PRIVACY POLICY & TERMS OF USE

Privacy Policy

This policy explains what information Divined collects, how it is used, and your rights regarding your data.

Information We Collect

When you create an account, we collect:

• Your email address (used to sign in)
• Name and profile photo, if you sign in with Google or Apple

When you use the app, we store:

• Your reading history — the question you asked, the cards drawn (or runes cast, hexagrams built, or photos you chose for photo divination), and the AI-generated interpretation — encrypted at rest with AES-256-GCM. The encryption key lives on our server and is never exposed to the browser or to anyone else who might query the database directly.
• Your seeker profile (journal entries about intentions, what's weighing on you, and gratitude), encrypted at rest with AES-256-GCM under the same server-only key
• Your credit balance and purchase history
• Your daily reading streak (current streak, longest streak, and date of last reading) to calculate streak rewards
• Your app settings (theme, card size, preferences)
• Your device-detected IANA timezone (e.g. America/New_York) — read from your browser and saved so the optional re-engagement emails described below can be sent at a sensible local hour (10am or 6pm in your timezone). We do not use this for any other purpose.

We do not collect precise or approximate location data, contacts, or device identifiers. We also do not ask you for sensitive personal information such as your date of birth, religion, ethnicity, sexual orientation, or political views. If you choose to type any sensitive content into your journal entries or reading questions, that content is encrypted at rest as described above.

How We Use Your Information

• To authenticate your account and keep you signed in
• To save and display your reading history
• To manage your credit balance
• To sync your settings across devices
• To handle transactional emails: your sign-in magic link is delivered by Supabase (our authentication provider); purchase receipts are sent directly by Stripe for web purchases, or by Apple or Google for in-app purchases — we do not issue our own receipts. We separately send a brief account-restriction notice in the rare case that a refund pattern triggers our refund-abuse safeguard.
• To send occasional re-engagement emails when you opt in (such as a streak-at-risk reminder, or a gentle check-in after a few days away). You can opt out at any time from Settings, or via the one-click unsubscribe link in every email.

We do not sell your data, use it for advertising, or share it with third parties except as described below.

Usage & Analytics Data

To understand how the app is used and to improve it, we record a small set of product-analytics events. These events stay on our own infrastructure (Supabase) — we do not use third-party analytics providers.

What we record:

• App-level actions, such as opening the app, accepting the disclaimer, selecting a mode (tarot, runes, or I Ching), submitting or skipping a question, starting and finishing a reading, opening or closing modals, and signing in
• Aggregate engagement signals about each reading: how long the reading screen was open, how long it was actually visible (rather than backgrounded), how far the reading was scrolled, and whether the AI stream completed
• The category of question length (short / medium / long) — never the question text itself
• Whether you've filled in each field of your seeker profile (true/false flags only) — never the contents
• Tutorial progress, including which step you skipped at if you skipped early
• A randomly generated session identifier so we can correlate events within a single visit, plus your account ID once you are signed in

What we do not record in analytics:

• The text of any question you ask
• The text of any reading the AI generates
• The contents of your seeker profile (intentions, burdens, gratitude)
• Which specific cards, runes, or hexagrams were drawn
• Your IP address, device identifiers, or location

Analytics events are retained for 90 days and then automatically deleted. They are not sold, shared, or used for advertising.

Your choice. Shortly after you’ve started using Divined while signed in, we’ll ask whether you want to share usage data — answer “no” and we’ll stop collecting analytics for your account. You can change your mind at any time from Settings → Analytics using the “Help improve Divined by sharing usage data” toggle. If you delete your account from Settings → Delete Account, any past analytics events tied to your account are automatically disassociated from your identity at the same time, and the rows themselves age out within 90 days under the retention policy above.

Crash Reports & Diagnostics

When the app encounters an unexpected error, we send a technical crash report to our error-monitoring provider so we can fix the bug. Reports include the error message, the file and line of code where it happened, and your account identifier so we can follow up if needed. We do not configure crash reporting to capture the text of your questions, the AI-generated reading, your seeker profile, photos you uploaded for photo divination, or any payment information — crash reporting is used only to diagnose bugs, never for analytics or marketing. Reports follow our error-monitoring provider's retention policy and are not shared with anyone else.

Third-Party Services

Divined uses the following third-party services to operate. We share only the information necessary for each service's role, and never sell your data.

• Supabase — stores your account, readings, seeker profile, settings, and product-analytics events. Data is hosted on secure cloud infrastructure.
• Render — hosts the Express server that powers Divined. Render's infrastructure handles HTTP traffic between your device and our server; their access logs include IP addresses, request paths, and timestamps under Render's own retention policy. Render does not store our application data — that lives in Supabase, encrypted at rest as described above.
• Stripe — processes credit purchases made on the web. Card details are entered directly into Stripe's hosted checkout; we never see or store your full payment card information. Stripe's privacy policy applies to payment data.
• Apple / Google in-app billing — processes credit purchases made inside the iOS and Android apps. Apple and Google handle payment details directly under their own privacy policies; we receive only the completed-purchase event.
• RevenueCat — coordinates in-app purchases on iOS and Android between Apple's / Google's billing systems and our server. RevenueCat receives a randomly-generated account identifier and the purchase events tied to it; it never receives your email, your readings, or your seeker profile.
• Anthropic (Claude AI) — generates your readings across tarot, runes, I Ching, and photo divination. To produce a reading we send Anthropic your question, the cards or runes you drew (or the hexagram you built, or the photo you provided for photo divination), and any seeker-profile context you've chosen to include. We use Anthropic under its commercial API terms; see “How AI Providers Handle Your Reading Content” below for what that means for your data.
• AWS Bedrock — used as an automatic fallback when Anthropic's API is temporarily unavailable, so your reading still completes. The same reading content is sent through AWS Bedrock instead, using the same Claude model. See “How AI Providers Handle Your Reading Content” below for how AWS treats that content.
• Sentry — receives the crash reports and diagnostic data described in the "Crash Reports & Diagnostics" section above. Sentry's privacy policy applies.
• Resend — sends transactional emails (sign-in links, purchase receipts) and, when you opt in, re-engagement emails. Resend receives your email address and the message contents.
• Apple / Google sign-in — if you choose to sign in with Apple or Google, their respective privacy policies govern how they handle your authentication. We receive your email address from the provider, and (depending on the provider) your name and a URL pointing to your account's profile picture. The profile-picture image itself stays hosted on Google's or Apple's servers — we never fetch, store, or display the image. The name is stored on your account and may appear in the Settings "signed in as" line as a fallback when no email is available; we do not share or use it for marketing.

How AI Providers Handle Your Reading Content

Because your readings can touch on personal and sensitive matters, we want to be clear about how the AI providers that generate them treat that content. Divined uses Anthropic's Claude models under commercial terms — either directly through the Anthropic API or, as an automatic fallback, through Amazon Web Services (AWS) Bedrock. These commercial terms are stricter than the consumer terms that apply to Anthropic's own public chat products:

• Your content is not used to train AI models. Under both Anthropic's commercial API terms and AWS Bedrock, the question, cards, runes, hexagram, photo, and any seeker-profile context we send to generate a reading are not used to train or improve any AI model.
• It is retained only briefly, if at all. Anthropic retains commercial API content only for a short period for trust-and-safety screening, after which it is deleted. AWS Bedrock does not store or log the content of your requests.
• It is not shared further. Neither provider sells your content, uses it for advertising, or distributes it to other third parties. When a reading is routed through AWS Bedrock, the request stays within AWS's infrastructure and is not exposed to Anthropic.
• No person reads it by default. Provider abuse-screening is automated; your reading content is not routinely reviewed by a human being.

Separately, the copy of your reading that we keep for your history is encrypted at rest as described above. We do not retain a plaintext copy of your question outside of that encrypted record.

Data Retention & Deletion

Your data is retained for as long as your account is active. You can permanently delete your account and all associated data at any time from within the app via Settings → Delete Account. Deletion is immediate and irreversible.

Children's Privacy

Divined is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

Questions about privacy or your data? Email us at hello@divined.app.

Terms of Use

By using Divined, you agree to these terms. If you do not agree, please do not use the app.

The Service

Divined provides interactive tarot, runes, I Ching, and photo divination experiences with AI-generated interpretations. Readings are generated by artificial intelligence and are intended for personal reflection and self-inquiry only. See the note at the top of this page.

Your Account

You are responsible for maintaining the security of your account. You must provide a valid email address to create an account. You may not create accounts for others or use the app for commercial resale.

Credits & Purchases

• Credits are required to receive AI-generated readings. One credit is used per reading.
• Credits are purchased through Stripe (on the web) or through Apple or Google's in-app purchase systems (on iOS and Android). Any reading we have already generated has consumed its credit, and that credit cannot be returned to you regardless of whether you obtain a refund from us, Apple, or Google.
• If Apple or Google grants you a refund on a credit pack, your remaining unspent balance will be reduced by up to the refunded pack's credit value, with the balance floored at zero. Credits already spent on completed readings remain consumed and the corresponding readings remain in your reading history.
• Credits can also be earned free through the daily streak reward program. A daily streak is defined as completing at least one AI-generated reading (spending one credit) on each consecutive calendar day, where a new day begins at 3:00 AM local time. Completing readings on 7 consecutive days earns 2 bonus credits; completing readings on 30 consecutive days earns 7 bonus credits. Rewards repeat at each subsequent 7- and 30-day milestone. Missing a day resets the streak to zero. Streak rewards are calculated and awarded automatically at the time of the qualifying reading.
• Streak rewards are awarded automatically, have no cash value, and are not transferable.
• Unused credits do not expire.
• We reserve the right to adjust credit pricing or streak reward amounts at any time. Existing purchased credits are unaffected by price changes.
• Requesting a refund from Apple or Google for credits that have been partially or fully consumed may result in your account being restricted from future credit purchases and from free-credit grants. Restricted accounts retain access to any remaining unspent credits but cannot acquire new credits through any path (purchases, daily streak rewards, free welcome grant). To dispute a restriction, contact support@divined.app.

Acceptable Use

You agree not to:

• Attempt to reverse-engineer, scrape, or abuse the API
• Use the app for any unlawful purpose
• Attempt to circumvent the credit system
• Harass, impersonate, or harm other users

Acceptable Use of Photo Uploads

Photo divination lets you upload or take a photo of your own divinatory materials — such as a tarot spread, cast runes, an oracle deck, or tea leaves — to receive a reading. When you use this feature, you agree not to upload any image that is illegal, abusive, harassing, sexually explicit, or otherwise objectionable. We may refuse to process, and may remove, any uploaded photo that violates this term.

A photo you upload is sent to our AI provider to generate your reading, and is then stored encrypted at rest alongside your reading history, under the same server-only key described in the Privacy Policy above. You can delete a saved reading, and the photo stored with it, at any time, or remove all of your data by deleting your account.

Intellectual Property

The Divined app, logo, design, and original content are the property of Electric Telepathy LLC. All rights reserved.

Tarot card artwork is from the Rider-Waite-Smith deck (1909) and is in the public domain.

AI-generated reading text is produced on your behalf and is yours to keep and share.

Disclaimer of Warranties

Divined is provided "as is" without warranties of any kind. We do not guarantee uninterrupted service, accuracy of readings, or any particular outcome. Use the app at your own discretion.

Limitation of Liability

Electric Telepathy LLC shall not be liable for any indirect, incidental, or consequential damages arising from your use of the app, including but not limited to decisions made based on tarot readings.

Governing Law

These terms are governed by the laws of the State of Ohio, without regard to conflict of law principles.

Contact

Questions about these terms? Email hello@divined.app.