Privacy Policy

Effective Date: March 26, 2026

1. Who We Are (Data Controller)

The data controller responsible for your personal data is Lukasz Fedorko, operating as Wabbit software Lukasz Fedorko. If you have questions about how your data is handled, you can contact our Data Administrator at:

Email:info@crystalcore.com

2. What Data We Collect, Why, and Our Legal Basis

CrystalCore is designed with privacy at its core. We do not require you to create an account, and we do not collect your name, email address, or direct contact information to generate your numerology readings. However, we use select third-party services to process payments and understand how our website is used.

A. Payment Processing (Stripe)

  • What is collected: When you purchase a reading, your payment details, billing information, and device/behavioral data are collected directly by our payment processor, Stripe. CrystalCore does not collect, view, or store your credit card information.
  • Why: To securely process your payment and prevent fraudulent transactions.
  • Legal Basis: Processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR) and legitimate interests in fraud prevention (Art. 6(1)(f) GDPR). Please review Stripe's Privacy Policy for details on their data handling.

B. Analytics and Marketing (Google & Meta)

  • What is collected: IP addresses, cookie identifiers, device information, and browsing behavior on our site.
  • Why: We use Google Analytics to understand website traffic, and Google Ads and Facebook Pixel to measure the effectiveness of our marketing campaigns and deliver relevant advertisements.
  • Legal Basis: Your explicit consent (Art. 6(1)(a) GDPR). These tools are only activated if you accept them via our cookie consent banner. You can withdraw this consent at any time.

3. How We Share Your Data

We do not sell your data. We only share necessary technical and transaction data with our trusted third-party processors:

  • Stripe: For secure payment processing and fraud detection.
  • Google (Alphabet Inc.): For website analytics and ad targeting.
  • Meta (Facebook Ireland Ltd.): For marketing attribution and ad targeting.

4. International Data Transfers

Our third-party processors (Stripe, Google, Meta) are based in the United States. Any transfer of your data outside the European Economic Area (EEA) is safeguarded by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an equivalent level of protection.

5. Data Retention

  • Payment Data: Governed by Stripe's retention policies to comply with global financial and tax regulations.
  • Analytics & Marketing Data: Cookie data is retained according to the specific lifespans of Google and Meta cookies (typically ranging from session-length up to 24 months), or until you clear your browser cookies or withdraw your consent.

6. Automated Decision-Making and Profiling

We do not use your data for automated decision-making that produces legal effects concerning you. Google and Meta may use your browsing data to build marketing profiles to show you relevant ads, provided you have given your consent.

7. Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

  • Right to Access: Request a copy of the personal data processed about you.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal and financial retention requirements.
  • Right to Restrict Processing: Request a temporary halt on processing your data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object & Withdraw Consent: You may withdraw your consent for analytics and marketing cookies at any time via our website's cookie settings.

To exercise any of these rights, please email info@crystalcore.com.

8. Right to Lodge a Complaint

If you believe our processing of your personal data violates data protection laws, you have the right to lodge a complaint with your local supervisory authority within the European Union.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations. The latest version will always be available on this page with the updated "Effective Date."