Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy explains how Sanctuary Oracle ("we", "us", "our") collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection laws.

2. Data We Collect

We collect the following data:

• Account data: email address, hashed password (we never store plaintext passwords)
• Subscription data: subscription plan, billing dates, payment status (processed by Stripe — we do not store card numbers)
• Usage data: reading counts, reading types used, session timestamps
• Reading inputs: birth date/time/location (for astrology), uploaded palm/face images (for palmistry/face reading — processed in real-time, not permanently stored)
• Technical data: browser type, device type, IP address (for security and device limiting)

3. How We Use Your Data

Your data is used to:

• Provide and personalise the Service (readings, charts, interpretations)
• Manage your account and subscription
• Process payments via Stripe
• Send transactional emails (account confirmation, password reset, subscription updates)
• Improve the Service and fix issues
• Comply with legal obligations

AI Disclaimer: AI-generated content may contain inaccuracies. Readings are provided for entertainment and personal reflection only and should not be used as a substitute for professional medical, psychological, financial, or legal advice.

4. Legal Basis for Processing (GDPR Art. 6)

• Contract performance: processing necessary to provide the Service you subscribed to
• Consent: for optional features and communications
• Legitimate interest: for security, fraud prevention, and service improvement

5. Data Sharing

We share data only with:

• Stripe — payment processing (stripe.com/privacy)
• Supabase — database hosting (supabase.com/privacy)
• Anthropic / OpenAI — AI model providers (reading inputs sent for processing; no permanent storage under our data processing agreements)
• Resend — transactional email delivery
• Netlify — hosting
• Railway — server hosting

We do not sell your personal data to third parties. We do not use your data for advertising.

6. Data Retention

• Account data: retained while your account is active, deleted within 30 days of account deletion request
• Reading history: retained for the duration of your subscription
• Payment records: retained as required by Romanian fiscal law (minimum 10 years)
• Uploaded images (palm/face): processed in real-time and not permanently stored on our servers

7. Your Rights (GDPR)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability (receive your data in a structured format)
• Object to processing
• Withdraw consent at any time

To exercise any right, email: contactsanctuaryoracle@gmail.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures including: encrypted connections (HTTPS/TLS), hashed passwords, secure authentication tokens, role-based access controls, and regular security reviews.

9. Cookies & Local Storage

Sanctuary Oracle uses browser local storage for session management and user preferences. We use Google Translate for language translation, which may set its own cookies. We do not use tracking cookies or third-party advertising cookies.

10. International Transfers

Your data may be processed by service providers located outside the EU/EEA (Anthropic — USA, OpenAI — USA, Supabase — USA, Stripe — USA). These transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR.

11. Children

Sanctuary Oracle is not intended for use by persons under 18 years of age. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available at this page. Continued use of the Service after changes constitutes acceptance.

13. Contact & Complaints