Legal

Privacy Policy

Last updated: July 5, 2026

reloom exists to read a birth moment back to you — which means we handle data that is personal by nature. This page explains, plainly, what we collect, why, who processes it for us, and the rights you keep over it. The controller is Ray Bogman (reloom.life), the Netherlands — [email protected].

1. What we collect, and why

  • Account data — your email address and a password (stored only as a salted hash). Used to sign you in and to send service messages.
  • Birth data — the date, time and place of birth for you and for the profiles you add, plus optional names and notes. This is the raw material of every chart and reading; without it reloom cannot work.
  • Billing data — handled by Stripe. We keep your plan, invoices and a customer reference; we never see or store your full card number.
  • Usage data — privacy-friendly, aggregated analytics (page views, performance) via Vercel Analytics and Speed Insights. No advertising trackers, no cross-site profiling, no data sales.
  • Connected sites — if you connect a site (e.g. our WordPress plugin), we store the connection’s token and the profiles that site syncs to your account.

Legal bases under the GDPR: performance of our contract with you (charts, readings, billing), our legitimate interest in running and securing the service (analytics, fraud prevention), and your consent where required. Birth data of other people you add is processed on the basis that you have informed them and they agree.

2. Who processes data for us

We use a small set of processors, each only for its job:

  • BodyGraphChart (api.bodygraphchart.com) — receives birth date, time and place to compute the bodygraph and resolve birth locations/timezones.
  • Anthropic (Claude API) — receives the computed chart geometry and profile context to generate readings. Anthropic does not train its models on this API data.
  • Stripe — payments and subscription billing.
  • Vercel — hosting, content delivery and the aggregated analytics described above.
  • Our database provider — encrypted storage of the data described in section 1.

We share data with no one else, and we never sell it. Where a processor is outside the EEA, transfers rest on the EU Standard Contractual Clauses or an adequacy decision.

3. Cookies

reloom uses a session cookie to keep you signed in, and Vercel’s analytics beacon (cookieless, aggregated). No advertising or third-party tracking cookies.

4. How long we keep it

Your account, profiles, charts and readings are kept for as long as your account exists — that is the product: your readings stay saved. Delete a profile and its charts and readings go with it. Delete your account and we erase your data within 30 days, except invoices and records we must keep for tax law (7 years, in the Netherlands) and minimal logs kept briefly for security.

5. Your rights

You can access, correct, export or delete your data — most of it directly in the app, all of it by emailing us. Under the GDPR you also have the right to restrict or object to processing, the right to data portability, and the right to lodge a complaint with your supervisory authority (in the Netherlands: the Autoriteit Persoonsgegevens). We respond within 30 days.

6. Security

All traffic is encrypted in transit (TLS); data is encrypted at rest. Passwords are hashed, access tokens are scoped and revocable from your dashboard, and API calls from connected sites run server-side so tokens never pass through a browser. No system is perfect — if a breach ever affects your data, we will notify you and the authority as the law requires.

7. Children

reloom is not directed at children under 16, and we do not knowingly hold accounts for them. Birth data of a child added as a profile by a parent or guardian is the guardian’s responsibility and is treated with the same care as all birth data.

8. Changes to this policy

When this policy changes materially, we will tell you by email or in the app before the change takes effect. The date at the top always reflects the current version.

See also the Terms of Service · Questions or requests: [email protected]