1. Information We Collect
We collect information you provide directly: email address, name (optional), birth date/time (optional for personalized readings), and questions submitted for readings. We also collect usage data such as reading history, ratings, and payment records. Authentication is managed by Auth.js with secure session cookies.
2. How We Use Your Data
Your data is used to provide and improve our services: generate personalized AI readings, manage your account and reading history, process payments, provide customer support, and send service-related communications. We do not sell your personal data to third parties.
3. AI Processing
Your questions and reading data are sent to Google Vertex AI (Gemini models) for interpretation. Google processes this data according to the Google Cloud Privacy Notice and does not use it to train their foundation models. We do not store AI prompts or responses beyond what is necessary to display your reading results.
4. Data Sharing
We share data only with: our payment processor (payment processing, merchant of record), Google Vertex AI (reading generation), Resend (transactional email), Cloudflare Turnstile (bot protection), and Sentry (error monitoring, EU region). We do not sell, rent, or trade your personal information. We may disclose data if required by law.
5. Data Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), secure password hashing, and access controls. Sensitive data such as birth date/time is stored with appropriate protections. However, no system is 100% secure.
6. Your Rights
You have the right to: access your personal data, correct inaccurate data, request deletion of your data, export your data, and withdraw consent for data processing. To exercise these rights, contact us at [email protected]. EU/EEA users have additional rights under GDPR.
7. Cookies
We use essential cookies for authentication and session management. We do not use third-party tracking cookies. Analytics data is collected anonymously to improve our services.
8. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA: the right to know what personal information we collect, the right to delete your data, the right to correct inaccurate data, the right to limit use of sensitive personal information, and the right to opt out of sale or sharing. We do not sell personal information as defined by CCPA. To exercise these rights, contact us at [email protected].
9. Brazilian Residents (LGPD)
If you are a resident of Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD): access, correction, anonymization, portability, deletion, information about data sharing, and revocation of consent. We process your data under legal bases including consent, contract performance, and legitimate interest. Our Data Protection Officer can be contacted at [email protected].
10. Canadian Residents (PIPEDA)
If you are a resident of Canada, your data is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information, request corrections, and withdraw consent. We collect, use, and disclose personal information only for purposes a reasonable person would consider appropriate.
Contact Us
If you have questions about these terms or policies, please contact us at [email protected].