All data collected is used solely to provide and improve the entertainment experience. We do not use your data for purposes beyond operating the Service.
Data controller: Tarot Coach. Contact: support@tarotcoach.app.
This Policy is designed to comply with applicable data protection laws in your jurisdiction, including the General Data Protection Regulation (GDPR) where applicable, and other relevant privacy and data protection legislation.
• Account Data: email, password (stored as a hash), profile data you provide (name, date of birth, optional profile photo, optional phone number). • Chat and Messages: message content, timestamps, and attachments you send (including chat with AI coaches). • Tarot Inputs: questions you type, selected spreads/cards, and related context you provide. Questions and context you enter for tarot readings are used solely to generate entertainment content. • Social Features: posts, comments, reactions, and related metadata if social feed features are available to you.
Data Collected Automatically:
• Anonymous Usage: if you use the Service without registration, you may be identified by an app-specific device identifier stored locally. We may store reading history and usage counters tied to that identifier. • Purchase and Subscription Data: subscription status, entitlement state, purchase validation signals, and transaction identifiers required to unlock premium features. • Tokens and Transactions: token balance changes, consumption, and transaction history inside the Service. • Push Notification Data: device push token (for example, Expo push token) if you enable notifications. You can disable notifications in your device settings. • Device and Technical Data: device type, OS version, app version, language, time zone, and approximate usage analytics.
We do not sell your personal data.
Consent: by using the Service and accepting this Policy, you consent to the processing of your personal data as described herein. You may withdraw consent at any time (see Section 11). Contract: to provide the Service (account, purchases, tokens, core features). Legitimate Interests: security, fraud prevention, moderation, analytics, and improving reliability. Legal Obligation: where we must retain or disclose information to comply with applicable law.
Your personal data is processed in accordance with the data protection laws applicable in your jurisdiction.
Data sent to AI providers is used only to generate your reading or response. We minimize personal data sent to AI — only the content of your question and necessary context. We do not send direct identifiers (such as your email) to AI providers.
Important: do not include sensitive personal data in prompts (for example: medical records, exact addresses, IDs, payment details). AI output may be inaccurate or incomplete and is provided for entertainment and personal reflection only.
Supabase — authentication, database, file storage, and real-time infrastructure. OpenAI — AI content generation for readings and chat. Expo / React Native tooling — app infrastructure and push delivery. RevenueCat — purchase validation and subscription state management. Apple App Store / Google Play — payment processing and subscription administration.
We may also share data if required by law, to protect users, to enforce policies, or to respond to valid legal requests from courts or government authorities.
We use RevenueCat to validate purchases and subscription entitlements and to keep your premium access in sync across devices. RevenueCat receives only anonymized purchase validation data.
Refunds and billing disputes are handled by Apple/Google under their rules. We cannot directly issue refunds for app store purchases.
If we become aware of a security incident affecting your data, we will take reasonable steps to investigate and, where required, notify affected users and/or authorities.
Account data: retained while your account is active. Anonymous usage: may be retained for a limited period for product functionality and fraud prevention. Messages and attachments: retained until you delete them (if the Service supports deletion) or until account deletion, subject to legal retention needs.
When you delete your account, we will delete or anonymize associated personal data within a reasonable time, except where retention is required by law or necessary to resolve disputes, enforce agreements, or prevent fraud.
Access / Portability: request a copy of your personal data. Rectification: correct inaccurate data. Erasure: request deletion of your data. You can delete your account in the app settings. Restriction: request restriction of processing in certain circumstances. Object: object to processing based on legitimate interests. Withdraw Consent: withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
To exercise your rights, contact support@tarotcoach.app. We respond within 30 days.
Right to complain: if you believe your data protection rights have been violated, you have the right to file a complaint with the competent data protection authority in your country of residence.