Legal
Privacy Policy
Last updated: June 29, 2026
1. Who We Are
Know Thyself Oracle is an AI-powered astrological oracle service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.
Privacy inquiries: privacy@knowthyselforacle.com
2. Information We Collect
Information you provide directly:
| Data | Purpose |
|---|---|
| Full name | Personalizing your oracle reading |
| Date of birth | Astrological chart calculation |
| Time of birth | Precise natal chart positions (optional — defaults to noon if unknown) |
| Place of birth | Geographic chart calculation |
| Email address | Account creation, subscription management, and communication |
| Payment information | Processed by our payment processor; we do not store card numbers |
| Feedback & bug reports | Improving the Oracle — resonance signals and any issue reports you choose to send |
Collected automatically: Usage data (pages visited, session duration), device data (browser type, OS, IP address), and cookies (see Section 6).
Feedback you choose to send.When you mark whether a reading resonated (or did not) and optionally add a short note, we store that signal — together with the reading’s prompt version — in our database to improve the Oracle. If you submit a bug report, the text you write and basic technical context (browser, operating system, device) are sent to our error-monitoring provider (Sentry). Bug reports never capture screenshots, and we do not attach your name or email to them. Notes you write may contain personal information, so please share only what you wish to.
Feedback is a product-improvement signal kept separately from your conversational memory: it is not included in the memory pause, wipe, or export controls, and it is deleted when you delete your account. Readings you make off the record are excluded from memory and do not generate resonance feedback (the conversation itself is still stored, marked as excluded from memory).
3. How We Use Your Information
- Calculate your natal chart and generate AI-powered oracle readings
- Manage your account: authentication, profile storage, subscription status
- Process payments via our payment processor
- Improve the service through aggregate, anonymized analytics
- Send transactional emails (receipts, password resets) and — with your consent — product updates
- Legal compliance, fraud prevention, and Terms of Service enforcement
We do not sell your personal data to third parties. We do not use your birth data or reading history for advertising purposes.
4. Storage and Retention
Your data is stored in a secure PostgreSQL database hosted by Supabase. We retain personal data for as long as your account is active. Upon account deletion:
- Profile and birth data — deleted within 30 days
- Reading history — deleted within 30 days
- Billing records — retained up to 7 years as required by law
5. Third-Party Data Processors
| Processor | Role | Location |
|---|---|---|
| Supabase | Database & authentication | USA (AWS us-east-1) |
| Vercel | Hosting, CDN & web analytics | Global edge |
| OpenRouter | AI gateway — routes your messages to the model provider | USA |
| Anthropic | AI model provider (Claude) for oracle responses | USA |
| PostHog | Product analytics (cookieless) | USA |
| Sentry | Error monitoring & user-submitted bug reports | USA |
| Stripe (planned) | Payment processing | USA |
Each processor is bound by data processing agreements. Your messages to the Oracle are sent through OpenRouter, which routes them to Anthropic’s Claude models; Anthropic does not use API prompts to train its models by default.
6. Cookies
| Cookie type | Purpose | Retention |
|---|---|---|
| Essential | Authentication session, CSRF protection | Session / up to 30 days |
| Functional | Saved preferences and birth profile | Up to 1 year |
| Analytics | None set during the beta — analytics runs cookieless | — |
During the beta, our product analytics run cookieless: we measure aggregate usage without storing analytics cookies or a persistent identifier on your device, so no cookie consent banner is required. If we later introduce cookie-based analytics, we will ask for your consent first and provide controls to opt in or out. Disabling non-essential cookies will not affect core Oracle functionality.
7. Your Rights Under GDPR (EEA / UK)
If you are in the European Economic Area or United Kingdom, you have the following rights under the GDPR and UK GDPR:
- Access — request a copy of your data
- Rectification — correct inaccurate data
- Erasure — request deletion (“right to be forgotten”)
- Restriction — pause processing during a dispute
- Portability — receive your data in JSON/CSV format
- Object — object to processing based on legitimate interests
- Withdraw consent — at any time for consent-based processing
Email privacy@knowthyselforacle.com to exercise these rights. We respond within 30 days. You may also lodge a complaint with your local supervisory authority.
8. Your Rights Under CCPA (California)
California residents have the following rights under the CCPA as amended by the CPRA:
- Right to know — categories and specific pieces of data collected
- Right to delete — request deletion of your personal information
- Right to correct — correct inaccurate personal information
- Right to opt out of sale/sharing — we do NOT sell or share data for behavioral advertising
- Right to limit sensitive data use — birth data used only for chart calculation
- Non-discrimination — exercising your rights will never affect your service
We respond to California requests within 45 days.
9. Children's Privacy
Know Thyself Oracle is not directed at children under 13. We do not knowingly collect personal information from children under 13. Contact us immediately if you believe a child has submitted data and we will delete it promptly.
10. International Transfers
Our services are hosted primarily in the United States. EEA/UK data transfers are covered by Standard Contractual Clauses (SCCs) under our processor agreements.
11. Security
We implement TLS/HTTPS for all data in transit, encrypted storage for sensitive fields, and row-level security (RLS) in our database so users can only access their own data. If you believe your account has been compromised, contact us immediately.
12. Changes to This Policy
If we make material changes, we will notify you by email and post a prominent notice at least 14 days before changes take effect.
13. Contact Us
Know Thyself Oracle — Privacy Team
privacy@knowthyselforacle.com