Privacy Policy

• Account & Profile: name (optional), email, password hash, subscription plan.
• Content you create: your tarot questions, saved readings, card history, notes, and preferences. These can be personal—save only what you’re comfortable storing.
• Payment: handled by Stripe, Inc.. We never store your full card details. We may store Stripe customer and subscription IDs and related metadata (e.g., plan, renewal/expiry dates, status) to manage your access.
• Usage & device: IP address, device/browser type, timestamps, referral URLs, and diagnostic logs. We may use privacy‑friendly analytics to improve features and fix issues.
• Support: messages you send us (email, forms) and their metadata.

• Provide, maintain, and improve the Services (including AI‑assisted reading interpretations).
• Authenticate you, manage subscriptions, and enforce fair‑use/quotas.
• Process payments and renewals via Stripe, Inc..
• Personalize features (e.g., your Diary, saved cards, patterns & insights).
• Communicate with you (service messages, support; marketing only with your consent).
• Prevent abuse, fraud, and violations of our Terms.
• Comply with legal obligations and resolve disputes.

We process personal data under one or more of the following legal bases: (i) your consent; (ii) performance of a contract (providing the Services you request); (iii) legitimate interests (such as securing and improving the Services); and/or (iv) compliance with legal obligations.

• Service Providers / Processors: we use trusted vendors to operate our Services, including Google Firebase (Google LLC) (hosting/auth), Stripe, Inc. (payments), andOpenAI, L.L.C. (AI text generation for readings). These providers only process data on our behalf and under contractual safeguards.
• Legal & Safety: we may disclose information to comply with law, protect our rights, users, or the public, or respond to lawful requests.
• No selling: we do not sell or rent your personal information.

Links to providers: Stripe, Firebase, OpenAI.

We use cookies and similar technologies (e.g., localStorage) to keep you signed in, remember preferences, and improve performance. You can control cookies via your browser settings. Blocking some cookies may limit functionality.

We retain your information while your account is active. If you delete your account or request deletion, we will delete or anonymize personal data within a reasonable period, except where we are required to retain certain records (e.g., billing/transaction data) for legal, tax, or security purposes.

• Access, correct, export, or delete your data (subject to legal exceptions).
• Opt out of non‑essential emails. Essential service messages will still be sent.
• Residents of certain regions (e.g., EU/UK, California, Quebec) may have additional rights such as data portability, restriction/objection to processing, and the right to limit the use/disclosure of sensitive personal information.

To exercise rights, contact us at privacy@diarytarot.com. We may need to verify your identity before responding.

We use industry‑standard safeguards to protect personal information, including TLS (HTTPS) in transit and encryption at rest via Google Firebase (Google LLC). No system is 100% secure; please use a strong, unique password and keep your login details confidential.

We are based in Canada. Our service providers may process data in Canada, the United States, and other jurisdictions. Where required, we rely on appropriate safeguards for cross‑border transfers.

The Services are not directed to individuals under 16. If you are a parent/guardian and believe a minor provided us personal information, please contact us to request removal.

We may update this Privacy Policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated version here and revise the “Last updated” date above. Material changes may also be communicated by email or in‑app notice.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at privacy@diarytarot.com.