Privacy Policy

1. Data Controller

Mystic Tarot ("we", "our", "the service") is the data controller for personal data collected through this website.

2. Data We Collect

• ✦Name / nickname — to personalize your reading
• ✦Email address — to deliver your reading
• ✦Reading details — topic, question, optional birth info
• ✦Payment data — processed by Stripe; we do not store card details
• ✦IP address — for rate limiting and security (not stored permanently)

3. Purpose & Legal Basis

We process your data to:

• ✦Generate and deliver your tarot reading (contract performance)
• ✦Process payments via Stripe (contract performance)
• ✦Prevent abuse through rate limiting (legitimate interest)
• ✦Verify requests via Cloudflare Turnstile (legitimate interest)

4. Third-Party Services

• ✦Stripe — payment processing
• ✦Resend — email delivery
• ✦Cloudflare — bot protection (Turnstile)

5. Data Retention

Reading data is processed in real-time and not stored in a database. Email delivery records are retained as required by our email provider. Payment records are retained as required by law.

6. Your Rights (GDPR)

You have the right to:

• ✦Access your personal data
• ✦Request correction or deletion
• ✦Object to processing
• ✦Data portability
• ✦Lodge a complaint with a supervisory authority

7. Contact

For privacy-related inquiries, please contact us at the email address provided on the website.