Privacy Policy

1. Introduction

Arcana ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using Arcana, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Summary: We collect minimal data necessary to provide personalized readings. We never sell your personal information. Photos you submit for readings are sent to our secure interpretation service and are not retained after your reading completes.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account or use certain features, we may collect:

Account Information: Name, email address, username, and password (handled securely via Supabase Auth).
Birth Data: Birth date, birth time, and birth place (used to generate your natal chart, daily alignment, and horoscope).
Reading Submissions: Photos of your palm, coffee cup, or face; text descriptions of your dreams; questions for tarot spreads.
Friend Data: Names, birth dates, and usernames of friends you add to Arcana's friend features.
Journal Entries: Titles and summaries of your saved readings.
Payment Information: Subscription and purchase data is processed securely by Apple App Store or Google Play. We do not store your credit card details.
Communications: Any messages, feedback, or support requests you send to us.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
Usage Data: Features you use, time spent in the app, reading types selected, and interaction patterns.
Log Data: IP address, browser type, access times, pages viewed, and app crashes (via Sentry).
Birth Place and Timezone Data: If you provide a birth place, we use it to resolve timezone and chart-calculation details. Arcana does not require GPS location access for birth chart setup.

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

Understand and save your preferences for future visits.
Compile aggregate data about site traffic and app interaction.
Analyze website performance and user experience.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of the Service may not function properly.

3. How We Use Your Information

We use the information we collect for various purposes, including:

To Provide and Maintain the Service: Generating personalized readings, natal charts, horoscopes, and daily alignments.
To Personalize Your Experience: Tailoring content, recommendations, and readings based on your birth chart and usage patterns.
To Process Transactions: Managing subscriptions, in-app purchases, and credit systems.
To Improve the Service: Analyzing usage trends, fixing bugs, and developing new features.
To Communicate With You: Sending notifications, updates, marketing communications (with your consent), and responding to support requests.
To Ensure Security: Detecting and preventing fraud, abuse, and unauthorized access.
To Comply With Legal Obligations: Responding to lawful requests from public authorities.

4. Photo and Media Handling

Arcana uses your camera and photo library for palm reading, coffee cup reading, and face reading features.

Images you capture or select are transmitted via encrypted connections (SSL/TLS) to Arcana's secure Railway-hosted interpretation proxy.
The proxy forwards the image to our AI model provider only for the reading you requested. Arcana does not persist prompts or photos on the proxy.
Photos are used solely for the purpose of generating your reading and are not retained by Arcana after your reading completes.
We do not use your photos for facial recognition databases, advertising profiling, or any purpose other than the specific reading you requested.
By using these features, you represent that you have the right to submit the photos and that they do not violate any third-party rights.

5. How We Share Your Information

We do not sell, trade, or rent your personal identification information to others. We may share information in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party companies to perform functions on our behalf, such as:

Cloud hosting and database services (Supabase, hosted in the EU for Arcana's production database)
Secure AI request proxy hosting (Railway)
Error monitoring (Sentry, once enabled)
Payment processing (Apple App Store, Google Play)
Push notification delivery

These providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to meet national security or law enforcement requirements.

5.3 Business Transfers

If Arcana is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

6. Data Security

We implement a variety of security measures to maintain the safety of your personal information:

All sensitive information is transmitted via Secure Socket Layer (SSL) technology and encrypted in transit.
Data stored in our production database is protected with industry-standard encryption at rest.
Access to personal information is restricted to authorized personnel who need the information to perform specific job functions.
We regularly review our information collection, storage, and processing practices to guard against unauthorized access.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable laws.

7. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy:

Account Information: Retained until you delete your account or we terminate it in accordance with our Terms of Service.
Reading Photos: Not retained by Arcana after the reading is generated and delivered to you.
Journal Entries: Retained until you choose to delete them or delete your account.
Usage Data and Logs: Retained only as long as needed for analytics, debugging, and security purposes, after which it is anonymized or deleted.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Right to Access: Request a copy of the personal information we hold about you.
Right to Correction: Request that we correct any inaccurate or incomplete information.
Right to Deletion: Request that we delete your personal information, subject to certain legal exceptions.
Right to Portability: Request a copy of your data in a structured, machine-readable format.
Right to Object: Object to our processing of your personal information for direct marketing purposes.
Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time.
Right to Restrict Processing: Request that we limit how we use your information.

To exercise any of these rights, please contact us at privacy@arcanaapp.co. We will respond to your request within 30 days.

9. Children's Privacy

Arcana is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@arcanaapp.co.

Users between 13 and 18 years of age should only use the Service with the involvement and consent of a parent or guardian.

10. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

Arcana uses service providers that may process information in the European Economic Area, the United States, or other jurisdictions where they operate. Where required, we rely on appropriate safeguards for international transfers.

11. Anonymous and Aggregated Data

We may create anonymous, aggregated data records from your personal information by excluding information (such as your name and email) that makes the data personally identifiable. We reserve the right to use anonymous data for any purpose, including:

Product development and improvement
Marketing campaigns and advertising
Statistical and performance evaluations
Annual reports and industry research

Anonymous data may be disclosed to third parties at our sole discretion, but only in a form that does not identify any individual user.

12. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by Arcana. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

We strongly advise you to read the privacy policy of every third-party website or service that you visit.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

You have the right to know what categories of personal information we collect, use, and disclose.
You have the right to request deletion of your personal information.
You have the right to opt out of the "sale" of personal information (we do not sell personal information).
You have the right to non-discrimination for exercising your privacy rights.

To exercise your California privacy rights, contact us at privacy@arcanaapp.co.

14. European Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). Arcana aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.

Our legal basis for collecting and using your personal information depends on the specific context:

Performance of a Contract: Processing necessary to provide the Service you requested.
Consent: Processing based on your explicit consent (e.g., marketing communications).
Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service and ensuring security.
Legal Obligation: Processing necessary to comply with applicable laws.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

For material changes, we will take reasonable steps to notify you, such as through a prominent notice within the app or via email. Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the modified Privacy Policy.

We encourage you to review this Privacy Policy periodically for any changes.

16. Contact Us

If you have any questions about this Privacy Policy, your rights, or our data practices, please contact us:

Email: privacy@arcanaapp.co
Data Protection Officer: dpo@arcanaapp.co
Website: arcanaapp.co