Your data

Privacy Policy

Last updated [[DATE — e.g. 10 June 2026]]
In plain words: we are Protosonic OÜ, and we look after your data carefully. We collect only what we need to give you a reading or send your order. Your birth details and anything personal you share are treated as sensitive, used only for your reading, and never sold. You can ask to see, correct or delete your data at any time.
Who controls your dataWhat we collectWhy & lawful basisYour birth & life detailsWho we share withInternational transfersHow long we keep itYour rightsCookiesContact & complaints

This Privacy Policy explains what personal data we collect through manalok.com and our Services, why, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. Who controls your data

The data controller is Protosonic OÜ (Estonia, reg. 16344167), trading as Manalok, registered office [[REGISTERED OFFICE ADDRESS]]. For any privacy question or request, contact us at [[PRIVACY_CONTACT_EMAIL — e.g. privacy@manalok.com]].

2. What we collect

  • Contact & account details — your name, email, and any phone or address you give us.
  • Birth & chart details — for readings: your date, time and place of birth, and life events you choose to share for rectification.
  • Order & booking details — what you bought or booked, and delivery address for physical goods.
  • Payment information — handled by our payment provider; we receive confirmation of payment, not your full card number.
  • Messages — what you send us by form, email or chat.
  • Basic technical data — limited information your browser sends, and any choices stored on your own device (see Cookies).

3. Why we use it, and our lawful basis

  • To provide the Service you asked for — preparing your reading, fulfilling your order, running your membership (lawful basis: performance of a contract).
  • To respond to enquiries and support you (legitimate interests, or steps before a contract).
  • To send the newsletter, only if you ask for it (consent — you can unsubscribe anytime).
  • To meet legal duties such as tax and accounting records (legal obligation).
  • To keep the Site secure and prevent misuse (legitimate interests).

4. Your birth and life details (sensitive information)

We understand that your birth details, the life events you share for rectification, and anything personal you discuss in a reading are sensitive. We treat them with particular care:

  • We use them only to prepare and deliver your reading, and we ask for your explicit consent to do so.
  • We do not sell them, and we do not share them except as needed to provide your Service (see below).
  • Where our practitioner tools process a chart, the design keeps sensitive inputs to the minimum needed and we do not use your personal readings to build public products without your consent.
  • You can withdraw consent and ask us to delete these details at any time (see Your rights).

5. Who we share data with

We share data only with service providers who help us run Manalok, under contract and only as needed. These typically include: our website host and serverless functions; our payment provider (for card payments); our email/newsletter provider; and our appointment-booking tool. If you book an independent astrologer from our circle, you share your details directly with that astrologer for your reading. We may also disclose data where the law requires it. We never sell your data.

[[List your actual providers for transparency, e.g.: Netlify (hosting), Stripe (payments), your email provider, your booking tool.]]

6. International transfers

Some providers may process data outside the EU/EEA (for example in the United States). Where they do, we rely on appropriate safeguards recognised under GDPR — such as the EU Standard Contractual Clauses or an adequacy/Data Privacy Framework certification — so your data stays protected.

7. How long we keep it

We keep personal data only as long as needed for the purpose we collected it, then delete or anonymise it. As a guide: order and tax records for [[e.g. the period required by law — commonly up to 7 years]]; reading and birth details for [[e.g. as long as you remain a client, or until you ask us to delete them]]; newsletter details until you unsubscribe. [[Confirm retention periods.]]

8. Your rights

Under GDPR you have the right to: access your data; have it corrected; have it erased; restrict or object to processing; receive your data in a portable form; and withdraw consent at any time (without affecting earlier processing). To exercise any of these, email [[PRIVACY_CONTACT_EMAIL]]. We'll respond within one month.

9. Cookies and your device

We keep cookies and tracking to a minimum. The Site stores a few things on your own device to make it work — for example your shopping basket and, in the practitioner area, your sign-in session — rather than tracking you across the web. [[If you add analytics or any marketing/advertising cookies, disclose them here and provide a consent mechanism, as EU law requires consent for non-essential cookies.]]

10. Contact and complaints

For any privacy matter, contact us at [[PRIVACY_CONTACT_EMAIL]]. If you believe we've mishandled your data, you have the right to complain to a supervisory authority — for example the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or the data protection authority in your own country (such as the Irish Data Protection Commission). We'd appreciate the chance to put things right first.

Your data, your call

Email [[PRIVACY_CONTACT_EMAIL]] to see, correct or delete anything we hold. See also our Terms.