01
What this policy covers
This policy applies when you visit or use Tarotop. It covers personal information that identifies you or can reasonably be linked to you. Tarotop is the service operator; contact us at legal@tarotop.com for privacy questions or requests.
02
Information we process
The information depends on how you use the service.
- Account and profile data, such as email address, sign-in method, nickname, and any profile details you choose to provide.
- Reading and conversation content, including your question, drawn cards, generated interpretation, follow-up messages, journal choices, and feedback.
- Technical and security data, such as device/browser information, IP-derived security signals, authentication state, and activity needed to prevent abuse and keep the service working.
- Payment and subscription records, such as plan, payment status, customer and transaction references. Card numbers are handled by Stripe, not stored by Tarotop.
- Product measurement data, such as feature events and page usage. Our client-side event design excludes the text of questions, messages, answers, emails, and profile fields.
03
Why we use it
We use information to provide the reading and account you ask for; save, show, or share a reading at your direction; process payment and prevent fraud; maintain and improve reliability; and meet legal obligations. Where the law requires consent for a specific activity, we rely on that consent and you may withdraw it using the relevant control or by contacting us.
04
AI, sensitive subjects, and optional memory
Tarotop uses AI-assisted processing to generate readings and follow-ups. A question may reveal sensitive information even if we did not ask for it. Please do not include information you would not want processed to provide the reading. Memory is optional: when enabled, saved conversation context and selected profile preferences may be used to make later readings more connected. Turning memory off purges saved conversation-memory records; journal readings remain under your own journal controls.
05
Sharing and service providers
We do not sell personal information. We disclose only what is reasonably necessary to run the service: authentication, database and hosting providers; payment processor Stripe; AI/API providers that generate requested output; measurement, anti-abuse, and security providers; and authorities where law requires it. Providers must be permitted to process data only for the services they provide to us. A link you create for a reading can be opened by anyone who has that link, so treat it as confidential and revoke it when you no longer want it shared.
06
International processing
Our providers may process information in countries other than yours. Where a cross-border transfer needs a particular legal safeguard, we use the mechanism required by applicable law. For people in mainland China, cross-border personal-information processing is handled only subject to the notices, separate consent, and other safeguards required by applicable law.
07
Retention and security
We keep information for as long as needed for the purpose described here, including to maintain your account, meet legal or accounting duties, resolve disputes, and protect the service. You can delete individual conversations and turn off memory in product settings. We use reasonable technical and organisational safeguards, but no online system can promise absolute security.
08
Your choices and rights
Depending on where you live, you may have rights to know, access, correct, delete, restrict or object to processing, withdraw consent, receive a portable copy, and complain to a data-protection authority. California residents may have rights to know, delete, correct, opt out of sale/sharing, limit certain sensitive-information uses, and non-discrimination. We do not sell or share data for cross-context behavioural advertising. Send a verifiable request to legal@tarotop.com; we may ask for information needed to protect your account and respond as required by law.
09
Children
Tarotop is not designed for children. Do not use the service if you are below the minimum age required where you live. If we learn that we processed a child’s personal information without a valid basis, we will take appropriate steps to delete it.
10
Changes
We may update this policy when the service, providers, or law changes. We will post the updated date here and, for material changes where required, provide additional notice before they take effect.