Your trust is sacred to us. This policy explains how Stellaxa collects, uses, and protects your personal information in compliance with GDPR and applicable data protection laws.
Effective Date: February 10, 2026 | Last Updated: February 10, 2026
Stellaxa is operated by a sole proprietor based in Slovenia, European Union. We develop and maintain the Stellaxa mobile application (available on Google Play) and the Stellaxa website at www.stellaxa.com.
For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), Stellaxa acts as the data controller for the personal data described in this policy.
Contact: info@stellaxa.com | Website: www.stellaxa.com
We are committed to data minimisation and only collect what is necessary to provide our services.
Website (stellaxa.com) — Waitlist Form Submissions: When you sign up for our waitlist, we collect your email address (to contact you when our services launch or with updates you have opted into) and your interest selections (your chosen areas of interest such as palmistry, tarot, or astrology, to help us understand what features matter to you).
Automatically Collected Data: Our hosting provider (Railway) may collect standard server logs, which can include IP address, browser type and version, pages visited and timestamps, and referring URL.
We do not use any analytics tools, tracking pixels, or advertising scripts on our website. We do not use cookies for tracking or advertising. We do not use third-party analytics (no Google Analytics, no Facebook Pixel, etc.). We do not create user accounts on the website. We do not process payment information on the website.
Mobile Application: The Stellaxa mobile app, available on Google Play, may collect additional data as described in the app's Google Play Data Safety section. This privacy policy primarily covers our website. For app-specific data practices, please refer to the Data Safety section on our Google Play listing.
We use the data we collect for the following purposes:
Email address — Sending waitlist updates and launch notifications. Legal basis: Consent (Art. 6(1)(a) GDPR).
Interest selections — Understanding user preferences to improve our services. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
Server logs (IP, browser) — Ensuring website security and preventing abuse. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
We do not sell, rent, or trade your personal data to third parties. We do not use your data for automated decision-making or profiling.
Where Your Data Is Stored: Our website is hosted on Railway, with servers located in the European Union (Amsterdam, Netherlands). Your data remains within the EU.
How We Protect Your Data: We implement appropriate technical and organisational measures to protect your personal data, including TLS 1.3 encryption (HTTPS) for all data transmitted between your browser and our servers, SSL certificates provisioned automatically via Let's Encrypt, and access controls limiting who can access server infrastructure.
Current Storage Note: At present, waitlist submissions are logged server-side and are not stored in a persistent database. We plan to implement persistent storage in the future, at which point this policy will be updated to reflect the new data handling practices.
Retention: Waitlist data is retained until you request its deletion or until we no longer need it for the stated purposes. Server logs are retained according to our hosting provider's standard retention period (typically 7-30 days).
As a resident of the European Economic Area (EEA) or where otherwise applicable, you have the following rights regarding your personal data:
Right of Access (Art. 15) — You can request a copy of the personal data we hold about you.
Right to Rectification (Art. 16) — You can ask us to correct inaccurate or incomplete data.
Right to Erasure (Art. 17) — You can request that we delete your personal data ("right to be forgotten").
Right to Restrict Processing (Art. 18) — You can ask us to limit how we use your data.
Right to Data Portability (Art. 20) — You can request your data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21) — You can object to data processing based on legitimate interests.
Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at info@stellaxa.com. We will respond to your request within 30 days.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. In Slovenia, this is the Information Commissioner (Informacijski pooblascenec): https://www.ip-rs.si | gp.ip@ip-rs.si
Our website uses analytics cookies and session recording technologies to improve your experience. All analytics are activated only after you give explicit consent via our cookie consent banner.
Analytics cookies (Google Analytics 4):
_ga — Distinguishes unique users. Duration: 2 years.
_ga_* — Maintains session state. Duration: 2 years.
Session recording cookies (Microsoft Clarity):
_clck — Identifies user across page views. Duration: 1 year.
_clsk — Connects session events. Duration: 1 day.
Consent mechanism: On your first visit, a consent banner is shown before any analytics load. Your choice is stored locally in your browser (localStorage) under the key 'stellaxa-consent'. If you reject, no analytics cookies are set. You can change your choice at any time using the Cookie Settings link in the footer.
We implement Google Consent Mode v2, which ensures analytics_storage defaults to 'denied' until explicit consent is granted.
Strictly necessary: The only cookies that may be present without consent are essential functional cookies set by our framework (Next.js) for locale preferences. These do not require consent under GDPR.
We use a minimal number of third-party services:
Railway (railway.com) — Website hosting. Data shared: server logs (IP, browser info), hosted on EU servers.
Google Fonts — Typography (Cinzel, Montserrat). Data shared: none. Fonts are self-hosted at build time via Next.js and no requests are made to Google servers at runtime.
Google Analytics 4 (analytics.google.com) — Usage analytics. Data shared: anonymised usage data (pages visited, session duration, device type). Only activated after consent. Google's privacy policy: https://policies.google.com/privacy.
Microsoft Clarity (clarity.microsoft.com) — Session recording and heatmaps. Data shared: anonymised interaction data (clicks, scrolls, mouse movements). Only activated after consent. Microsoft's privacy policy: https://privacy.microsoft.com.
Google Play — Mobile app distribution. Data shared: see app's Data Safety section.
Let's Encrypt — SSL/TLS certificates. Data shared: none (certificate issuance only).
Your data is processed and stored within the European Union (Netherlands). We do not intentionally transfer personal data outside the EEA.
If a future change requires data transfers outside the EEA, we will ensure appropriate safeguards are in place (such as Standard Contractual Clauses) and update this policy accordingly.
Stellaxa's website and services are intended for a general audience. We do not knowingly collect personal data from children under the age of 16 (or the applicable age of consent in your jurisdiction).
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@stellaxa.com, and we will promptly delete that information.
Stellaxa provides divination and fortune-telling services (palm reading, tarot, astrology, and related readings) for entertainment purposes only. Our readings should not be used as a substitute for professional advice in areas such as health, finance, legal matters, or personal decisions.
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this policy. For significant changes, we will provide notice on our website.
We encourage you to review this policy periodically.
If you have questions, concerns, or requests regarding this privacy policy or our data practices, you can reach us at:
Email: info@stellaxa.com
Website: www.stellaxa.com