Privacy Policy

CODE: ABUNDANCE ("we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Bulgarian law.

We collect the following categories of personal data:

• ◆Identification data: name, email address, phone number (optional)
• ◆Birth data: date of birth, time of birth (optional), city of birth — required for Human Design, astrology, and numerology calculations
• ◆Diagnostic responses: life area ratings, priorities, goals, commitment level, income
• ◆Technical data: IP address, browser type, device information, cookies
• ◆Payment data: processed entirely through Stripe — we do not store credit card information

We use your data to:

• ◆Generate your personalized AI analysis (Human Design, astrology, numerology)
• ◆Send your diagnostic report and email communications
• ◆Process payments for paid services
• ◆Improve our services and user experience
• ◆Comply with legal obligations

We process your data based on: (a) your explicit consent given when completing the diagnostic; (b) contract performance — providing the requested service; (c) legitimate interest — improving the platform and preventing abuse.

We share data with the following service providers who act as data processors:

• ◆Supabase — database hosting and authentication (EU servers)
• ◆OpenAI — AI analysis processing (data is anonymized before sending)
• ◆SendGrid (Twilio) — email delivery
• ◆Stripe — payment processing (PCI DSS certified)
• ◆Vercel — website hosting

We retain your personal data for 2 years after your last activity or until you request deletion. Payment data is retained as required by accounting regulations (5 years).

Under GDPR, you have the right to:

• ◆Access — obtain a copy of your personal data
• ◆Rectification — correct inaccurate data
• ◆Erasure — request deletion of your data ("right to be forgotten")
• ◆Portability — receive your data in a machine-readable format
• ◆Objection — object to processing for direct marketing
• ◆Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security audits.

We use only essential cookies for site functionality and analytics cookies to improve user experience. You can manage your cookie preferences through the consent banner.

For questions about data privacy or to exercise your rights, please contact us at:

privacy@codeabundance.com

You have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) — cpdp.bg