Privacy Policy

TarotLux ("we", "us") is committed to protecting your privacy. This policy explains what we collect, why, and your rights under the GDPR and similar frameworks.

What we collect

When you create an account we store your email address and your first name. When you complete onboarding we store the answers you give (focus area, current energy, vision, intention, and similar reflective inputs). When you receive a reading we store the cards drawn, the reading text, the mood you tag it with, and any private reflection you choose to write. Payment data (card details, billing address) is handled by Stripe and is never stored on our servers.

How we use it

Your data is used exclusively to provide and personalise the TarotLux service: to authenticate you, to tailor the language and emphasis of your readings, to track your journal, and to manage your subscription. We do not sell your personal data, and we do not share it with third parties for advertising or profiling.

Service providers

We rely on a small number of trusted processors who act under our instructions: Supabase (database and authentication), Stripe (payments), and email delivery providers for transactional messages. Payment processing is governed by Stripe's privacy policy, which you can review at stripe.com.

Your rights

You can request a copy of your data, correct it, or have it deleted at any time by emailing [support@tarotlux.com]. We respond within 30 days. You can also delete most personalisation answers directly from your profile.

Retention

We keep your account data for as long as your account is active. If you delete your account, we erase personal data within 30 days, except where we are required to retain billing records for tax compliance.

Contact

For privacy questions, write to [support@tarotlux.com]. This policy may be updated from time to time; the date below indicates the most recent change.

Last updated: May 2026