Back to Home

Privacy Policy

Last updated: April 2026

1. Introduction

Welcome to Totally Tarot ("we," "our," or "us"). We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

2. Information We Collect

We collect the following categories of information:

• Account Information: Email address, display name, and encrypted password when you create an account.
• Email via Landing Page & Quiz: We collect your email address when you sign up through our landing page or complete our tradition-matching quiz. Quiz results (which tradition matched you) are stored alongside your email for personalization purposes.
• Birth Data: Date, time, and location of birth that you voluntarily provide for natal chart calculations and personalized readings. This data is stored securely and used solely for generating astrological calculations.
• Reading History: Records of tarot readings, astrology charts, numerology calculations, and personalized consultations you request.
• Journal Entries: Personal journal entries you create within the app. These belong to you and are stored to provide your journaling history.
• Credit & Transaction History: Records of credit purchases, credit usage, and earning activity within the app.
• Observation Location: A saved preferred location for sky-watching features (Live Sky, Celestial Events). This is not GPS tracking.
• Profile Image: An optional profile photo you may upload, which is resized and re-encoded for storage.
• Usage Data: Basic interaction data such as feature usage patterns to improve the app experience.

3. Cookies and Local Storage

We use browser localStorage to store:

• Your display preferences (theme, settings).
• Email capture and consent status (so we do not repeatedly prompt you).
• Session authentication tokens.

We do not use traditional HTTP cookies for tracking. However, third-party tracking pixels (see Section 4) may set their own cookies in accordance with their respective privacy policies.

4. Tracking Pixels

We use the following tracking pixels on our website and landing pages:

• Meta (Facebook) Pixel: Used for analytics, measuring ad effectiveness, and potential retargeting of visitors who have interacted with our site. Subject to Meta's Privacy Policy.
• TikTok Pixel: Used for analytics, measuring ad effectiveness, and potential retargeting. Subject to TikTok's Privacy Policy.

These pixels may collect information such as pages visited, actions taken, and device information. You can opt out of targeted advertising through your browser settings or the respective platform's ad preferences.

5. Information We Do Not Collect

• We do not collect or store payment card numbers, CVVs, or banking details. All payment processing is handled by Stripe.
• We do not perform real-time GPS tracking. Location data is only used when you explicitly save an observation location for sky features.
• We do not sell your personal information to third parties.

6. How We Use Your Information

• To generate personalized tarot readings, astrology charts, numerology reports, and AI-assisted interpretations.
• To maintain your reading history so you can revisit past readings.
• To provide celestial event notifications and sky-watching features based on your saved observation location.
• To authenticate your account and provide account security features.
• To improve and maintain the quality of our services.

7. Third-Party Services

We use the following third-party services:

• OpenAI: For AI-powered reading interpretations and consultations. Your questions and chart context may be sent to OpenAI's API. We do not send your email, password, or other account credentials to OpenAI.
• Stripe: For processing credit purchases within the web app. Stripe handles all payment card data directly; we never see or store your card number. Subject to Stripe's Privacy Policy.
• Buttondown: For email newsletter delivery and subscriber management. Your email address is shared with Buttondown when you subscribe. Subject to Buttondown's Privacy Policy.
• ElevenLabs: For voice synthesis in audio features. No personal user data is sent to ElevenLabs.
• Meta (Facebook) & TikTok: Tracking pixels for analytics and advertising measurement (see Section 4).
• Apple/Google: For mobile app distribution and in-app purchases via their respective app stores.
• Expo: For mobile app delivery and updates.

8. Data Security

We implement industry-standard security measures to protect your data:

• Passwords are hashed using bcrypt with strong salt rounds before storage.
• All data transmission is encrypted via TLS/HTTPS.
• Database queries use parameterized statements to prevent injection attacks.
• Rate limiting is applied to authentication endpoints to prevent brute-force attacks.
• Security headers are applied to all responses.

9. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data: Retained until you delete your account.
• Reading history: Retained until you clear it or delete your account.
• Email subscriber data: Retained until you unsubscribe or request removal.
• Transaction records: Retained for up to 7 years for legal and accounting purposes.
• Analytics data: Aggregated and anonymized data may be retained indefinitely for service improvement.

You may delete your account and all associated data at any time through the app's Profile settings. When you delete your account, we permanently remove:

• Your account information and profile
• All reading history and saved readings
• All astrology charts and birth data
• All journal entries
• All numerology records
• All consultation history
• All credit balance and earning history
• All cached enhancements and transit data

10. Children's Privacy

Totally Tarot is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can promptly remove it.

11. Your Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Delete your account and all associated data through Profile settings, or by contacting us.
• Data Portability: Request your data in a portable format.
• Opt Out: Unsubscribe from marketing emails at any time via the unsubscribe link in any email.
• Clear History: Clear your reading history without deleting your account.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

13. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us at [email protected].