HelloTarot - Privacy Policy
Last updated: January 10, 2026 · Version: v2 ·
한국어
HelloTarot (the “Service”) respects your privacy and complies with applicable laws. This Policy explains what information we process and your rights.
1. Information We Process
- Account/Profile: Supabase user ID (UUID), sign-in method; email (if provided); display name; language preference; gender/age group (if provided).
- Device/Installation & Notifications: device/installation identifier for service delivery and account restoration (e.g., device_id, install id). Installation identifiers may be stored as a hash. FCM/APNs tokens and platform for push notifications.
- Social linking identifiers (if enabled): provider-issued user identifiers (e.g., Kakao user ID) may be processed to link accounts and prevent duplicates/abuse.
- User-Generated Content: chat inputs and generated responses (may be stored per feature/operations policy); tarot results/history/journal notes; share tokens; bookmarks/entitlements.
- Engagement metrics (aggregated): content views, interests/likes, ratings, and chat session counts, plus related metadata (content/master identifiers, local day).
- Payments (if available): store receipt identifiers (order ID, purchase token, product ID). We do not store card numbers.
- Operational Logs: security/error/event logs; infrastructure may generate basic access logs (IP/header level).
- Support/Feedback: inquiry email/message and minimal metadata (locale/platform/app version); optional attachments (e.g., screenshots).
- Advertising identifiers (if enabled): ad identifiers may be processed for ad delivery/measurement, subject to platform policies and consent requirements.
2. Purposes
- Provide the Service (AI chat/tarot content, storage, sharing, content access).
- Account management and support.
- Notifications (push delivery and in-app inbox sync).
- Security and abuse prevention.
- Quality and performance improvements (including aggregated engagement metrics).
- Advertising (if enabled), subject to applicable consent requirements.
3. Processors & Cross-Border Transfers
We may use trusted partners to operate the Service, which may involve international transfers.
- Supabase Inc. (US): authentication, database, edge functions.
- Google (US): Firebase Cloud Messaging (push), Google Mobile Ads (if enabled), Google sign-in (if enabled).
- Apple (US): APNs (push), Apple sign-in (if enabled).
- Kakao (KR): Kakao sign-in/channel features (if enabled).
- Resend (US): support email delivery.
- Slack (US): operational monitoring/feedback (limited identifiers may be included).
- App stores/payment processors: billing/subscriptions and refunds.
- Cloud AI providers (if enabled): your inputs (and limited context needed to generate responses) may be sent to and processed by AI providers.
4. Retention & Deletion
Data is retained while you use the Service and can be deleted via the in-app account deletion flow (Settings > Delete Account). Deletion is intended to be immediate via cascading deletes, subject to minimal lawful/security retention (e.g., payment evidence, minimal abuse-prevention logs such as hashed installation identifiers and account creation/slot history). Backups may temporarily retain deleted data but are purged within a limited period.
5. Your Rights & Contact
You may request access, correction, deletion, restriction, or withdrawal of consent where applicable by contacting: support@hellotarot.app
6. Security
- TLS in transit; secure handling of passwords/tokens.
- Least-privilege access and auditing.
- Operational alerts include limited identifiers only.
7. Children
The Service is not directed to children; minors may require guardian consent depending on local laws.
8. Updates
Material changes will be notified in-app or via email, with the “last updated” date shown.