Privacy Policy

Last updated: February 25, 2026

Your privacy is important to us. This privacy policy explains how Kalhas collects, uses, and protects your personal data, in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for your personal data is Kalhas. For any questions regarding the processing of your data, you can contact us at [email protected].

2. Information We Collect

We collect the following categories of data:

  • Account information: Name, email address, and password (stored encrypted)
  • Birth profile data: Date of birth, time of birth, and place of birth — required for calculating astrological charts
  • Chart and report data: Calculated planetary positions and saved charts
  • Technical data: Cookies for authentication and language preference
3. Legal Basis for Processing

We process your data based on:

  • Consent (Article 6(1)(a) GDPR): You provide your consent during registration by accepting the Terms & Conditions and Privacy Policy
  • Performance of contract (Article 6(1)(b) GDPR): Processing is necessary for providing our services to you
4. How We Use Your Information

We use your data exclusively for:

  • Calculating astrological charts and generating reports
  • Managing your account and providing the service
  • Improving user experience (e.g., storing language preference)
5. Cookies

We use the following cookies:

  • Authentication cookie: Required for keeping you logged in to your account. Duration: 14 days (sliding expiration)
  • KalhasLanguage: Stores your language preference. Duration: 1 year
  • KalhasDarkMode: Stores your dark/light theme preference. Duration: 1 year
  • KalhasCookieConsent: Remembers that you have seen the cookie notice. Duration: 1 year

We do not use tracking cookies, advertising cookies, or third-party cookies.

6. Data Sharing & Third-Party Services

Your birth data and personal information are not shared with any third parties for marketing or analytics purposes. All astrological calculations are performed on our own servers.

However, the following third-party services are used as part of our infrastructure:

  • Cloudflare Turnstile (CAPTCHA): When you register or log in, your IP address and browser metadata are sent to Cloudflare Inc. to verify you are not a bot. Cloudflare Privacy Policy
  • Google OAuth (optional): If you choose to sign in with Google, your email address and basic profile information (name) are exchanged with Google LLC during the authentication process. This only occurs when you explicitly click "Sign in with Google". Google Privacy Policy
  • Email delivery: Transactional emails (account verification, password reset) are sent via our self-hosted email server. No third-party email service is used.
  • Database: All data is stored in a self-hosted PostgreSQL database on our own servers. No cloud database services are used.

We do not sell, rent, or transfer your data to any other external services.

7. Data Storage & Security

Your data is stored on secure servers. Passwords are stored encrypted and are never visible to anyone. We implement appropriate technical and organizational measures to protect your data against unauthorized access, modification, or loss.

8. Data Retention

Your data is retained as long as your account remains active. You can delete your account at any time from the Settings page. Upon deletion, all your personal data, birth profiles, charts, and reports will be permanently removed.

9. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: Request a copy of your data — available via the Export My Data feature in Settings
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Delete your account — available via the Delete My Account feature in Settings
  • Right to data portability: Receive your data in a structured, readable format (JSON) — available via Export My Data
  • Right to restriction: Request restriction of processing
  • Right to withdraw consent: Withdraw your consent at any time
  • Right to lodge a complaint: File a complaint with the Hellenic Data Protection Authority (HDPA)

To exercise any of these rights, use the corresponding features in Settings or contact us at [email protected].

10. Children's Privacy

Kalhas is not intended for individuals under the age of 16. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page regularly.

12. Contact

For questions about this privacy policy or to exercise your rights, please contact us at [email protected].