tarot journal

Privacy Policy

Last updated: February 23, 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address and, if you use Google sign-in, basic profile information provided by Google.

Reading Data

We store the tarot readings you create, including card selections, journal entries, querent information, and AI-generated interpretations. This data is associated with your account.

Uploaded Content

If you upload custom deck images, these are stored securely and associated with your account.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. We receive and store your Stripe customer ID and subscription status.

Usage Data

We may collect basic usage analytics such as page views and feature usage to improve the Service.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your subscription payments
  • Generate enriched reading interpretations
  • Improve the Service based on usage patterns
  • Send important account-related communications

3. AI Processing

When you use the “Enhance with AI” feature, your card selections, spread layout, and journal context are sent to OpenAI's API to generate an interpretation. This data is processed according to OpenAI's data usage policies. We do not use your reading data to train AI models.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase — database hosting and authentication
  • Stripe — payment processing
  • OpenAI — AI interpretation generation (only when you request it)
  • Vercel — application hosting

5. Public Readings

Readings marked as public are accessible to anyone with the link. Public readings display your spread layout, card selections, journal notes, and AI interpretations. Your email address is never displayed on public readings. Pro users can make readings private.

6. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure authentication via Supabase, and row-level security policies on our database.

7. Data Retention

Your data is retained as long as your account is active. If you delete your account, all associated data (readings, querents, custom decks, uploaded images) will be permanently deleted.

8. Your Rights

You have the right to:

  • Access your personal data through the application
  • Export your readings (PDF export for Pro users)
  • Delete your account and all associated data
  • Update your account information

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies.

10. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes through the application or by email.

12. Contact

For privacy-related questions or data requests, please contact us through the application.