Privacy Policy

1. Data we collect

• Identity and account: email, name and user id (via Google/Supabase login).
• Optional profile: preferred pronoun, birth date and intention.
• Content you create: questions, readings and interpretations; dream journal; names/nicknames in spreads; solar return.
• Payment data: handled by Stripe; we receive identifiers and status, not full card data.
• Credits: purchase and consumption history.
• Usage and device: pages and events, only if you allow analytics cookies.

2. Potentially sensitive data

Free-text fields (questions, dreams) may reveal intimate aspects. Please avoid entering health, sexual life, beliefs, or identifiable third-party data. Use nicknames or initials when asked for someone else's name.

3. Purposes

• Provide the service: generate and store your readings, dreams and profile.
• Process payments and manage credits.
• Security and abuse prevention (ethical guardrails).
• Aggregated usage analytics — only with your cookie consent.
• Comply with legal obligations.

4. Legal bases

We rely on contract performance, consent (analytics cookies and potentially sensitive content), legal obligation and legitimate interest, as applicable.

5. Artificial intelligence

Interpretations are generated by AI models (Google Gemini, with OpenAI as fallback). To produce the answer, we send the AI provider the content needed for each reading.

What is sent: the text you type (question or dream); in relationship spreads, the names or nicknames you provide; and, in the Dream Chamber, your first name, preferred pronoun, ruling arcana (derived from your birth date) and intention, to personalize the reading.

What is NOT sent: we never send the AI provider your email, your account identifier (UUID) or anything that directly links the reading to your identity in the app. Requests originate from our server.

We do not use your content to train our own models. Provider retention and use are assessed contractually. Readings are reflection tools, not deterministic predictions or professional advice.

6. Who we share with (processors)

• Supabase — authentication and database.
• Vercel — hosting.
• Stripe — payments.
• Google (Gemini / Analytics) and OpenAI — AI and, upon consent, analytics.

7. International transfers

Some processors handle data outside Brazil under appropriate safeguards, and we review the contracts with each one.

8. Retention

• Common readings: removed within a short period per service settings.
• Dreams, solar returns and profile: while the account exists or until you delete them.
• Financial ledger: as required by legal/tax obligations.
• After account deletion we remove personal content and anonymize records kept by legal obligation.

9. Your rights (LGPD art. 18)

You can confirm processing, access, correct, export, delete, withdraw consent and object. Your Account page offers data export and account deletion. For other requests, contact the privacy channel.

10. Security

We use encryption in transit, application-level encryption of sensitive fields, access control and log minimization. No system is fully secure, but we work to reduce risk.

11. Public sharing of readings

You can make a reading public via link, accessible to anyone with the link until you revoke it. Shared pages are not indexed by search engines. Do not publish third-party data.

12. Minors

The app is not intended for minors without guardian consent.

13. Changes and contact

We may update this Policy; material changes will be signaled. Questions: vianadevops@gmail.com.