VeilCastBack to Home

Privacy Policy

Last updated: April 22, 2026

1. Introduction

VeilCast ("we", "our", or "us") operates the VeilCast service — a tarot, astrology, daily ritual and personal grimoire app available on the web and as native iOS / Android applications. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have. By using VeilCast you agree to the practices described here.

2. Information We Collect

2.1. Account Information

When you register we collect your email address and a securely-hashed password. If you sign in via Google or GitHub we receive the email and basic profile name those providers expose. A display name and avatar are optional.

2.2. Profile & Preferences

We store the preferences you set during onboarding and in settings: your chosen archetype, palette, guide voice, interface language, current plan tier, and the timestamp of your disclaimer acknowledgement.

2.3. Astrology & Natal Data (sensitive)

If you choose to use the astrology features we store the birth date, birth time (if you provide it) and birth place you enter. This data is treated as sensitive personal information: it is used only to compute your natal chart and personalize readings, and it is never sold or shared with advertisers.

2.4. Readings, Grimoire & Generated Content

We store the questions you ask, the cards drawn, the AI interpretations returned, and any grimoire / journal entries you write. These are visible only to you (Row Level Security in Supabase) and to our service operators when strictly necessary for support or abuse investigation.

2.5. Technical & Device Data

We collect minimal technical data required to run the service: authentication session tokens, locale preference, onboarding state, and — on native builds, when you grant permission — your APNs or FCM push token so we can deliver daily-card and reminder notifications. We do not embed third-party advertising trackers.

3. How We Use Your Information

  • AI readings: When you cast a reading (tarot, astrology, runes, numerology, I-Ching, dream interpretation, compatibility), we send the question, the relevant context (e.g. drawn cards, your natal chart summary, archetype) and your language to an AI model via OpenRouter to generate the interpretation. Data is sent only when you explicitly trigger a reading.
  • Daily personalization: Your archetype and natal chart are used to personalize the daily card framing and transit highlights. The daily card itself is deterministic by date and globally shared.
  • Billing & subscriptions: If you order a paid plan via the web, we record your selected plan, the chosen manual-payment method and the email / name you provided at checkout so the admin can confirm payment and activate your subscription.
  • Operations & support: We notify the operator via a private Telegram channel about new orders, errors and account-deletion events. These messages are not visible to other users.
  • Push notifications: If you grant permission on a native build, we use your device push token to deliver daily-card reminders and account-related messages. You can revoke this in your device settings at any time.

4. Third-Party Services

We use the following processors to operate VeilCast:

  • Supabase: Authentication, Postgres database and file storage. All user-owned tables are protected by Row Level Security policies that scope access to your own user ID. Supabase Privacy Policy
  • OpenRouter (AI processing): Reading questions, drawn-card context and your natal-chart summary are sent to large-language-model providers via OpenRouter to generate interpretations. Data is sent only when you trigger an AI feature. OpenRouter Privacy Policy
  • Vercel, Resend, Telegram Bot API: Vercel hosts the application; Resend delivers transactional email (e.g. password reset, order confirmation); the Telegram Bot API delivers private operator notifications. None of these providers receive your readings or grimoire content. Vercel Privacy Policy

5. AI-Generated Content

Readings, horoscope text, numerology interpretations and dream notes are produced by large-language-model AI. They are reflective tools, not factual statements or professional advice. VeilCast cannot guarantee accuracy and accepts no liability for decisions taken on the basis of generated content. See our entertainment disclaimer for the full statement.

6. Cookies & Local Storage

We use minimal cookies, browser local storage and (on native builds) the Capacitor Preferences API only for essential functionality: keeping you signed in, remembering your language, and tracking that you have acknowledged the disclaimer. For details see our Cookie Policy.

7. Data Retention

Your account, profile, natal chart, readings, grimoire entries and subscriptions are retained while your account is active. You can delete your account at any time from Profile → Danger Zone; this immediately removes all your personal data via cascade. Aggregated, anonymized statistics may be retained indefinitely. Audit-log entries (e.g. that a deletion occurred) are kept for compliance.

8. Your Rights (GDPR-aligned)

We honour the following rights for every user regardless of location:

  • Right of access: You can view all your profile, natal-chart, readings and grimoire data in the app at any time. On request we will export a machine-readable copy.
  • Right to rectification: You can update your profile, preferences and natal-chart data from the app at any time.
  • Right to erasure: You can permanently delete your account from Profile → Danger Zone. All personal data is removed immediately; auth records are revoked.
  • Right to data portability: On request we will deliver a JSON export of your profile, natal chart, readings and grimoire entries.
  • Right to object: You can opt out of AI processing by simply not using the reading features. No data is sent to OpenRouter unless you explicitly cast a reading.

9. Data Security

We use industry-standard measures: HTTPS / TLS for all data in transit, Supabase Row Level Security for per-user data isolation, password hashing handled by Supabase Auth, JWT-scoped database access, and signed URLs for any stored files. No system is perfectly secure — please use a strong unique password and enable OAuth where possible.

10. Children's Privacy

VeilCast is intended for users aged 17 and older. Tarot, astrology and divination content is presented as reflective entertainment for adults. We do not knowingly collect personal information from anyone under 17. If we learn that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated by posting a notice in the app or on the website. The "Last updated" date at the top of this page reflects the latest revision. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise any of your data rights, please contact us at:

Email: dmitriyroi@symphonyagency.io

Data Controller

Legal form:
Individual entrepreneur (FOP, Ukraine)
Name:
Roi Dmytro Serhiiovych
Jurisdiction:
Ukraine, Mykolaiv
Registry record:
No. 25220000000081551, dated 24.06.2019
Contact for data requests:
dmitriyroi@symphonyagency.io