Last Updated: May 18th, 2026
This Privacy Policy describes how Tarotdex ("we," "our," or "us") collects, uses, and shares information when you use our digital Tarot reading and card collecting application (the "App"), available on iOS, Android, and the web at tarotdex.fun.
The App is intended for users 18 years of age or older. See "Children's Privacy" below.
Tarot readings and insights in the App are generated by OpenAI LLC ("OpenAI"), a third-party artificial intelligence provider. When you request a reading, the following information is sent to OpenAI's API to generate the response:
Your account identifier and email address are not transmitted to OpenAI. OpenAI retains API request data for up to 30 days for abuse monitoring under its standard API Data Usage Policies and does not use it to train its models. After 30 days, OpenAI deletes the request data unless legally required to retain it.
Before your first AI-generated reading, the App presents a consent modal that names OpenAI and lists the data sent. AI-generated readings are the App's core function; declining the consent modal on first use takes you to the account-deletion flow, and revoking consent later from Settings has the same effect — your account is deleted because the App has no remaining purpose without AI processing.
We engage the following service providers to operate the App. These providers process personal data only on our instructions and under written agreements (where required by law):
We do not sell your personal information to third parties for monetary consideration. We do not share your personal information with third-party advertisers.
We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS) and at rest, access controls, and audit logging. No method of electronic storage is 100% secure.
We retain your personal information for as long as your account is active and as needed to provide our services. When you delete your account, your personal information and account data are deleted from our production systems, except where retention is required by law (e.g., financial records for tax purposes) or to resolve disputes.
OpenAI retains API request data for up to 30 days as described under "AI Data Sharing" above.
Our service providers are primarily located in the United States. If you access the App from outside the United States, your information will be transferred to, stored, and processed in the United States and, where applicable, in other jurisdictions in which our service providers operate. Where required, we rely on the European Commission's Standard Contractual Clauses (or equivalent mechanisms) for international transfers of personal data out of the EEA, UK, and Switzerland.
Regardless of where you reside, you may:
You can delete your account in-app from Settings, or at tarotdex.fun/delete-account. To exercise any other right, contact support@tarotdex.fun. We will respond within 30 days (or 45 days where extended response time is permitted by applicable law).
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
Lawful bases. We process personal data on the following bases: performance of our contract with you (Art. 6(1)(b)); your consent (Art. 6(1)(a) — for AI processing and optional notifications); our legitimate interests in operating, securing, and improving the App (Art. 6(1)(f)); and compliance with legal obligations (Art. 6(1)(c)).
If you are a resident of the following states, you may have additional rights under your state's privacy law: California (CCPA/CPRA), Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA), Maryland (MODPA), Minnesota (MCDPA), Rhode Island (RIDTPPA), Tennessee (TIPA), and Indiana (INCDPA).
Depending on your state of residence, you may have the right to:
California residents may also designate an authorized agent to submit requests on their behalf, and may request information about categories of personal information disclosed for business purposes in the preceding 12 months.
To exercise any of these rights, contact support@tarotdex.fun. We will verify your identity before fulfilling the request (typically by confirming control of the email address on the account). If we deny your request, you may appeal by replying to the denial with the word "Appeal" in the subject line.
The App is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18 without verified parental consent, we will delete that information. If you believe we may have collected information from a child under 18, please contact support@tarotdex.fun.
On the web, we use cookies and similar technologies (including local storage) to keep you signed in, remember preferences, and measure product usage through PostHog. The mobile app uses on-device storage for the same purposes. You can clear cookies and local storage at any time through your browser or device settings.
We do not respond to browser "Do Not Track" signals because no industry consensus exists on their interpretation. We do, however, honor Global Privacy Control (GPC) signals as an opt-out under applicable US state laws.
We may update this Privacy Policy periodically. We will notify you of material changes through the App or via email and update the "Last Updated" date above.
If you have questions about this Privacy Policy or wish to exercise any privacy right, contact us at:
support@tarotdex.fun