Tarot by Hand (the “Service”) is operated by Guangzhou Yubao Trading Co., Ltd. We respect your privacy. This policy explains exactly what we collect, why, and what we do not do.
1. The short version
- We collect only what is needed to deliver your reading.
- We do not store your birth data, questions, or generated readings in any database. Readings are generated on-the-fly and streamed back to your browser.
- We do not sell or rent your data to anyone, ever.
- We use no advertising trackers and no third-party analytics pixels.
2. What we collect, and why
2.1 Reading data (what you type into the form)
- For tarot: the question you write (if any).
- For birth chart: your date of birth, time of birth, and place of birth.
- For compatibility: the same information for two people (you and the person you are comparing with).
This data is sent once to our AI model provider (Anthropic and/or DeepSeek) to generate the reading. It is not stored in our database. We have no way to retrieve a past reading for you because we did not save it.
2.2 Payment data (paid readings only)
When you purchase a paid reading, payment is processed by our merchant of record (Paddle.com Market Limited). We never see your card number, CVC, or full billing details. We only receive a confirmation from Paddle that the order was paid (with your email and order ID) so we can send a backup copy of your reading.
2.3 Email address (only if you give it for a paid reading)
We store your email only to send the receipt and a backup copy of your reading. We do not subscribe you to any mailing list. We do not share your email with third parties.
2.4 Server logs
Our hosting provider (Vercel Inc.) keeps standard server access logs (IP address, browser type, page accessed, timestamp) for security and performance for up to 30 days. We do not use these logs for marketing.
3. Cookies
We use only strictly necessarycookies for the site to function (e.g. preserving a draft reading in your browser's localStorage so you can return to it after payment). We do not set advertising cookies. We do not load Google Analytics, Facebook Pixel, or any tracking SDK.
4. Third parties we use
- Vercel Inc. — website hosting. (privacy policy)
- Cloudflare, Inc. — DNS and domain. (privacy policy)
- Anthropic, PBC and/or DeepSeek — AI model providers used to generate readings. (Anthropic privacy)
- Paddle.com Market Limited — merchant of record for paid readings. (privacy policy)
5. Your rights
Depending on your location, you may have rights under GDPR, UK GDPR, CCPA, PIPL or other privacy laws, including the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Object to or restrict certain processing.
- Withdraw consent at any time.
- Lodge a complaint with a supervisory authority.
Because we do not store reading data, requests typically concern only your email address (if you have purchased a paid reading) and our payment processor records. Email us at hello@tarotbyhand.com to exercise any right; we will respond within 30 days.
6. Data retention
- Reading data — not retained.
- Email address — retained as long as needed to provide receipt access and statutory record-keeping (typically 7 years for tax records).
- Server logs — up to 30 days.
7. International transfers
Our hosting (Vercel) and AI providers may process data in the United States and other countries. We rely on standard contractual clauses and the providers' own data-processing terms.
8. Children
The Service is not directed at children under 13 (or under 16 in jurisdictions that require it). We do not knowingly collect data from children.
9. Changes
We may update this policy. The “Last updated” date at the top reflects the current version. Material changes will be flagged on the home page.
10. Contact
For any privacy question or to exercise a right, email hello@tarotbyhand.com.