House Call

Privacy

House Call is currently in private beta. This page describes what we collect, why, and how we store it. Last updated 2026-05-29.

What we collect from you directly

When you sign up, we collect your name, email, birth date, birth time, birth place, and any open-ended notes you choose to add. These are required to compute your chart and write your reading. We do not collect anything you don’t tell us.

If you choose to sign in with Google, we additionally store the Google account identifier (the “sub” claim from your Google ID token) so we can recognise the same account on return. We do not receive your Google password, contacts, calendar, or any other Google profile data. See Google’s privacy policy for what Google itself processes when you sign in.

If you submit a question, a prediction, a tarot/oracle note, a piece of feedback, or your reading preferences through the app, we store that alongside your account. Optional profile fields (pronouns, relationship status, whether you have children, current city, vocational context, broader life context, accessibility preferences, which interpretive layers you want enabled) are collected only if you fill them in via /natal/settings, and exist so the practitioner can write a reading that lands at the right angle for your life. None of this is ever visible to other users, advertised against, or sold.

What we collect automatically

We use two analytics providers to understand how the app is used and to keep it performant:

  • PostHog(hosted in the EU) for product analytics: page visits, clicks, form submissions, and a few named events (e.g. when you log in). This is tied to your user account so we can see things like “how often does a reader return to their reading” - never to advertise to you or sell data anywhere.
  • Vercel Analytics for aggregate traffic measurement: page visits, approximate country/region, and the browser type. No personal data, no cross-site tracking.

Error tracking. If something breaks while you are using the app, we send the error report (the stack trace, the URL you were on, the browser/OS you were using, and the user ID of the account that hit it) to Sentry(sentry.io) so we can debug it. Sentry error context can include the data the failing function was processing - for example, the chart data being rendered, the question text that failed to save, or your account’s reading slug. Sentry retains error events for 90 days. We do not enable Sentry session replay.

Abuse prevention. If you submit a support message from a public page, we keep a one-way hash of your IP address for up to 30 days so we can detect spam patterns. We never store the raw IP. We also rate-limit some endpoints (e.g. login attempts) by IP; a shared network may briefly be throttled if many people on it are trying to sign in at once.

There are no advertising trackers, no third-party marketing pixels, and no data is sold to or shared with anyone. The only additional outbound network calls the app makes are to render fonts from Google Fonts.

Your choice. PostHog and Vercel Analytics are gated behind your consent. On your first visit you see a small banner offering Accept or Decline; both stay switched off until you Accept. If your browser reports Do Not Track, the banner doesn’t render and analytics stay off. You can revisit the decision any time via the “Cookie settings” link in the footer. Error tracking (Sentry) and abuse-prevention rate limiting fire regardless of this choice because they protect the service itself; we treat error reports as legitimate-interest processing under GDPR Art. 6(1)(f).

Cookies + session

We set a single first-party authentication cookie containing a signed JWT when you sign in. It is httpOnly, SameSite=Lax, and (in production) Secure; it is not accessible to JavaScript and is not used for cross-site tracking. The cookie holds an opaque user ID, your role, and your reading slug, and expires after 14 days. There is no analytics cookie until you consent.

How we store it

Your account, questions, predictions, feedback, and preferences live in a managed libSQL/SQLite database hosted by Tursoin the EU. Your reading itself lives as a markdown file mirrored from the practitioner’s local Obsidian vault, cloned at build time into the Vercel deployment in the Frankfurt region. Transactional email (account confirmation, deletion confirmation, occasional service notices) is delivered through Resend; your email address is transmitted to Resend only at the moment a message is sent and is not used for marketing.

Sub-processors at a glance

The full list of third-party services that may process your data on our behalf, and what each one sees:

  • Turso (EU) - primary database; all account + question + prediction + feedback rows.
  • Vercel (Frankfurt) - app + reading-vault hosting; sees every request to housecallastro.com.
  • Sentry - error tracking; sees error stack traces + the user ID and request context that triggered them.
  • PostHog (EU) - product analytics, only if you accept the cookie banner.
  • Resend - transactional email delivery; sees your email address at send time.
  • Google (only if you sign in with Google) - receives the OAuth handshake; we receive your Google sub + verified email back.
  • Anthropic (Claude API, drafting only) - receives the chart data needed for a specific section at the time the practitioner is writing it. Never receives your contact details or persistent identifiers.

Who sees it

The practitioner. They write every reading personally. No other human reads your birth data, your questions, or your reading.

Drafting is AI-assisted (Claude) against a reference framework of traditional astrology texts (Vronsky / BaZi / Vedic Jyotish). The AI never has access to your contact details or to the persistent database; only the chart data needed to write a specific section is sent at the time it is written. Final synthesis and voice come from the practitioner’s edit pass. Every reading you see has been human-reviewed by the practitioner before it ships.

How long we keep it

For as long as you have an active reading with us. If you ask us to delete your data, we delete the active row inside 72 hours and confirm by email; the row is held in a soft-deleted state for 14 days as a recovery window before being hard-purged. Deletion covers your database row, your reading markdown, and a best-effort deletion request to PostHog (fire-and-forget; if PostHog is unreachable the analytics events may persist - contact us if you need confirmation). Sentry retains anonymised error events for 90 days regardless. Account deletion now revokes every active sign-in for the account in the same transaction (added 2026-05-29), so no other device’s cookie remains usable after deletion.

Signing out everywhere. Every sign-in creates a server-side session record. You can review and revoke any session from Settings › Where you’re signed in, or use “Sign out everywhere else” to keep only the current device. Completing a password reset automatically revokes every existing session for the account.

Contact: hello@housecallastro.com (or whatever email the practitioner used to onboard you).

Your rights

You can request a copy of your data, request a correction, or request deletion at any time. We will respond within 14 days. If you are in the EU/UK and unsatisfied with our response, you can complain to your local data-protection authority.

This is not advice

Your reading is reflective writing, not medical, legal, financial, or psychiatric advice. It is offered as a perspective to think with, not a directive to follow. Decisions about your health, money, relationships, or career remain entirely yours.

← Back to sign in