1. Information We Collect
- Account information: email address, name (via Google OAuth or email sign-in).
- Photos: crystal/object images you upload for aura readings. Processed server-side and stored securely.
- Payment information: processed by Stripe, Apple, or Google. We do not store credit card numbers.
- Usage data: pages visited, features used, error logs (via Sentry).
- Device information: browser type, device ID cookie (for rate limiting).
2. How We Use Your Information
- Provide aura readings and share card generation.
- Process payments and manage your credit balance.
- Improve our service and fix bugs (error monitoring).
- Prevent abuse (rate limiting, fraud detection).
3. Data Storage and Security
Your data is stored in Supabase (PostgreSQL) with row-level security policies. Images are stored in private cloud storage buckets with signed URLs. All connections use HTTPS/TLS encryption.
4. Third-Party Services
- OpenAI: processes images for aura analysis (data not retained by OpenAI).
- Stripe: payment processing.
- Supabase: database and authentication.
- Sentry: error tracking (no personally identifiable information sent).
- Replicate: background removal from images.
5. Your Rights
- Access: view your readings and account data in the app.
- Delete: delete your account and all associated data from Settings > Delete Account.
- Export: contact us to request a data export.
- GDPR: EU users have additional rights under the General Data Protection Regulation.
6. Data Retention
When you delete your account, all personal data is removed immediately. Payment transaction records may be retained for up to 7 years as required by tax and financial regulations.
7. Cookies
We use essential cookies for authentication (session tokens) and a device ID cookie for rate limiting. No third-party advertising cookies are used.