Privacy Policy

Last updated: April 2026

Zorya is operated from Ukraine first, but users may access the Service from other countries. This policy is designed to work for Ukraine and to support expansion, including rules similar to the GDPR where they apply. The full English text is on this page. The full Ukrainian text is under Українська версія Політики. If there is a conflict, the English version prevails unless mandatory law in your country does not allow it.

1. Data controller

The Service is operated by Tur Oleksandr Ihorovych, an individual based in Ukraine, in connection with Zorya. Privacy requests: [email protected].

2. Information we collect

We process the following categories of personal data:

• Registration and profile: phone number, name, date, time and place of birth for astrological features, gender, orientation, photos, bio, and other profile fields.
• Location: approximate or precise location when you grant permission for discovery and distance-related features.
• Usage and device data: in-app interactions such as likes, passes and chats, preferences, device identifiers, app version, and operational and security logs.
• Verification, including biometrics: images and technical data from identity verification, including selfies and liveness checks. Processing may include biometric or face-related signals used to confirm authenticity.
• Messages and content: content you send in chats and uploads required to provide the Service.
• Analytics, diagnostics, and marketing signals: pseudonymous or technical data from tools described in Section 4, such as page or screen views, campaign identifiers, crash logs, and device or browser signals needed for statistics, advertising measurement, and bug fixing.

3. How we use information

We use personal data to:

• provide dating discovery, profiles, chat, and safety features;
• compute astrological information such as natal charts, compatibility and synastry-related outputs;
• operate Zorya AI by sending prompts and context to a third-party large language model API to generate text responses for chat and readings. Outputs are informational and for entertainment; they may be inaccurate.
• verify accounts and moderate content;
• maintain security, anti-fraud measures, and service reliability;
• run analytics, measure marketing performance, and improve the product using aggregated or pseudonymous data where possible;
• comply with law and enforce our Terms.

4. Analytics, crash reporting, cookies, and similar technologies

We use third-party tools to understand how the website and App are used, to measure advertising and conversions, and to detect and fix crashes and errors. Providers may process data in the United States and other countries; we use appropriate safeguards where the law requires them, including Standard Contractual Clauses where applicable.

Google Analytics. We use Google Analytics on the website and, where integrated, in the App or in-app web content to collect pseudonymous information such as pages or screens viewed, general region, device category, and interaction events. Google’s privacy policy and terms describe how Google processes data. You can use Google’s tools and your device or browser settings to limit certain analytics signals.

Meta. We may use the Meta pixel and related technologies on the website or in linked flows to measure advertising effectiveness, build audiences, and optimize campaigns. Meta may place or read identifiers in your browser or device and receive event data. Meta acts under its own policies. Where the law requires consent for non-essential marketing or tracking, we will ask for consent before turning those features on for affected users.

Crash and error reporting. We use crash reporting or error monitoring services to collect technical diagnostics such as stack traces, device model, operating system version, app build, and coarse identifiers that help us reproduce bugs. This is limited to what is needed to maintain reliability and security.

Cookies and local storage. The website may use cookies, pixels, and similar storage for essential operation, analytics, and, where enabled, marketing. You can control cookies through your browser. If the law in your region requires a consent banner for non-essential cookies, we will show a choice before activating them.

5. Profiling and discovery ranking

We use automated processing to rank and filter suggested profiles using compatibility scores, distance, and related signals. This determines which profiles you see in discovery. This processing is not an automated decision with legal or similarly significant effects within the meaning of applicable data protection law. You may contact us if the law in your jurisdiction grants you specific rights regarding this processing.

6. Verification and biometric retention

Verification data, including data used for biometric comparison, is processed for fraud prevention and trust. Unless a longer period is required by law or by documented security needs, we store this data until you delete your account. After deletion we erase or anonymize it as part of account closure, within the timelines and exceptions in Section 12.

7. Hosting and infrastructure

Production systems run on servers hosted with Hetzner, in datacenter regions in Germany or the European Union as selected for the deployment. User photos and related objects are stored in Cloudflare R2. We apply appropriate safeguards for international transfers where the law requires them.

8. Subprocessors and international transfers

We use the following categories of subprocessors:

• Large language model provider: Alibaba DashScope, Qwen-class models, via an OpenAI-compatible API and international endpoints. Prompts may include account-related context. Data may be transferred outside your country; we use appropriate mechanisms required by law, including Standard Contractual Clauses where applicable.
• Cloudflare for R2 object storage and Turnstile CAPTCHA.
• Google for Places services used at signup, Firebase push notifications, and Google Analytics.
• Meta for pixel and advertising measurement technologies where implemented.
• Crash and error reporting providers for diagnostics, such as services comparable to Sentry or Firebase Crashlytics, as configured in the App.
• SMS and messaging providers for one-time codes and transactional messages.
• Apple and Google for app distribution and in-app purchases under their terms.

The published list may be updated. We do not sell personal data in the sense of selling lists of users for money without control; advertising partners may process data under their terms as described in Section 4.

9. Sharing

We disclose data to subprocessors as needed to operate the Service, and to public authorities when the law requires it.

10. Legal bases under GDPR

Where GDPR or similar laws apply, we rely on contract for providing the Service, legitimate interests for security, anti-fraud, product improvement, moderation, essential analytics, and crash diagnostics, and consent where consent is the appropriate basis, including for certain non-essential cookies or marketing technologies where required. You may withdraw consent where processing is consent-based, without affecting the lawfulness of earlier processing.

11. Your rights

Where applicable, you may have the right to access, rectify, erase, restrict, object, data portability, and to complain to a supervisory authority. Contact [email protected].

12. Retention

We retain data as long as needed to provide the Service and meet legal obligations. After account deletion we delete or anonymize personal data within 30 days, except backups, fraud-prevention records, and data we must keep by law. Verification and biometric data are described in Section 6. Analytics and log data may be retained in aggregated or pseudonymous form for shorter or longer periods according to provider settings and our retention configuration.

13. Security

We implement technical and organizational measures suited to the risk. No transmission or storage method is completely secure.

14. Children

Zorya is not for users under 18.

15. Changes

We may update this policy and will give notice as required by law, including in the App for material changes.

16. Contact

[email protected] · [email protected]