Privacy Policy

1. Data we collect

Account data: your email address, and the name and date of birth you provide to personalise readings.

Usage and device data: pages and actions on the Service, device type, browser language, and approximate location (country) derived from your IP address. We do not store your raw IP address with your profile — only a country and a salted, non-reversible hash used to detect abuse.

Marketing/attribution data: how you arrived (referring source, campaign and click identifiers) and an essential first-party identifier (the “vid” cookie) that ties your activity together.

Payment data: handled by our payment provider Paddle. We receive transaction and subscription status, not your full card number.

2. How and why we use it

To provide and personalise the Service and your daily readings; to operate accounts and subscriptions; to prevent fraud and abuse; to measure and improve the Service; to send service and, with your consent where required, marketing messages; and to meet legal obligations.

Legal bases (GDPR): performance of our contract with you (providing the Service and billing); our legitimate interests (security, fraud prevention, analytics and improvement); your consent (non-essential cookies and marketing, which you can withdraw at any time); and compliance with legal obligations.

3. Cookies and similar technologies

We use a strictly necessary first-party identifier to run the Service and attribute your journey, plus first-party analytics to measure and improve it; we do not use third-party advertising trackers on the Service. Marketing emails are sent only where you have opted in, and you can opt out at any time. You can manage cookies in your browser.

4. Who we share data with

We share data with processors who act on our instructions: payment/billing (Paddle), transactional and marketing email (Resend), hosting and infrastructure, and product analytics. We do not sell your personal data.

Some providers may process data outside your country; where required we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

5. Retention

We keep account data while your account is active and for a limited period afterwards as needed for legal, tax and fraud-prevention purposes. Aggregated and anonymised analytics, which no longer identify you, may be kept indefinitely.

6. Your rights

Depending on your location you may have the right to access, correct, delete, restrict or object to processing, to data portability, and to withdraw consent. EU/EEA and UK users may also lodge a complaint with their data-protection authority.

To exercise any right, contact [email protected]. You can request erasure of your account at any time; we will anonymise your personal data while retaining the aggregated analytics that no longer identify you.

7. Children and changes

The Service is for adults (18+) and is not directed to children. We do not knowingly collect their data.

We may update this policy; the date below reflects the latest version. Questions: [email protected].