Home Page

PRIVACY POLICY

Last updated: May 24, 2026

1. DATA CONTROLLER AND CONTACT

1.1. The data controller responsible for the processing of your personal data within the framework of the personal non-commercial research project Qi Chart is the following natural person:

Name and Surname: Mikhail Sukhoverkhiy

Identification document: NIE Z2887058B

Residential address: 03710, Calp, Spain

Contact email: qichartinfo@gmail.com

1.2. The Qi Chart platform processes data in strict compliance with the EU General Data Protection Regulation (GDPR), the Spanish Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as the Spanish Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

2. DATA CATEGORIES AND LEGAL BASES (PRIVACY BY DESIGN)

2.1. AGE LIMIT (MINORS' DATA) The use of the services of the Platform's Personal Area is permitted if:

You are at least 14 years of age if you reside in the territory of the Kingdom of Spain (in accordance with Art. 7 of the Spanish Organic Law LOPDGDD);

You are at least 13 years of age if you reside in the territory of the United States (in accordance with the COPPA Act);

You are at least 16 years of age (or the age of consent established by your local legislation for the processing of personal data) if you reside in any other country in the world.

If you have not reached the specified age, account registration and the provision of personal data are permitted exclusively with the express consent of your parents or legal guardians. The Platform reserves the right to request proof of such consent and to delete the account if it is not provided.

We have divided the technical architecture of the project into two independent levels to guarantee the maximum protection of user privacy:

A. Guest Access Level (Without Account Registration)

Processing mechanism: Client-side hash processing and encryption technology (Client-Side Hash) is used. All parameters of your calculation (date, time, geographical coordinates of birth) are encrypted in the user's browser and placed in the URL address after the hash symbol (#).

Privacy: In accordance with the technical specification of Internet protocols RFC 3986, these parameters are processed exclusively by your browser and are not physically transmitted to our web servers during requests. We do not store this data in databases nor do we record it in system logs. The Platform does not act as the Data Controller for this data, as it technically has no access to it.

Legal basis: Your own conclusive action when starting the calculation on your device.

B. Registered User Level (Personal Area)

Processing mechanism: Upon creating a personal area, your calculation data is saved in a secure PostgreSQL database on servers located in France (European Union).

Legal basis (Article 6.1.b of the GDPR): The storage of data is a necessary requirement for the performance of the contract (provision of the free features of the Personal Area).

Sensitive data (Article 9 of the GDPR): Given that metaphysical calculations may indirectly reveal or suggest your philosophical or religious beliefs, we classify this data within the special categories of data. By registering an account and saving charts in the Personal Area, you grant us your prior, express consent for its technical storage in the database (Article 9.2.a of the GDPR). You have the right to withdraw this consent at any time.

Third-party data: If you enter birth data of third parties (family members, acquaintances) into the personal area, you warrant under your sole responsibility that you have obtained prior and express consent from them for such processing and that you have made this Policy known to them.

When a registered user shares a calculation link with third parties, the Platform generates a link with an anonymous key (https://qichart.com/?share=UUID), which does not contain any personally identifiable information (PII) in the URL string. Access to the calculation is provided by the server only under the condition that the account holder has manually changed the status of the calculation to "Public" within the interface of their Personal Area.

C. Technical and System Level (Security)

Composition of data: IP address, browser type and version, operating system, technical session cookies.

Purpose of processing: To guarantee the stable functioning of the website, prevent DDoS attacks, and block unauthorized access attempts.

Legal basis (Article 6.1.f of the GDPR): Legitimate interest of the Data Controller to maintain the security of the Project's information infrastructure. The Platform does not carry out automated decision-making, including profiling as referred to in Article 22 of the GDPR.

3. AUTHORIZATION THROUGH GOOGLE / APPLE / FACEBOOK

3.1. When using third-party OAuth authorization, we receive only your email, internal user ID, and profile name provided by the identity provider.

3.2. International transfer of data during authorization: These login methods may involve the international transfer of your technical identifiers to the providers' servers outside the European Economic Area (EEA), in particular, to the USA. By choosing this method of authorization (Google, Apple, or Facebook), you directly request and initiate such transfer, which is technically necessary for the performance of the services of your account at your request (in accordance with Article 49.1.b of the GDPR). As additional security safeguards, such transfer is also governed by the Standard Contractual Clauses (SCC) approved by the European Commission, and by the participation of said service providers in the EU-U.S. Data Privacy Framework.

4. SECURITY AND TECHNICAL PROTECTION MEASURES (Article 32 of the GDPR)

In accordance with Article 32 of the GDPR, the following measures are applied to protect your personal data:

4.1. Local isolation: Guest calculation data does not leave their browsers, which completely eliminates the risk of leakage from the Project's servers.

4.2. Encryption in transit: The transmission of all data between your device and the Platform's servers is encrypted using SSL/TLS protocols.

4.3. No hidden tracking: The Platform does not deliberately integrate third-party analytical, marketing, or advertising scripts (including social network pixels, external chats, or external web analytics systems) that are capable of covertly reading hash values (hash parameters) from the URL addresses in the User's browser.

4.4. Pseudonymization of registered users: The data entered for calculations in the Personal Area is stored in isolation from your account registration data (email).

4.5. Web server traffic logs: The technical logs of the web server (Nginx/CDN) record only technical parameters (IP address, clean URL without calculation parameters) for protection against attacks. Security logs are kept for a maximum period of 30 days and are automatically destroyed.

4.6. Duty of confidentiality: The Data Controller and any person involved in technical support who has access to your personal data during its processing are committed to strict professional secrecy and confidentiality, in accordance with Article 5 of the Spanish LOPDGDD and Article 5.1.f of the GDPR. This obligation is of an indefinite nature and shall persist after you cease to use the Platform.

4.7. Engagement of Sub-processors (Email Delivery Services): For the physical delivery of system transactional emails (email confirmation links, password recovery) and newsletters approved by you, the Platform engages third-party specialized delivery services (specifically, Resend, Inc., USA, and Mailjet SAS, France). The transfer of your email address and name to these services is technically necessary to ensure the functionality and security of the Personal Area (in accordance with Art. 6(1)(b) of the GDPR). These sub-processors process your data strictly on behalf of the Controller under the concluded Data Processing Agreements (DPA). For Mailjet SAS, data processing is carried out within the European Union (France). For Resend, Inc., the data transfer is governed by the Standard Contractual Clauses (SCC) approved by the European Commission, as well as the company's official certification under the EU-U.S. Data Privacy Framework. These services are not authorized to use your contact details for their own marketing or any other purposes.

5. COOKIES AND "LIVE RADAR" ANALYTICS

5.1. The Platform allows for granular cookie management through an interactive consent banner:

Technical (Mandatory): These guarantee your authentication, security, and protection against spam bots on the server side (without cross-site tracking). These cookies do not require consent in accordance with Article 22.2 of the Spanish Law LSSI-CE and the guidelines of the Spanish Data Protection Agency (AEPD).

Functional (subject to consent): These preserve your interface preferences (language, color theme).

Analytical (subject to consent): These help us evaluate the popularity of the Platform's sections through the anonymous "Live Radar" system. This system automatically removes the hash portion of the URL (#) before recording visits, completely excluding the accidental collection of guests' personal data.

5.2. You can withdraw your consent or modify your cookie settings at any time through the configuration panel located in the website's footer.

6. RIGHTS OF THE DATA SUBJECTS AND RESPONSE TIMEFRAMES (Article 13 of the GDPR)

6.1. You have the following rights in relation to your personal data:

Right of access and rectification: This is exercised autonomously through the interface of the Personal Area.

Right to erasure and data blocking: The "Delete Account" button is available in the profile settings. Upon activating it, your data is immediately excluded from active processing operations on the website. In accordance with Article 32 of the Spanish LOPDGDD, these data will be subject to a blocking and archiving regime (data blocking under Spanish law). Blocked data will be kept in an encrypted and isolated format exclusively at the disposal of judges and courts, the Public Prosecutor's Office, the Spanish Data Protection Agency (AEPD), or other competent authorities to address potential liabilities arising from the processing during their statute of limitations (as a general rule, up to 3 years), after which they will be permanently destroyed. Data in backups will be automatically overwritten in the course of scheduled rotation within a maximum period of 30 days.

Right to restriction of processing, data portability, and withdrawal of consent: You have the right to withdraw your consent for data processing at any time, as well as to request the download of your data in a structured, machine-readable format, or to restrict its processing in cases provided by law.

6.2. Exercise of rights: Please address a written request to the email: qichartinfo@gmail.com.

6.3. Response timeframes: We commit to responding to your request free of charge within one month from its receipt (in accordance with Article 12.3 of the GDPR). In cases of particular complexity, this period may be extended by two additional months, of which we will inform you within the first month.

6.4. Claims: You have the legal right to file a claim with the data protection supervisory authority in Spain: the Spanish Data Protection Agency (AEPD), located at Calle Jorge Juan 6, 28001, Madrid, Spain (www.aepd.es).

6.5. Rights of deceased persons (Article 3 of the LOPDGDD): In the event of the death of a Platform user, persons linked to the deceased for family or factual reasons, or their heirs, may contact the Data Controller to request access to the deceased person's personal data, its rectification, or its erasure (unless the deceased person had expressly prohibited it or as established by law).

7. INFORMATIVE AND TECHNICAL COMMUNICATIONS (LSSI-CE)

The Platform strictly complies with the requirements of Article 21 of the LSSI-CE and does not send users any commercial or informative communications (such as project news or system updates) by email without their prior and express consent (opt-in), obtained during registration or in the Personal Area. You have the right to withdraw this consent at any time by clicking on the "Unsubscribe" link located at the bottom of any email received, or by sending a request to qichartinfo@gmail.com.