Privacy Policy

Effective 2026-04-19 · Version 1.0

SIRR computes a symbolic reading of your name and birth. Doing that requires you to give us personal data. This page tells you exactly what we collect, what we do with it, what we don't do with it, and how to get it deleted.

We read this before writing it: we want the policy to describe what the system actually does, not a list of reassurances.

What you give us

To compute your reading, we ask for:

Your full name — as complete as you are comfortable providing. The more complete the name, the deeper the reading.
Date of birth — year, month, day.
Time of birth — if known. Used for astrological computations.
Place of birth — city and country, for astrological coordinates.
Mother's full name — optional. Used for lineage computations.
Your email — so we can deliver the reading.

This combination — legal name plus exact date, time, and place of birth — is a near-unique identifier. We treat it accordingly.

What we do with it

When you submit your profile:

The engine computes your reading. This happens on our server, not on your browser.
The reading is stored so you can access it via a private link we deliver to you.
Your reading content is stored encrypted at rest, with a key derived per-record so one record's key cannot decrypt another. Your order details (name, date of birth, birth location, email) are kept on our private server with strict access controls and the same 30-day retention window; per-record encryption for these is part of our next infrastructure update.
Your data is kept for 30 days, after which it is automatically purged. The 30 days give you a window to re-download the reading, request a refund, or regenerate it if there was an issue.

What we don't do

We do not build a profile of you across readings. Each submission is a one-off.
We do not sell, rent, or trade your data. Not to advertisers. Not to anyone.
We do not use your reading content to train AI models, internally or externally.
We do not use third-party client-side analytics that could fingerprint you. No Google Analytics, no Mixpanel, no Hotjar.
We do not set tracking cookies. The site uses a single session cookie for your checkout flow, nothing else.
We do not share your reading with other users, publicly or privately.

Who can see your reading

SIRR operates on a zero-knowledge founder principle: the person who built SIRR is structurally unable to read individual user readings in production. There is no admin panel that surfaces your reading. Database access is scoped to the running service, not to humans. If a support issue requires debugging, you'll be asked to re-submit your data in an ephemeral debug mode — not to hand the operator a standing key to your record.

This isn't just privacy discipline. It's liability reduction. If we can't read your data, we can't accidentally leak it, can't be compelled to produce it, and can't be held responsible for what's in it.

Payment

Payments are processed by Lemon Squeezy. They are the merchant of record, they handle card data, they are PCI-compliant, and they operate under their own privacy policy. SIRR never touches your card number. We receive only a transaction confirmation and an order identifier.

Aggregate patterns

We may retain aggregate, privacy-preserving statistics about readings — for example, "how often does root number X co-occur with tradition Y" — for the purpose of improving the engine. These aggregates:

Never contain names, dates, places, or any identifying string
Use a hashed pseudonym derived from your email, not the email itself
Apply a k-anonymity rule: no query returns results unless five or more users share the pattern
Add differential privacy noise to all published numbers

If you exercise your right to deletion (below), your contribution is removed from these aggregates within 30 days.

Your rights

Regardless of where you live, you have the following rights over your data held by SIRR:

Right to access — you receive your reading via private link; you can re-download it any time within the 30-day window.
Right to delete — one-click deletion available at the bottom of your reading page, or by emailing the contact below. Deletion immediately removes your encrypted reading files and marks your order record for purge. Some order details persist in our system until the 30-day retention sweep completes the removal; making this immediate is part of our next infrastructure update. Your aggregate contribution is removed within 30 days.
Right to correction — if your reading computed on bad input, contact us to regenerate. We don't keep editable records, so correction means regeneration from corrected input.
Right to portability — the reading you receive is already yours in downloadable form (HTML, saveable via your browser). You own it.
Right to object — you may object to our processing at any time by requesting deletion.

Jurisdictional notes

If you are in the European Union, this policy is our GDPR Article 13/14 notice. Our lawful basis is performance of a contract — you requested a reading, we need your data to compute it. The legitimate interest in aggregate pattern research is disclosed above and can be opted out via deletion.

If you are in Saudi Arabia, this policy is our Personal Data Protection Law (PDPL) notice. Our purpose is limited, our collection is minimized, and we do not transfer your personal data outside the region for any purpose other than payment processing (Lemon Squeezy).

If you are in the United States, no state privacy law currently prohibits our processing. California residents: we do not sell or share your data as defined under CCPA.

Data breach

If we become aware of a data breach affecting your reading, we will notify you via the email you provided, within the timeframe required by the law applicable to your location, but no later than 72 hours. We will describe what was accessed, what mitigations we've taken, and what you should do.

Age requirement

SIRR is not for anyone under 18 years of age. By submitting a profile, you confirm you are at least 18. We do not knowingly collect data from minors. If you believe a minor has submitted a profile, contact us and we will delete the record.

Security

All traffic over TLS 1.3
Reading records encrypted at rest with per-record keys
Reading access tokens are encrypted and expire in 30 days
No personal data in URLs, log files, or error messages
Secrets stored only in production environment variables, never in code
All operator accounts require two-factor authentication

Contact for data requests

For access, deletion, correction, portability, or any other request regarding your data held by SIRR:

Email: privacy@sirr.app

We respond within five business days. Deletion requests are executed within 24 hours.

Changes to this policy

If this policy changes in any way that reduces your rights or expands our data collection, we will notify you via email (for customers on file) before the change takes effect. Minor editorial updates do not trigger notification but are logged in the version history below.

Version history

Version 1.0 — 2026-04-19 — Initial publication.