Privacy Policy

Last updated: April 19, 2026

TarotMeaning.org (“we”, “us”) is a reading and learning platform for tarot, astrology, numerology, and the destiny matrix. This policy explains what we collect, why, and the controls you have over it. We aim to collect as little as possible — and what we do collect is designed to be minimized, aggregated, and hard to re-identify.

What we collect

  • Account data. Email address, password hash (never the plaintext), display name, and the preferences you set (language, deck, reader persona, timezone).
  • Readings & journal entries. The cards drawn, the question you asked, and the interpretation generated for you. These are stored against your account so you can revisit them. Anonymous (logged-out) readings are stored only long enough to show you the result; see “Anonymous readings” below.
  • Birth data (astrology, destiny matrix, numerology). When you enter a birth date/place we use it to generate a chart or matrix. You control whether to save it to your profile.
  • Payment data. Subscriptions and one-off purchases run through Stripe. We never see or store your card number — Stripe does, under their PCI-compliant infrastructure. We receive only a customer ID and subscription status from them.
  • Analytics. With your consent, we record anonymized page views and interactions so we can see which content is useful. Details below.

Analytics — what & why

We run our own analytics on our own servers. We do not send your browsing data to Google Analytics, Meta, or any other third-party tracker. No advertising cookies. No cross-site tracking.

Specifically, when you accept the analytics banner we record:

  • A random session identifier stored in your browser’s sessionStorage(clears when you close the tab).
  • The pages you visit on TarotMeaning, the referrer that brought you (if any), and UTM tags from marketing links.
  • Coarse environment info derived from your browser: device type (mobile / tablet / desktop), browser, OS, language, screen size, timezone.
  • Coarse geography: country, and — for visitors from the US — state and city, taken from the hosting edge’s standard headers. We never call an external geolocation service.
  • A one-way SHA-256 hash of your IP address, salted with a secret that rotates every 24 hours. The raw IP is never written to a database. Once a day rolls over, yesterday’s hashes cannot be linked back to an IP even by us.
  • Feature events such as “reading started”, “search”, “share clicked”, with small metadata like the spread name — never the question text or reading content.

We explicitly do not collect: your precise location, your full IP, behavior from other websites, your question text, your reading content, or anything you enter into a form you don’t submit.

If you have Do Not Track enabled in your browser, we honor it and don’t fire analytics at all.

Optional demographics

In Settings, logged-in users can voluntarily share an age range, gender, and primary interest. This helps us understand who our audience is and tailor the content mix. It’s opt-in — blank by default — and you can edit or clear it any time from the same screen. We only report on it in aggregate (e.g., “X% of users are interested in astrology”), never individually.

Anonymous readings

You can do up to three free readings without creating an account. To rate-limit this fairly (and stop abuse), we store a salted SHA-256 hash of your IP and user agent together with a count. No raw IP or UA is saved. When you sign up, any anonymous readings you completed in that browser are copied into your account automatically, and the hashed record is discarded.

AI providers

Reading interpretations are generated by large-language-model providers (Anthropic, and optionally others). We send them the cards drawn and your question; we do not send your name, email, or any account identifier. Providers have their own data retention policies — we use their zero-data-retention endpoints where available.

Cookies

We use a small number of first-party cookies:

  • Session cookies for authentication (Supabase Auth).
  • Preference cookies for your chosen language and deck.
  • Analytics consent cookie recording whether you accepted or rejected the banner, so we don’t keep asking.
  • Anonymous-reading cookies tracking your free-reading count without requiring an account.

We do not set any third-party advertising or tracking cookies.

Your rights

Logged-in users can, from their Settings page:

  • Export or delete their readings.
  • Edit or clear their optional demographics.
  • Delete their account entirely, which removes all associated data.

You can withdraw analytics consent at any time by clearing site data in your browser — the banner will reappear and default to off. For anything else, email privacy@tarotmeaning.org and we’ll respond within 30 days.

Retention

  • Readings and journal entries: kept as long as your account exists.
  • Analytics sessions & events: up to 365 days, then purged.
  • Anonymous-reading hashes: purged when their 24h window lapses.
  • Account data (email, profile): deleted within 30 days of account closure, except where longer retention is required by law (e.g., payment records).

Children

TarotMeaning is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child has registered, contact us and we will remove the account.

Changes

If we make material changes to this policy, we’ll update the “Last updated” date at the top and — for logged-in users — notify you by email. Continued use of the site after a change means you accept the revised policy.

Contact

Questions, requests, or complaints: privacy@tarotmeaning.org