Personalized Premium Vedic Report

Privacy Policy — AC Destiny

Last updated: September 20, 2025

Table of Contents

  1. Controller and Scope
  2. Legal Bases and Frameworks
  3. Roles: Controller vs. Processors
  4. Data We Collect
  5. Purposes of Processing
  6. Legal Bases by Purpose
  7. Who We Share Data With (Processors/Third Parties)
  8. International Transfers and Safeguards
  9. Data Retention
  10. Your Rights
  11. Security
  12. Cookies & Similar Technologies
  13. Children
  14. Changes to This Policy
  15. Contact
  16. Jurisdictional Annexes (EU/UK, U.S.–California, Brazil, Others)

1) Controller and Scope

Public brand: AC Destiny
Legal operator (Controller): TMP.LLC TheMaraPro (“TMP.LLC TheMaraPro”).
Privacy contact: [email protected]

Scope: Applies globally to users purchasing personalized digital content (astrology reports) and using AC Destiny’s WordPress/WooCommerce site and related services.

2) Legal Bases and Frameworks

Aligned with: GDPR/UK GDPR, ePrivacy, CCPA/CPRA (California), LGPD (Brazil), and general privacy principles (e.g., PIPEDA in Canada, LFPDPPP in Mexico).

3) Roles: Controller vs. Processors

  • Controller: TMP.LLC TheMaraPro determines purposes and means.
  • Processors: third-party providers processing personal data on our behalf under data-protection agreements.

4) Data We Collect

4.1 WooCommerce order data

Name, surname, email, country/city, billing address if applicable, payment method, order IDs, IP, user-agent.

4.2 Post-purchase form (Fluent Forms)

Name, surname, email, date and time of birth (24h format), city and country of birth, question/purpose (optional), consent.
Hidden fields: order_id, order email, purchased product, language (es/en).

Sensitivity note: We do not process special categories except birth date/time/place. While not revealing health or beliefs, this high-precision data may enable profiling. We apply enhanced safeguards and use it solely to produce your personalized astrology report.

4.3 Technical metadata

Essential cookies (session/security), language preference (Polylang), and other strictly necessary data.
Non-essential cookies (analytics/marketing) load only with consent (see Section 12 and our Cookie Policy).

We do not store PayPal/Apple Pay/Google Pay credentials. Card data, if any, is handled by the payment provider.

5) Purposes of Processing

  • Order processing, WooCommerce operations, and PDF invoices (PDF Invoices & Packing Slips).
  • Transactional emails via WP Mail SMTP regarding your purchase.
  • Producing your personalized astrology report from the post-purchase form and providing support.
  • Security and fraud prevention, site maintenance, and service improvement (e.g., performance via Autoptimize/Smush; CDN/security via Cloudflare).
  • (Optional, future) Marketing only with your consent.
  • Legal compliance (tax/accounting, responding to lawful requests).

6) Legal Bases by Purpose

  • Contract: sale and delivery of the digital content; support.
  • Legitimate interests: security, anti-fraud, technical operation, service improvement (balanced against your rights with opt-out where applicable).
  • Consent: non-essential cookies; marketing; any non-necessary processing. Consent is documented and can be withdrawn at any time.
  • Legal obligation: invoicing, taxes, statutory records, lawful disclosures.

7) Who We Share Data With (Processors/Third Parties)

We share data only with processors under data-protection terms and only for the purposes described:

  • InterServer (hosting)
  • Cloudflare (CDN/security)
  • WordPress + WooCommerce (e-commerce platform)
  • PayPal Payments (payment gateway; may enable Apple Pay/Google Pay)
  • WP Mail SMTP (transactional email)
  • Fluent Forms (forms)
  • PDF Invoices & Packing Slips (PDF invoicing)
  • Autoptimize / Smush (performance/optimization)
  • Polylang (language)

Crypto (future): evaluating NOWPayments/CoinGate. Not active yet; we will update this Policy prior to launch.

We do not “sell” personal information under CCPA/CPRA and do not “share” for cross-context behavioral advertising involving minors. If we ever introduce marketing tools qualifying as “sale/share,” we will request explicit consent and provide an opt-out mechanism.

8) International Transfers and Safeguards

Where data is exported outside the EEA/UK/Brazil/California, we rely on EU SCCs, UK IDTA/Addendum, transfer risk assessments, and supplementary measures (e.g., encryption in transit/at rest where available), plus DPAs with processors.

9) Data Retention

  • Orders/invoices: kept for tax/accounting periods (typically 5–10 years, depending on jurisdiction).
  • Report inputs (birth date/time/place, question): retained only to deliver your report and post-sale support; then limited archiving for 18 months for re-delivery/quality purposes, after which we anonymize or securely delete.
  • Deletion criteria: data no longer needed, consent withdrawn (where applicable), or legal/contractual periods expire.

10) Your Rights

Depending on where you live, you may request access, rectification, deletion, restriction, portability, objection (GDPR/UK GDPR/LGPD), opt-out of sale/share and targeted advertising (CPRA), and object to solely automated decisions (not used to produce legal effects here).

How to exercise: email [email protected] from your order email, stating the right you wish to exercise. We may request information to verify identity. We respond within legal deadlines (e.g., 1 month under GDPR; 45 days under CPRA; 15 days under LGPD), extendable as permitted by law with notice.

11) Security

We implement technical and organizational measures, including HTTPS encryption, role-based access controls, incident logging, backups, Cloudflare perimeter protections, and CMS hardening. No system is 100% secure; we will notify as required by law.

12) Cookies & Similar Technologies

We use essential cookies (session, security, language via Polylang). Non-essential cookies (analytics/marketing) load only with your consent via our CMP. See our Cookie Policy and on-site preferences panel for details (purposes, lifetimes, providers).

13) Children

Service intended for 18+ (or local age of majority if higher). We do not knowingly process children’s data without verifiable parental consent. Contact us if you believe a child provided data so we can delete it.

14) Changes to This Policy

We may update this Policy due to legal, technical, or business changes. We will post the effective date and, where changes are material, provide prominent notice and seek fresh consent when required.

15) Contact

Privacy, rights, or complaints: [email protected].
In the EU/UK/Brazil/California you may also contact your local supervisory authority (see Annexes).

16) Jurisdictional Annexes

Annex A — EU / UK

  • Controller: TMP.LLC TheMaraPro.
  • Main bases: Contract (digital service), Legitimate interests (security/operations), Consent (cookies/marketing), Legal obligation (invoices).
  • Transfers: SCCs + supplementary measures; UK IDTA/Addendum.
  • Supervisory authorities: national DPAs (e.g., AEPD/CNIL); UK ICO.
  • Rights: GDPR/UK GDPR arts. 15–22, including complaint and judicial remedy.

Annex B — U.S. (California – CCPA/CPRA)

  • Categories collected: identifiers (name, email, IP), commercial info (orders), internet/activity (logs), limited inferences from birth data strictly to create your report.
  • Business purposes: to provide services, security, debugging, compliance.
  • Sale/share: not selling data; if future tools qualify as “share,” we will provide a clear Do Not Sell or Share link.
  • CPRA rights: know, access, correct, delete, portability, limit use of sensitive info (not applicable beyond minimal protected use), opt-out of sale/share.
  • Appeal: if we deny a request, we will explain how to appeal.

Annex C — Brazil (LGPD)

  • Controller: TMP.LLC TheMaraPro.
  • Bases: contract (art. 7-V), legal obligation (art. 7-II), legitimate interest (art. 7-IX) for security/operations, consent where applicable (cookies/marketing).
  • Rights: confirmation, access, correction, anonymization/blocking/deletion, portability, info on sharing, consent revocation, review of automated decisions.
  • ANPD: you may file a complaint with the Autoridade Nacional de Proteção de Dados.

Annex D — Others (Canada/Mexico & general principles)

  • Canada (PIPEDA): meaningful consent, safeguards, access/rectification.
  • Mexico (LFPDPPP): ARCO rights and clear privacy notices.
  • We apply data minimization, purpose limitation, and security globally.