Privacy Policy

Last updated: March 16, 2026

1. Information We Collect

We collect information that you provide directly to us when you create an account, make purchases, or use the Service. This includes: your email address (required for account creation and authentication), your tarot reading history (questions asked and AI-generated interpretations), payment information (processed by Paddle — we do not store your card details), and usage data such as device information, browser type, and pages visited. We do not collect sensitive personal data such as health information, religious beliefs, or political opinions.

2. How We Use Your Information

We use the collected information for the following purposes: to provide, maintain, and improve the Service; to process transactions and manage your credit balance; to generate AI-powered tarot readings based on your questions; to send transactional emails (account verification, password reset, payment confirmations); to detect and prevent fraud, abuse, or security incidents; and to comply with legal obligations. We do not sell your personal information to third parties. We do not use your data for advertising purposes. We do not share your reading history with anyone.

3. Data Storage and Security

Your data is stored securely on cloud infrastructure in the EU (Frankfurt, Germany). We implement row-level security to ensure that users can only access their own data. All data is transmitted over HTTPS with TLS encryption. Authentication uses industry-standard security practices including password hashing and token-based sessions. We do not store payment card details — all payment processing is handled securely by our payment partner. We retain your account data for as long as your account is active. You may request deletion of your data at any time by contacting us.

4. Third-Party Services

We use third-party services to operate the platform, including: cloud database and authentication services (hosted in the EU), AI technology for generating tarot card interpretations, a payment processor that acts as the Merchant of Record for all transactions, and a content delivery network for fast page loading. Each third-party provider has its own privacy policy governing their handling of data. We only share the minimum data necessary for each service to function. AI queries do not include your personal information — only the question and card data needed for interpretation.

5. Your Rights

You have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data (right to be forgotten); export your data in a portable format; withdraw consent for data processing at any time; and lodge a complaint with a supervisory authority. To exercise any of these rights, please contact us at support@tarotai.app. We will respond to your request within 30 days.

6. Contact

For privacy-related questions or requests, please contact us at support@tarotai.app.