Sacrena Privacy Policy

Last Updated: May 6th, 2026

This Privacy Policy explains how Sacrena, Inc. (“Sacrena,” “we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use the Sacrena mobile application, the website at sacrena.com, and related services (the “Service”). Please read it carefully. By using the Service, you agree to the practices described here.

Quick contacts: Privacy and data-rights requests: legal@sacrena.com. Mailing address: Sacrena, Inc., 651 N Broad St, Suite 201, Middletown, DE 19709, United States.

1. Summary of Key Points

What we collect: Profile info you provide, photos, birth details for astrological features, in-app behavior (via PostHog analytics), device info, payment metadata (via Adapty), and limited communications data.
Why we collect it: To run the Service, match you with other users, generate compatibility insights and vision boards, prevent fraud and abuse, comply with law, and improve the Service.
Sensitive data: Sexual orientation, partner preference, and birth details are sensitive personal information. We collect these only with your knowledge and only to provide the Service. We do not sell or share them for cross-context behavioral advertising.
Your rights: You can access, correct, delete, or export your data; opt out of marketing; and (in California, EU, UK, and other jurisdictions) exercise additional rights described in Section 11.
Account deletion: You can delete your account in-app or by emailing legal@sacrena.com. We delete photos and personal information promptly. We retain limited de-identified analytics data as described in Section 8.

2. Who We Are (Data Controller)

Sacrena, Inc., a Delaware corporation, is the controller of your personal data:

Sacrena, Inc.
651 N Broad St, Suite 201, Middletown, DE 19709, United States
Email: legal@sacrena.com

EU/UK Representative: We are appointing a representative in the EU and UK pursuant to Article 27 GDPR and UK GDPR. Contact information will be added here when finalized. In the meantime, EU/UK users may contact us at legal@sacrena.com.

3. Information We Collect

3.1 Information You Provide

Category	Specific Data Points
Account Identifiers	Phone number, email address, Apple ID or Google ID (depending on sign-up method), unique user ID assigned by Sacrena.
Profile Information	First name, last name (optional), date of birth, gender, sexual orientation, partner sexuality preference, current location (city), profile photos, dietary preferences, biographical text, prompts and responses.
Birth Chart Data	Date of birth, time of birth, and place of birth — used to generate astrology, numerology, and Human Design profiles.
Decode Responses	Your answers to the 39-question Decode behavioral compatibility assessment. Decode is shown to you and your matched users only after you have matched; it is not used in the matching or discovery algorithm.
Verification Photos	Selfies submitted for photo verification. These are processed by an in-house automated matching model. Failed verification selfies are automatically deleted within 30 days.
Vision Board Inputs	Text prompts you write, virtues you select, and aesthetic preferences you choose to generate vision boards.
Communications	Messages you send to other users, support emails, reports you submit about other users.
Payment Metadata	Subscription tier, purchase date, renewal date, and transaction status. Apple and Google process the actual payment — Sacrena does not collect or store credit card numbers, bank details, or payment credentials.

3.2 Information We Collect Automatically

Category	Description
Device & Technical	Device model, operating system version, app version, device ID, IP address, network type, language, time zone, crash logs.
Usage & Analytics	Screens viewed, features used, taps and interactions, session length, onboarding progress, time spent in the app — collected via PostHog analytics. We use this to improve the product, fix bugs, and understand user journeys.
Performance & Push	Crash diagnostics, performance metrics, push notification delivery — collected via Firebase.
Location (Coarse)	We do not track your location in the background. Your “current location” comes from the city you provide. We may infer approximate location (country, region) from your IP address for fraud prevention and legal compliance.

3.3 Sensitive Personal Information

The following are treated as “sensitive personal information” under California law (CPRA) and “special categories of personal data” under EU/UK GDPR:

Sexual orientation;
Partner sexuality preference;
Precise birth location and time (used for astrological features).

How we handle sensitive data: We collect this information solely to operate Sacrena (matching, compatibility, astrological insights). We do not use it for advertising, marketing personalization, or profiling beyond what is necessary to provide the Service. We do not sell or share it for cross-context behavioral advertising. EU/UK users: we rely on your explicit consent under GDPR Article 9(2)(a) to process this data; you may withdraw consent at any time by deleting your account.

4. How We Use Your Information

We use your information for the following purposes:

Purpose	Data Used	Legal Basis (EU/UK)
Operate the Service: account creation, login, profile, discovery, matching, messaging.	Account, profile, device, communications.	Performance of contract (Art. 6(1)(b)).
Generate compatibility insights: Decode scoring, astrology, numerology, Human Design.	Decode responses, birth data, profile data.	Performance of contract; explicit consent for special category data (Art. 9(2)(a)).
Generate vision boards.	Prompts, selected virtues, aesthetic context.	Performance of contract.
Trust & safety: photo verification, fraud detection, content moderation, ban enforcement.	Photos, device IDs, IP, reports, behavioral signals.	Legitimate interest in protecting users and the Service (Art. 6(1)(f)).
Process payments and manage subscriptions.	Subscription metadata via Adapty.	Performance of contract.
Send transactional messages (OTP, security, billing).	Phone, email.	Performance of contract.
Send marketing messages (only to users who opt in).	Email or phone, with consent record.	Consent (Art. 6(1)(a)).
Improve the Service, fix bugs, run analytics.	Usage data via PostHog, crash data via Firebase.	Legitimate interest in product improvement.
Comply with law, respond to legal requests, enforce Terms.	Any data as legally required.	Legal obligation (Art. 6(1)(c)); legitimate interest.

5. Third Parties Who Process Your Data

We share data with the following service providers, each of whom is contractually bound to use it only on our instructions and to protect it appropriately. They are processors, not independent controllers.

Vendor	Purpose	Data Shared
Amazon Web Services (AWS)	Cloud hosting (US East), data storage, automated backups, vision board image storage in S3.	All Service data (encrypted at rest).
Firebase (Google)	Push notifications, remote configuration, authentication, crash reporting.	Device tokens, user IDs, crash logs, app config flags.
PostHog	Product analytics: events, screen views, user-journey tracking, churn analysis.	Pseudonymized user IDs, screen views, event names, device type, country.
Adapty	Subscription management, revenue tracking, paywall configuration.	User ID, subscription status, transaction metadata. Apple and Google process the actual payment.
Twilio	SMS delivery for one-time-password (OTP) login codes.	Phone number, OTP code, delivery status.
SimplyTexting	SMS delivery for non-OTP messages, including (with separate opt-in) onboarding completion reminders. Used only for users in the United States and Canada.	Phone number, message content, delivery status, opt-out (STOP) status.
OpenAI	AI image generation for vision boards (gpt-image-1 model); text-based interpretation generation for Numerology and Tarot reports; prompt refinement for user-written vision board prompts.	For vision boards: aesthetic style, selected virtues, relationship style, and (if user-written) the user’s text prompt. For Numerology: calculated numbers (such as life path number); no name, phone number, or directly identifying data. For Tarot: card numbers and reading context. We do not send your name, photos, profile, or contact details.
AstrologyAPI.com	Generates astrology charts and compatibility reports.	Date, time, and place of birth; gender. Pseudonymized — no name or contact details.
BodygraphChart.com	Generates Human Design charts.	Date, time, and place of birth. Pseudonymized — no name or contact details.
GetStream	In-app messaging infrastructure between matched users.	User ID, first name, profile photo, message content.
Microsoft 365 (Outlook)	Email infrastructure for support and legal addresses (tribe@sacrena.com, legal@sacrena.com).	Email content and metadata when you contact us.
Vercel	Web hosting for sacrena.com.	Standard web request data (IP, user agent) when you visit the website.
Apple App Store / Google Play	Payment processing for subscriptions.	Payment data is collected directly by Apple or Google. Sacrena receives only confirmation and metadata.

5.1 We Do Not Sell Your Personal Information

Sacrena does not sell personal information for money. Sacrena does not “share” personal information for cross-context behavioral advertising as those terms are defined under California law (CPRA). We do not provide your data to advertising networks, data brokers, or third parties for their own marketing purposes.

5.2 Legal Disclosures

We may disclose your information when required by law (subpoena, court order, government request) or when we believe in good faith that disclosure is necessary to (a) comply with legal process, (b) protect the rights, property, or safety of Sacrena, our users, or the public, (c) detect, prevent, or address fraud, security, or technical issues, or (d) enforce our Terms.

5.3 Business Transfers

If Sacrena is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (via email or in-app notice) of any change in ownership or use of your data, and any new owner will be bound by this Privacy Policy or will give you notice of any changes.

6. International Data Transfers

Sacrena is based in the United States, and our infrastructure (AWS, Firebase, PostHog, OpenAI, etc.) is primarily hosted in the U.S. If you are located outside the U.S., your information will be transferred to and processed in the U.S. and other countries with different data protection laws.

EU/UK users:We rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA) for transfers of personal data outside the European Economic Area and United Kingdom. Where applicable, we also rely on the EU-U.S. Data Privacy Framework. You may request a copy of our transfer mechanisms by emailing legal@sacrena.com.

7. Cookies and Similar Technologies

The Sacrena website uses essential cookies for site operation. The mobile app uses local storage and SDKs (PostHog, Firebase, Adapty) that perform similar functions. We do not use third-party advertising cookies or trackers. Where required by law, we will request your consent for non-essential cookies.

8. Data Retention

8.1 While Your Account Is Active

We retain your personal information for as long as your account is active and as needed to provide the Service.

8.2 When You Delete Your Account

When you delete your account (or we delete it for cause), we promptly delete:

Profile photos;
First name, last name, biographical content, and profile fields;
Birth chart details (date, time, place of birth);
Decode responses;
Vision board content;
Verification photos and selfies;
Email, phone number, and Apple/Google sign-in identifiers (subject to a brief delay for fraud prevention);
Messages you sent (subject to retention by recipients);
Marketing-consent records (where applicable).

8.3 Limited Data We Retain After Deletion

To measure churn and improve the Service, we retain a minimal de-identified record after account deletion. The retained record contains:

Internal user ID (no longer linked to any personal information);
Country and platform (iOS or Android);
Gender;
General location at the city/state level (no precise coordinates);
Onboarding date and termination date.

Retention period: We retain this churn record for up to 24 months from the date of account deletion, after which it is aggregated into anonymous statistics or deleted. EU/UK users may request earlier deletion of this record by emailing legal@sacrena.com; we will honor such requests except to the limited extent retention is required by law.

8.4 Other Retention Triggers

Backups: encrypted automated database backups may persist for the duration of our standard backup retention period (typically 7 to 30 days) before being purged in the normal course of operations. Erasure requests received during the retention window will be honored from primary storage immediately and from backups when those backups are next rotated.
Trust and safety records: information about banned accounts (banned device hash, banned phone hash, ban reason) may be retained indefinitely to enforce bans and prevent re-registration.
Legal holds: data subject to a legal preservation request will be retained until the request is lifted.
Tax and financial records: retained for the period required by applicable tax law (typically 7 years).

9. Data Security

We use commercially reasonable safeguards to protect your information, including:

Encryption of data in transit (TLS) and at rest (AWS-managed encryption);
Access controls: production data access is restricted to authorized personnel on a need-to-know basis with multi-factor authentication;
Regular credential rotation and security review;
Rate limiting and abuse-detection on authentication endpoints;
Automated and human review of suspicious activity.

No system is perfectly secure. If we become aware of a personal data breach, we will notify affected users and applicable regulators in accordance with applicable law (including within 72 hours under GDPR and within the timelines required by U.S. state breach laws).

10. Children’s Privacy

Sacrena is intended only for adults (18+). We do not knowingly collect personal information from anyone under 18. If we discover that we have collected information from a minor, we will delete it immediately and may suspend the account. Suspected exploitation of minors is reported to the National Center for Missing & Exploited Children (NCMEC) and law enforcement as required by 18 U.S.C. § 2258A. If you believe a minor has provided information to Sacrena, please email legal@sacrena.com.

11. Your Privacy Rights

11.1 Rights Available to All Users

Regardless of where you live, you can:

Access and correct your information through the Sacrena app (Settings → Profile);
Delete your account through the app (Settings → Account → Delete Account) or by emailing legal@sacrena.com;
Opt out of marketing emails via the unsubscribe link, or marketing SMS by replying STOP;
Contact us with questions or complaints at legal@sacrena.com.

11.2 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, disclose, and sell or share;
Access a copy of your personal information;
Correct inaccurate personal information;
Delete personal information (subject to exceptions);
Limit the use and disclosure of your sensitive personal information to what is necessary to perform the Service;
Opt out of sale or sharing — note: we do not sell or share personal information for cross-context behavioral advertising;
Non-discrimination: we will not deny service, charge different prices, or provide a different level of service for exercising these rights.

To exercise these rights, email legal@sacrena.comwith the subject “California Privacy Request.” We will verify your identity (typically by confirming control of your account email or phone) before responding. Authorized agents may submit requests on your behalf with written authorization.

Limit Use of Sensitive Personal Information:We use sensitive personal information only as necessary to provide the Service (matching, compatibility insights, age verification, fraud prevention) and as permitted by California Civil Code § 1798.121. We do not use SPI for inferring characteristics or other purposes that would trigger the right to limit. If we ever change this practice, we will provide a “Limit the Use of My Sensitive Personal Information” link.

Shine the Light: We do not share personal information with third parties for their direct marketing purposes.

11.3 EU and UK Residents (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

Right of access (Article 15);
Right to rectification (Article 16);
Right to erasure / “right to be forgotten” (Article 17);
Right to restriction of processing (Article 18);
Right to data portability (Article 20);
Right to object to processing based on legitimate interests (Article 21);
Right to withdraw consent at any time (without affecting the lawfulness of prior processing);
Right not to be subject to solely automated decision-making with legal or similarly significant effects (Article 22);
Right to lodge a complaint with your local supervisory authority.

Automated decision-making:Sacrena uses algorithms to rank and surface profiles in your discovery feed, including astrological compatibility scoring. The Decode behavioral compatibility assessment is not used in the matching or discovery algorithm; it is shown to you only after you and another user have already matched, as additional insight into your compatibility. None of this is a “solely automated decision” with legal effects — you remain in full control of which profiles you connect with and which matches you pursue. The Decode score is deterministic based on your responses and does not involve machine learning. If you wish to request human review of how compatibility scoring affected your experience, contact legal@sacrena.com.

To exercise GDPR / UK GDPR rights, email legal@sacrena.com. We will respond within 30 days (extendable by 60 days for complex requests). If we cannot verify your identity or the request is manifestly unfounded or excessive, we may refuse or charge a reasonable fee.

11.4 Other U.S. State Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, and other states with comprehensive privacy laws have rights similar to those described above. Email legal@sacrena.comto exercise them. You may also have a right to appeal a denial; contact us with the subject “Appeal” within 60 days of the denial.

12. Communications and Messaging

12.1 Transactional SMS (OTP and Security)

When you provide your phone number to log in, we send you one-time-password (OTP) login codes and security alerts via SMS through Twilio. You consent to these messages by submitting your phone number, because they are necessary to operate the Service. Standard message and data rates may apply. Reply STOP to opt out (this will prevent SMS-based login).

12.2 Informational SMS (Account Status)

From time to time, we may send you SMS messages about the status of your account, such as notifications that your profile will be hidden due to inactivity, that a feature you are using is changing, or other account-state updates. These messages are informational, not promotional: they tell you about a change to your account and do not contain offers, promotions, or pricing information. We send them because they are helpful to maintaining your relationship with the Service. Reply STOP at any time to opt out.

12.3 Onboarding and Marketing SMS

For users in the United States and Canada, we may send promotional SMS messages, including a follow-up SMS through SimplyTexting if you log in with a phone number but do not complete onboarding within 7 hours. We send these messages only if you have separately opted in by checking a marketing-consent box at the time you provide your phone number. We do not send these messages to users outside the United States and Canada. SimplyTexting honors STOP replies automatically and unsubscribes you immediately.

12.4 Email Communications

When you create a Sacrena account, you may receive emails from us in two categories:

Transactional emails(account, security, billing, and important Service updates) — we send these for as long as you have an active account, regardless of marketing preferences. You cannot opt out of these without deleting your account.
Marketing emails(new features, special offers, content, and product news) — we send these because you are a Sacrena customer and we believe you are interested in updates about the Service. You can opt out at any time by clicking “Unsubscribe” at the bottom of any marketing email or by adjusting your preferences in Settings → Email Preferences.

We comply with the U.S. CAN-SPAM Act and applicable state law. Every marketing email includes our physical address, identifies Sacrena as the sender, and provides a working unsubscribe mechanism. We honor unsubscribe requests within 10 business days, typically much sooner.

12.5 Privacy of Mobile and Email Data

Mobile information you provide for SMS purposes (phone number, opt-in status, message content) will not be sold or shared with third parties for marketing or promotional purposes. Email addresses you provide will likewise not be sold or shared with third parties for their own marketing purposes. Originator opt-in data and consent are not shared with any third parties.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notice or email at least 14 days before the effective date, and we will update the “Last Updated” date above. We encourage you to review the policy periodically.

14. How to Contact Us

Questions, complaints, or requests:

Sacrena, Inc.
Attn: Privacy Officer
651 N Broad St, Suite 201
Middletown, DE 19709
United States

Email: legal@sacrena.com

EU/UK supervisory authorities:You have the right to lodge a complaint with your national data protection authority. A list of EU authorities is at edpb.europa.eu. The UK authority is the Information Commissioner’s Office (ico.org.uk).