Privacy Policy

Her Galaxy Universe is a free, women-focused community platform operated from the United Kingdom. This Privacy Policy explains how we handle any personal information when you visit, browse, or use our platform.

Data Controller: Her Galaxy Universe
Country of operation: United Kingdom
Contact: support@hergalaxyuniverse.co.uk
Regulator: Information Commissioner's Office (ICO) — ico.org.uk

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Her Galaxy uses a two-layer security model. Here's exactly what we collect at each layer:

Under UK GDPR, we must have a lawful reason for processing any personal data. Here are ours:

• Consent (Article 6.1.a): When you sign up, you give consent for us to hold your email and phone for verification. You can withdraw consent at any time by deleting your account.
• Contract performance (Article 6.1.b): We need your verification details to provide the secure, women-only service you've signed up for.
• Legitimate interest (Article 6.1.f): Phone verification is essential to keep men, bots, and fraudulent accounts off the platform — protecting all members. Brief security logs are kept only to detect attempted fraud or abuse.

We will never process your data for marketing, profiling, or behavioural advertising.

We share your data with as few third parties as possible. Here's the complete list:

• Hosting (Vercel): Where this website lives. They handle standard server logs (IP address briefly, request type) under their UK GDPR-compliant Data Processing Agreement.
• SMS Verification Provider: A UK or EU-based phone verification service is used to confirm your number at signup. They process your number under a strict DPA and delete it after verification.
• Email Service: A UK or EU-based email provider sends you password resets and security notifications. Standard data processing agreements apply.
• AI Provider (Anthropic): When you chat with Galaxy Guide or Stella, your messages are sent to Anthropic to generate a response. Anthropic does not train on your conversations under their commercial terms.

Other members of Her Galaxy see only your Galaxy Name and what you post. They never see your email, phone, IP address, or any verification details.

We do not share your data with:

• Advertising networks
• Data brokers
• Marketing platforms
• Social media analytics
• Any other third party not listed above

If we are legally required to disclose information (e.g. court order), we will challenge any unreasonable request and notify you unless legally prohibited.

You have full control over any data we hold. These rights are guaranteed by law and we will always respect them quickly and free of charge.

• Right to access: Ask us for a copy of any personal data we hold about you. We'll respond within one month.
• Right to rectification: Ask us to correct anything inaccurate.
• Right to erasure ("right to be forgotten"): Ask us to delete your account and any associated data permanently. We'll do this within 30 days.
• Right to restrict processing: Ask us to pause processing your data while a query is being resolved.
• Right to data portability: Ask us for your data in a portable format you can take elsewhere.
• Right to object: Object to any processing based on legitimate interests.
• Right to withdraw consent: Withdraw any previously given consent at any time.
• Right to complain: Lodge a complaint with the ICO if you believe we've handled your data incorrectly.

To exercise any of these rights, email support@hergalaxyuniverse.co.uk. You don't need to give a reason, and we won't ask for one.

We hold data only as long as needed for the purpose it was collected.

• Verified account data (email, phone): Held while your account is active. Deleted within 30 days of account deletion.
• Posts & community content: Held while your account is active. You can delete individual items any time.
• AI conversations: Not stored after the session ends.
• Server logs (security only): Held for up to 30 days, then automatically deleted.
• Banned account records: If an account is permanently banned for abuse, we keep the email and phone hash for up to 5 years to prevent re-registration.
• Backups: Encrypted backups may persist for up to 90 days for disaster recovery, then permanently deleted.

We use as few cookies as possible. We do not use any tracking cookies, advertising cookies, or third-party analytics cookies.

Strictly necessary cookies and storage we use:

• Session cookie: Keeps you signed in during your visit. Expires when you close your browser (or sign out).
• Local storage: Saves your Galaxy Name, universe choice, pledge completion, and personal preferences — only on your device.

Because we use only strictly necessary cookies, we don't show a cookie consent banner — UK GDPR does not require one for these. If we ever add anything beyond essentials, we'll ask first.

Her Galaxy is committed to user safety. In rare circumstances, we may need to share specific information with relevant authorities — only if there is a credible risk to life. This is consistent with UK law and ICO guidance.

This means:

• If a moderator sees content suggesting imminent risk to a user (e.g. active suicide planning), we may notify emergency services.
• If a court order legally compels disclosure, we will comply only with what the order requires — no more.
• If we are alerted to child sexual abuse material, we will report it to the appropriate UK authorities.

In all other cases, your data stays with you.

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last updated" date at the top.
• For significant changes, we will notify registered users by email.
• The previous version will remain accessible for at least 12 months on request.

Continued use of the platform after a change means you accept the updated terms.