PhantaraPHANTARA

Legal

Privacy Policy

Last updated: April 1, 2026

1. Data Controller

Phantara is a service operated by its owner. For privacy-related inquiries, contact: privacy@phantara.app

2. Data We Collect

We collect the following data when you create an account or use the service:

• Email address and name (authentication).

• Tarot reading history and journal reflections (to personalise your experience).

• Payment data processed by PayPal or Stripe (we do not store card numbers).

• Technical usage data: IP address, browser type, pages visited (for diagnostics and security).

3. Purpose and Legal Basis

We process your data for the following purposes:

• Service delivery (legal basis: contract performance).

• Personalisation of readings via AI (legal basis: legitimate interest / consent).

• Service communications such as plan changes or incidents (legal basis: legitimate interest).

• Compliance with legal obligations.

4. Third-Party Providers

We use the following providers to operate the service:

• Supabase (database and authentication) — EU-based servers.

• Anthropic (AI-generated interpretations) — your reading text is sent to their API.

• PayPal / Stripe (payments) — governed by their own policies.

• Vercel (web hosting).

None of these providers sell your data to third parties.

5. Data Retention

We retain your data while your account is active. If you delete your account, your personal data and readings are removed within 30 days, unless legally required to retain them.

6. Your Rights (GDPR)

If you are a resident of the European Economic Area, you have the right to:

• Access your personal data.

• Rectify inaccurate data.

• Request erasure ("right to be forgotten").

• Object to or restrict processing.

• Data portability.

You can exercise these rights from the user panel ("Delete my data") or by writing to privacy@phantara.app.

7. Cookies

We only use strictly necessary cookies for session management and language preferences. We do not use tracking or advertising cookies.

8. Security

We apply technical and organisational measures to protect your data: TLS encryption in transit, role-based access control, and periodic audits.

9. Changes to This Policy

We will notify you of any material changes by email or via an in-app notice at least 14 days in advance.

10. Contact

For any privacy enquiry: privacy@phantara.app