in countries other than the country in which you reside, including countries that may not provide a level of data protection equivalent to that of your country. Where such transfers are subject to GDPR or analogous laws, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful mechanisms.
7. Retention
We retain personal information only for so long as is necessary for the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, tax, regulatory, or reporting requirements, or for the establishment, exercise, or defence of legal claims. Account and reading records are typically retained for the duration of your relationship with the Service and for a further period of up to seven (7) years following your last interaction, to accommodate applicable record-keeping obligations. You may at any time request earlier deletion in accordance with Section 8.
8. Your Rights
Subject to the conditions and exceptions set forth in applicable law, you may have the right to: (a) request access to the personal information we hold about you; (b) request the correction of inaccurate or incomplete personal information; (c) request the deletion or erasure of personal information; (d) request the restriction of certain processing; (e) object to certain processing carried out on the basis of our legitimate interests; (f) request the portability of personal information you have provided to us in a structured, commonly used, machine-readable format; (g) withdraw any consent previously given, without affecting the lawfulness of processing carried out before such withdrawal; and (h) lodge a complaint with the supervisory authority competent in your jurisdiction. Residents of California may additionally exercise the rights afforded by CCPA, including the right to know, to delete, to correct, and to opt out of any “sale” or “sharing” of personal information (which, as noted above, we do not engage in). To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframes prescribed by applicable law, and in any event no later than thirty (30) days from receipt of a verifiable request, save where extension is permitted.
9. Cookies and Analogous Technologies
The Service uses a limited set of cookies and analogous browser storage mechanisms. Strictly necessary cookies are required to operate core functionality such as session continuity and cart-equivalent state, and are deployed without reliance on consent because they are essential to the provision of a service explicitly requested by you. Where we deploy any non-essential analytics or functional storage, we do so on the basis of consent where applicable law so requires. You can manage cookies through your browser settings; restricting strictly necessary cookies may impair the operation of the Service.
10. Children
The Service is not directed to, and is not intended for use by, individuals under eighteen (18) years of age, and we do not knowingly collect personal information from such individuals. If you believe that a minor has provided personal information through the Service, please contact us so that we may delete it.
11. Security
We implement and maintain technical and organisational measures designed to protect personal information against unauthorised or unlawful access, alteration, disclosure, loss, or destruction. However, no method of transmission over the internet or method of electronic storage is one hundred percent secure, and we cannot guarantee the absolute security of personal information.
12. Changes to this Policy
We may update this Policy from time to time. The current version is identified by the “Last updated” date set forth at the top of this document. Material changes will be communicated by prominent notice on the Service or by other reasonable means before they take effect.
13. Contact
Questions, requests, or complaints concerning this Policy may be directed to [email protected] or to CSO LLC, 2810 N Church St, Wilmington, DE 19802, United States.