Back to Home

Privacy Policy

Last Updated: January 15, 2026

1. Introduction

Welcome to FateFlow ("we," "our"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your data. By using FateFlow services, you agree to this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Automatically Collected Information

  • Anonymous User ID: Unique identifier generated through Supabase authentication
  • Device Information: Browser type, operating system, screen resolution
  • Usage Data: Access time, page views, interaction behavior
  • Cookies and Similar Technologies: Used to improve user experience and analytics

2.2 Information You Provide

  • Reading Intent: Questions or consultation content you input
  • Card Selection Data: Tarot cards you select and interaction duration
  • Payment Information: Processed by Paddle, we do not store your credit card information

2.3 Third-Party Services

We use the following third-party services:

  • Supabase: Data storage and authentication (GDPR compliant)
  • DeepSeek AI: Generate tarot readings (encrypted transmission)
  • Paddle: Payment processing (PCI DSS Level 1 certified)
  • Vercel: Website hosting and CDN
  • Google Analytics / Facebook Pixel (optional): Anonymous analytics

3. How We Use Information

We use collected information to:

  • Provide and improve FateFlow services
  • Generate personalized tarot readings
  • Process payments and orders
  • Send service notifications (e.g., payment confirmation)
  • Analyze usage patterns to optimize user experience
  • Detect and prevent fraud
  • Comply with legal obligations

4. Data Storage and Security

4.1 Storage Location

Your data is stored on Supabase (AWS-based) secure servers located in the United States or European Union (depending on your location). All data is encrypted in transit and at rest.

4.2 Retention Period

  • Reading Records: Retained for 2 years or until you request deletion
  • Payment Records: Retained for 7 years (tax compliance)
  • Anonymous Analytics Data: Retained for 26 months

4.3 Security Measures

  • 256-bit SSL/TLS encrypted transmission
  • AES-256 database encryption
  • Row Level Security (RLS) policies
  • Regular security audits
  • Access control and logging

5. Data Sharing

We do not sell, rent, or trade your personal information. We only share data in the following circumstances:

  • Service Providers: Supabase, DeepSeek, Paddle (only for service provision)
  • Legal Requirements: Compliance with court orders or legal processes
  • Business Transfers: In case of merger or acquisition (with advance notice)
  • Your Consent: In other cases with your explicit consent

6. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Ensure website functionality (cannot be disabled)
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Google Analytics, Facebook Pixel (optional)
  • Marketing Cookies: UTM parameter tracking (anonymous)

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

7. Your Rights

Under GDPR (EU) and CCPA (California), you have the following rights:

  • Right to Access: Request to view data we hold about you
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Export your data in structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw your consent at any time

To exercise these rights, contact us at: huaizhi20230821@gmail.com
Support hours: Monday to Friday, 9 AM - 5 PM (UTC)

8. Children's Privacy

FateFlow is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

9. International Data Transfers

Your data may be transferred to servers outside your country/region. We ensure adequate protection through Standard Contractual Clauses (SCC) and other lawful mechanisms in compliance with GDPR Article 46.

10. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing information.

11. Privacy Policy Changes

We may update this Privacy Policy from time to time. Significant changes will be communicated 30 days in advance via email or website notification. Continued use of the service indicates acceptance of the updated policy.

12. Paddle Payment Processing

We use Paddle as our Merchant of Record. This means:

  • Paddle processes all payments and orders
  • Paddle collects and stores your billing information
  • Paddle handles sales tax and VAT compliance
  • Your payment data is protected by Paddle's privacy policy

View Paddle Privacy Policy: paddle.com/legal/privacy

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: huaizhi20230821@gmail.com

Support Hours: Monday to Friday, 9 AM - 5 PM (UTC)

Company Name: FateFlow

Response Time: We will respond to your request within 30 days

14. Supervisory Authority

If you believe we have violated data protection laws, you have the right to lodge a complaint with the data protection authority in your country:

  • European Union: Data protection authority in your country
  • United States (California): California Attorney General's Office

This Privacy Policy complies with GDPR (EU 2016/679), CCPA (California Civil Code §1798.100), and Paddle Merchant of Record requirements.