Skip to main content

Privacy Policy

Effective date: 2025-12-24

1. Overview

DestinyPal ('we', 'us', 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information. We aim to comply with applicable laws including PIPA (Korea), GDPR (EU), CCPA (California), and other relevant regulations.

2. Information We Collect

Account: email, password (hashed), display name, profile image.
Authentication: Social login profile data (Google OAuth) within your consent; OAuth tokens are revoked after login and not retained (or encrypted in transit).
Payment: Transaction IDs and billing info processed by Stripe; we never store full card numbers.
Service Data: Birth date/time/location and inputs you provide for astrology, saju, tarot, and other readings.
Technical: IP, browser/device info, OS, cookies, logs.
Communications: Support tickets, feedback, correspondence.

3. How We Collect Information

Direct: Information you provide during signup, purchase, or service use.
Automatic: Cookies, web beacons, and analytics tools (disabled until consent) track usage patterns and technical data.
Third Parties: Payment processors (Stripe), authentication providers (Google OAuth), analytics/advertising (Google AdSense). AdSense/Analytics are blocked until you consent via our CMP.

4. How We Use Information

Service Delivery: Provide astrology/saju/tarot and other readings.
Account & Billing: Authenticate users, manage subscriptions, process payments.
Communication: Service notices, marketing (with consent), support responses.
Improvement: Analyze usage to enhance features/UX (after analytics consent).
Compliance & Safety: Fraud prevention, legal obligations, Terms enforcement.
Advertising: Personalized ads via Google AdSense (blocked until consent).

5. Data Retention

Account data: retained until deletion or as required by law.
Payments: financial/tax records typically 5 years.
Logs: up to 2 years for security/analysis.
Service data: kept while account is active.
Marketing preferences: until consent is withdrawn.

6. Sharing and Third Parties

We do NOT sell personal information. We share only with service providers:
- Supabase (hosting/backend)
- Stripe (payments, PCI-DSS compliant)
- OpenAI (AI generation)
- Google (OAuth, AdSense)
- Email services (transactional/marketing)
Legal: when required by law/court/government.
Business transfers: in mergers/acquisitions (with notice).
Advertising partners: Google AdSense may use cookies; opt out at https://www.google.com/settings/ads.

7. International Data Transfers

Data may be processed outside your country (e.g., US). We use safeguards such as Standard Contractual Clauses, Data Processing Agreements, and security measures regardless of location.

8. Your Privacy Rights

You may request: access, correction, deletion, restriction, portability (GDPR), objection, and consent withdrawal. Contact: rheeco88@gmail.com.
GDPR: right to complain to an EU supervisory authority.
CCPA: California users may exercise access/deletion/opt-out rights; we do not sell personal info.

9. Cookies and Tracking

Uses: essential (login/security), analytics (after consent), advertising (AdSense after consent), preferences.
Control cookies via browser settings; disabling may limit features.
AdSense/Analytics load only after consent via our CMP; personalized ads can be managed at Google Ads Settings.

10. Data Security

Safeguards: TLS/SSL in transit, encryption at rest (e.g., AES-256 where supported), role-based access, MFA for staff, monitoring, secure cloud, Stripe PCI-DSS Level 1 for payments, periodic security reviews, incident response.
No system is 100% secure; protect your credentials.

11. Children's Privacy

Services are not intended for children under 14 (or 16 in EU/other applicable age). We do not knowingly collect data from children. Contact us to delete any such data.

12. Data Controller and Contact

Data Controller: Paul Rhee (individual)
Email: rheeco88@gmail.com
Response target: within 30 days for privacy inquiries.
EU: right to lodge a complaint with your local authority.
California: CCPA rights may be exercised via the email above.

13. Google AdSense

We use AdSense to show ads. Google may use cookies/IDs to serve and measure ads and prevent fraud. AdSense loads only after consent. Opt out of personalized ads at https://www.google.com/settings/ads. See Google Privacy Policy for details.

14. Changes to this Policy

We may update this Privacy Policy. Material changes take effect after notice (7 days for minor, 30 days for significant). Continued use after the effective date means acceptance.
Last Updated: 2025-12-24

Addendum: 2025-12-24