Privacy Policy

1. What we collect and what we keep

We limit collection to what is needed to run the service:

• Account & access: Your email address (stored as the account notification and delivery address), a unique username (you may pick one at sign-up or we derive a handle for you), password (stored as a secure hash only), date of birth, gender, paid-service entitlements (credits and access dates), and related purchase records where applicable. You can sign in with your username or your email plus password. These are used for login, age checks tied to the product, and feature access.
• Name for Kabbalah (not stored as text): First, middle (optional), and last names are collected when you generate the Zodiac + Kabbalah reading (not during generic account creation). They are used only in memory on our server to calculate Kabbalah / Chaldean numerology. We do not save those name strings in your user record. We store only derived fields (life path number and a short canonical meaning) in your divination profile.
• Face and palm imagery: When you use face or palm features, images are transmitted for analysis (including via our AI provider). We do not keep those photos as files on our systems after processing. Under U.S. and E.U. privacy frameworks, biometric and similar data can still be sensitive personal information when processed—even without long-term image retention—so we rely on your informed consent at sign-up and when you use those features.
• Reading outputs (text and structured data): We may store the text or JSON results of readings (for example, annual life reading, daily personalized horoscope cache, face/palm summaries, palm reading artifacts) so the app can show your saved content when you return. This is not a copy of your original photos.
• What we do not sell: We do not sell your personal information or biometric processing to advertisers.

2. Email, mandatory notification consent, and transactional messages

Your email address is our primary contact and account identifier alongside your username. We store it so you can recover access with email-based sign-in where supported, align settings with one delivery address, and send you Fortune-related content you asked for.

Notifications are mandatory to register. The sign-up form requires a single explicit acceptance that enables both browser push notifications (where the platform supports them) and occasional reminder email—plus records consent time for email delivery. This matches how the product treats notification-based readings: without that acceptance, you cannot complete registration, and readings that rely on notifications may remain inaccessible when enforcement is enabled in the app. This is not a hidden default; it is intentional, transparent consent at account creation—aligned with the sign-up wording and in-app explanations.

Transactional and service messages: When email reminders are enabled on your account, we may send short messages that invite you back to the site; they do not trigger your readings to be generated automatically. Personalized fortune content appears when you use the site and the controls there—not as substantive text in reminders. Dispatch uses our server-side mail integration; where configured, outbound mail is sent through Resend (resend.com) via HTTPS. Administrative and operational notices may also use the same pathway. Preference updates sent to POST /api/user/notification-settings determine whether occasional email reminders remain on after registration; signup itself records consent at the moment you create the account.

Retention and minimization: We keep your email, username, and notification preferences for as long as your account exists and we need them to provide the service. You may request rectification or erasure (including account deletion) by contacting us (see Contact). Where we no longer need data for a stated purpose and no law requires retention, we delete or de-identify it as part of reasonable housekeeping.

3. Storage and security

Data you retain with us (account fields, derived numerology, and saved reading text) is kept on servers we control, with reasonable organizational and technical measures to reduce unauthorized access, alteration, or loss. No method of storage or transmission over the internet is completely risk-free.

4. AI processing & third-party APIs

Readings are generated using AI (for example, Google Gemini). To produce a result, relevant inputs (such as birth data, derived numerology, and—for face/palm features—image data during that session) are sent to the provider under their terms and privacy policy. We do not control the provider’s infrastructure; we design our app to avoid keeping biometric image files on our side after analysis.

5. Your rights as a data subject

Under applicable U.S. and E.U. privacy frameworks, you may have rights including:

• Right to be informed: This policy describes how we process your information.
• Right to access: You may request a summary of personal data we hold about your account and saved readings. Because we do not store legal name strings or face/palm image files, there are no such files to retrieve from us.
• Right to object / withdraw consent: You may stop using features that process sensitive data, or close your account, subject to technical and legal limits.
• Right to erasure: You may request deletion of your account and associated stored content where applicable.
• Right to rectify: You may update account fields we allow you to edit (such as notification email and notification toggles exposed in the app). Derived numerology is tied to the first name Kabbalah session you used for Zodiac + Kabbalah; because we do not store that name text, revising numerology later may require support or a new account, depending on product design.

6. Responsible use & minors

We do not knowingly collect data from children (typically under 13) or from users below the age required in their jurisdiction. If we learn an account belongs to someone who does not meet applicable age rules, we may delete the account and associated data.

7. Contact