Privacy Policy | Veildra

Veildra — Tarot, Horoscope & Saju Readings

All readings are generated computationally and are for entertainment purposes only. They do not constitute professional advice of any kind.

1. Introduction

Welcome to Veildra (“we,” “us,” “our,” or the “Service”). Veildra is an entertainment platform that provides tarot readings, daily horoscope insights, Korean Four Pillars of Destiny (사주, “Saju”) analysis, compatibility readings, and wealth fortune readings.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and related services.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller Information

Data Controller:
YSajang (Sole Proprietorship)
Email: privacy@veildra.com

For payment-related data, Lemon Squeezy LLC acts as the Merchant of Record and is an independent data controller with respect to payment and billing information. See Section 6.2 for details.

3. Information We Collect

3.1 Information You Provide Directly

Account Information (via Google OAuth): Email address, display name, profile picture, and language preference (English or Korean).

Birth and Zodiac Data: Date of birth, zodiac sign. For Saju readings: birth year, month, day, hour, lunar calendar preference, and gender. For compatibility readings: birth information for two individuals.

Reading Queries: Optional questions for tarot readings (limited to 200 characters, sanitized to remove HTML tags).

Communication Data: Content of support messages and your email address.

3.2 Information Collected Automatically

Device and Browser Fingerprint Data: For anonymous trial users, we use FingerprintJS to generate a browser fingerprint. This is immediately converted to a one-way SHA-256 hash on your device before transmission. We never store or transmit the raw fingerprint.

Anonymous Trial Records: Fingerprint hash, IP address, user agent string, generated reading content, and language/locale preference.

Usage Data: Pages visited, features used, reading history, session duration, and interaction patterns.

Log and Security Data: IP address, access timestamps, referring URLs. Our image access logging system records IP addresses and user agent strings for security monitoring.

Cookie Data: Authentication cookies (Supabase Auth). Analytics cookies (GA4) are loaded only after consent. See Section 9.

3.3 Information from Third Parties

Google (OAuth): Name, email, profile picture.

Lemon Squeezy (Merchant of Record): Transaction status, subscription plan, customer ID, order details. We do NOT receive your full payment card information.

3.4 Sensitive Data

We do not intentionally collect sensitive personal data (racial origin, political opinions, religion, health, sexual orientation). Birth data and gender are collected solely for astrology/Saju features.

4. How We Use Your Information

Providing the Service — Performance of contract (GDPR Art. 6(1)(b)): Generating readings; managing your account, subscription, card collection, streak, lucky points, and referral system.

Anonymous Trial Management — Legitimate interest (Art. 6(1)(f)): Using fingerprint hashes to enforce one free trial per service per device.

Payment Processing — Performance of contract (Art. 6(1)(b)): Facilitating transactions through Lemon Squeezy.

Analytics — Consent (Art. 6(1)(a)): Google Analytics 4, loaded only after explicit consent where required.

Advertising — Consent (Art. 6(1)(a)): Google AdSense for free-plan users, per applicable consent requirements.

Security & Fraud Prevention — Legitimate interest (Art. 6(1)(f)): Rate limiting (Upstash Redis), unauthorized access monitoring, image access logging.

Legal Compliance — Legal obligation (Art. 6(1)(c)).

We do not use your data for automated decision-making or profiling that produces legal effects.

5. How Readings Are Generated

Veildra uses OpenAI's API to generate readings. Data sent to OpenAI varies by service type:

· Tarot: Card names, positions, reversed status, optional question

· Horoscope: Zodiac sign

· Saju: Birth year/month/day/hour, lunar preference, gender

· Compatibility: Both individuals' birth information and genders

OpenAI processes data under a Data Processing Agreement (DPA) and does not use API-submitted data to train its models.

7. International Data Transfers

Your data may be transferred to the United States and other countries where our service providers operate. For EEA/UK/Switzerland transfers, we rely on Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs).

Request transfer safeguard details: privacy@veildra.com

8. Data Retention

· Account & birth data: Duration of account + 30 days after deletion

· Reading history: Duration of account (deleted with account)

· Anonymous trials: 12 months, then purged

· Analytics (GA4): 14 months

· Security logs: 90 days

· Rate limiting: 60 seconds to 5 minutes (auto-expiry)

· Payment records: Retained by Lemon Squeezy per tax law (~7 years)

· Gamification data: Duration of account

9. Cookies and Tracking

9.1 Cookies We Use

Strictly necessary (no consent): Supabase auth session cookies, local storage for trial cache.

Analytics (consent required for EU/EEA/UK): Google Analytics 4.

Advertising (consent required for EU/EEA/UK): Google AdSense.

9.2 Cookie Consent

EU/EEA/UK users see a consent banner before non-essential cookies load. GA4 and AdSense scripts activate only after explicit consent. Change preferences via the cookie settings in the site footer.

9.3 Browser Fingerprinting

FingerprintJS creates a SHA-256 hashed device identifier for trial enforcement (legitimate interest). Prevent fingerprinting by using privacy mode or creating an account.

9.4 Do Not Track

We respect DNT browser signals. When enabled, analytics and advertising scripts will not load.

10. Your Privacy Rights

10.1 GDPR (EEA, UK, Switzerland)

Access (Art. 15) · Rectification (Art. 16) · Erasure (Art. 17) · Restrict Processing (Art. 18) · Data Portability (Art. 20) · Object (Art. 21) · Withdraw Consent (Art. 7(3)) · Lodge a Complaint with your local Data Protection Authority.

10.2 CCPA/CPRA (California)

Right to Know · Delete · Correct · Non-Discrimination. We do not sell or share personal information for behavioral advertising.

Categories collected: Identifiers, internet activity, geolocation (approximate), personal characteristics (birth date, gender for astrology only).

10.3 Korean PIPA (개인정보 보호법)

정보 처리에 대한 고지를 받을 권리 · 동의/거부 권리 · 열람/복사 요청 권리 · 정정/삭제 요청 권리 · 처리 정지 요청 권리

개인정보 보호책임자: privacy@veildra.com

10.4 How to Exercise Your Rights

Email: privacy@veildra.com
In-app: Settings → Privacy
Response within 30 days.

Account Deletion: Settings → “Delete my account.” 30-day grace period, then permanent deletion. Backups purged within 90 days.

11. Children's Privacy

Veildra is not intended for children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. Contact privacy@veildra.com if you believe a child has provided us with personal data.

12. Security Measures

TLS/SSL encryption · Row-Level Security (RLS) across all 9 database tables · Content Security Policy (CSP) · Distributed rate limiting (Upstash Redis) · Security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) · HMAC-SHA256 webhook verification · Input sanitization · Need-to-know access controls.

Report vulnerabilities: security@veildra.com

13. Changes to This Policy

Material changes: 14 days advance notice via email or in-app notification. Consent obtained where required by law.

14. Contact Us

Veildra Privacy Team
Email: privacy@veildra.com

This Privacy Policy is a general guide to our data practices and does not constitute legal advice. Professional legal review is recommended.

Veildra — Tarot, Horoscope & Saju Readings

All readings are generated computationally and are for entertainment purposes only. They do not constitute professional advice of any kind.

1. Introduction

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and related services.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller Information

Data Controller:
YSajang (Sole Proprietorship)
Email: privacy@veildra.com

For payment-related data, Lemon Squeezy LLC acts as the Merchant of Record and is an independent data controller with respect to payment and billing information. See Section 6.2 for details.

3. Information We Collect

3.1 Information You Provide Directly

Account Information (via Google OAuth): Email address, display name, profile picture, and language preference (English or Korean).

Reading Queries: Optional questions for tarot readings (limited to 200 characters, sanitized to remove HTML tags).

Communication Data: Content of support messages and your email address.

3.2 Information Collected Automatically

Anonymous Trial Records: Fingerprint hash, IP address, user agent string, generated reading content, and language/locale preference.

Usage Data: Pages visited, features used, reading history, session duration, and interaction patterns.

Log and Security Data: IP address, access timestamps, referring URLs. Our image access logging system records IP addresses and user agent strings for security monitoring.

Cookie Data: Authentication cookies (Supabase Auth). Analytics cookies (GA4) are loaded only after consent. See Section 9.

3.3 Information from Third Parties

Google (OAuth): Name, email, profile picture.

Lemon Squeezy (Merchant of Record): Transaction status, subscription plan, customer ID, order details. We do NOT receive your full payment card information.

3.4 Sensitive Data

4. How We Use Your Information

Providing the Service — Performance of contract (GDPR Art. 6(1)(b)): Generating readings; managing your account, subscription, card collection, streak, lucky points, and referral system.

Anonymous Trial Management — Legitimate interest (Art. 6(1)(f)): Using fingerprint hashes to enforce one free trial per service per device.

Payment Processing — Performance of contract (Art. 6(1)(b)): Facilitating transactions through Lemon Squeezy.

Analytics — Consent (Art. 6(1)(a)): Google Analytics 4, loaded only after explicit consent where required.

Advertising — Consent (Art. 6(1)(a)): Google AdSense for free-plan users, per applicable consent requirements.

Security & Fraud Prevention — Legitimate interest (Art. 6(1)(f)): Rate limiting (Upstash Redis), unauthorized access monitoring, image access logging.

Legal Compliance — Legal obligation (Art. 6(1)(c)).

We do not use your data for automated decision-making or profiling that produces legal effects.

5. How Readings Are Generated

Veildra uses OpenAI's API to generate readings. Data sent to OpenAI varies by service type:

· Tarot: Card names, positions, reversed status, optional question

· Horoscope: Zodiac sign

· Saju: Birth year/month/day/hour, lunar preference, gender

· Compatibility: Both individuals' birth information and genders

OpenAI processes data under a Data Processing Agreement (DPA) and does not use API-submitted data to train its models.

7. International Data Transfers

Request transfer safeguard details: privacy@veildra.com

8. Data Retention

· Account & birth data: Duration of account + 30 days after deletion

· Reading history: Duration of account (deleted with account)

· Anonymous trials: 12 months, then purged

· Analytics (GA4): 14 months

· Security logs: 90 days

· Rate limiting: 60 seconds to 5 minutes (auto-expiry)

· Payment records: Retained by Lemon Squeezy per tax law (~7 years)

· Gamification data: Duration of account

9. Cookies and Tracking

9.1 Cookies We Use

Strictly necessary (no consent): Supabase auth session cookies, local storage for trial cache.

Analytics (consent required for EU/EEA/UK): Google Analytics 4.

Advertising (consent required for EU/EEA/UK): Google AdSense.

9.2 Cookie Consent

EU/EEA/UK users see a consent banner before non-essential cookies load. GA4 and AdSense scripts activate only after explicit consent. Change preferences via the cookie settings in the site footer.

9.3 Browser Fingerprinting

FingerprintJS creates a SHA-256 hashed device identifier for trial enforcement (legitimate interest). Prevent fingerprinting by using privacy mode or creating an account.

9.4 Do Not Track

We respect DNT browser signals. When enabled, analytics and advertising scripts will not load.

10. Your Privacy Rights

10.1 GDPR (EEA, UK, Switzerland)

10.2 CCPA/CPRA (California)

Right to Know · Delete · Correct · Non-Discrimination. We do not sell or share personal information for behavioral advertising.

Categories collected: Identifiers, internet activity, geolocation (approximate), personal characteristics (birth date, gender for astrology only).

10.3 Korean PIPA (개인정보 보호법)

정보 처리에 대한 고지를 받을 권리 · 동의/거부 권리 · 열람/복사 요청 권리 · 정정/삭제 요청 권리 · 처리 정지 요청 권리

개인정보 보호책임자: privacy@veildra.com

10.4 How to Exercise Your Rights

Email: privacy@veildra.com
In-app: Settings → Privacy
Response within 30 days.

Account Deletion: Settings → “Delete my account.” 30-day grace period, then permanent deletion. Backups purged within 90 days.

11. Children's Privacy

12. Security Measures

Report vulnerabilities: security@veildra.com

13. Changes to This Policy

Material changes: 14 days advance notice via email or in-app notification. Consent obtained where required by law.

14. Contact Us

Veildra Privacy Team
Email: privacy@veildra.com

This Privacy Policy is a general guide to our data practices and does not constitute legal advice. Professional legal review is recommended.

1. Introduction

2. Data Controller Information

3. Information We Collect

3.1 Information You Provide Directly

3.2 Information Collected Automatically

3.3 Information from Third Parties

3.4 Sensitive Data

4. How We Use Your Information

5. How Readings Are Generated

6. How We Share Your Information

6.1 Service Providers

6.2 Merchant of Record

7. International Data Transfers

8. Data Retention

9. Cookies and Tracking

9.1 Cookies We Use

9.2 Cookie Consent

9.3 Browser Fingerprinting

9.4 Do Not Track

10. Your Privacy Rights

10.1 GDPR (EEA, UK, Switzerland)

10.2 CCPA/CPRA (California)

10.3 Korean PIPA (개인정보 보호법)

10.4 How to Exercise Your Rights

11. Children's Privacy

12. Security Measures

13. Changes to This Policy

14. Contact Us

VEILDRA

1. Introduction

2. Data Controller Information

3. Information We Collect

3.1 Information You Provide Directly

3.2 Information Collected Automatically

3.3 Information from Third Parties

3.4 Sensitive Data

4. How We Use Your Information

5. How Readings Are Generated

6. How We Share Your Information

6.1 Service Providers

6.2 Merchant of Record

7. International Data Transfers

8. Data Retention

9. Cookies and Tracking

9.1 Cookies We Use

9.2 Cookie Consent

9.3 Browser Fingerprinting

9.4 Do Not Track

10. Your Privacy Rights

10.1 GDPR (EEA, UK, Switzerland)

10.2 CCPA/CPRA (California)

10.3 Korean PIPA (개인정보 보호법)

10.4 How to Exercise Your Rights

11. Children's Privacy

12. Security Measures

13. Changes to This Policy

14. Contact Us