Privacy Policy

1. Who We Are

ReadMyLuck ("we", "us", "our") operates the platform at readmyluck.com. We are the data controller responsible for your personal data collected through this Service.

For privacy inquiries, contact us at: support@readmyluck.com

2. Data We Collect

Account data

• Email address — required to create an account and sign in
• Password — stored as a secure, irreversible hash; we never see your plain-text password
• Account creation date

Birth data (for reading generation)

• Full name — used for personalising the reading text
• Date of birth — day, month, year
• Time of birth — hour and minute (24-hour format)
• Place of birth — city/country (used to contextualise readings; we do not resolve this to GPS coordinates)
• Gender — optional; used only to personalise certain system outputs (e.g. Human Design conditioning patterns)

Reading history

The full text of readings you generate is saved to your account so you can revisit them. This includes the input data and the AI-generated output.

Token and payment records

• Your current token balance and transaction history (tokens added, tokens used)
• Payment order references (for reconciliation and support)
• We do not collect or store payment card details. All payment processing is handled directly by Midtrans. We only receive a transaction reference confirming a successful payment.

Technical data

• IP address (stored with each reading for fraud prevention and rate limiting)
• Basic request logs (timestamps, endpoints accessed)

What we do NOT collect

• We do not use tracking pixels, behavioural analytics, or advertising cookies
• We do not collect social media profiles or third-party identity data
• We do not record audio or video

3. How We Use Your Data

To provide the Service

Your birth data is used solely to calculate your metaphysical chart and generate your AI reading. It is passed to the AI model to produce the reading text and then stored in your reading history.

Account management

Your email and password are used to authenticate you and allow you to access your account and reading history across devices.

Payment processing

Your email address is shared with Midtrans as part of the payment transaction. No other personal data is shared with Midtrans.

Security and fraud prevention

IP addresses and request logs are used to enforce rate limits, detect abuse, and investigate security incidents.

Service communications

We may email you for account-related purposes only (password reset, account notifications). We do not send marketing emails without explicit consent.

AI model processing

Reading generation requires sending your chart data (name, birth details, calculated chart parameters) to our AI model provider, OpenRouter. This data is used solely to generate your reading and is subject to OpenRouter's data processing terms. No data is used to train third-party AI models without consent.

4. Data Storage and Security

Your data is stored in Supabase, a secure cloud database platform with infrastructure hosted in the EU. Supabase applies industry-standard security practices including encryption at rest and in transit (TLS).

Access to your data is restricted to authorised systems using service-role credentials. Your data is never accessible to the public or exposed through unsecured interfaces.

Passwords are hashed using bcrypt and are never stored in readable form. We cannot retrieve your password — only reset it.

Despite our security measures, no internet transmission is 100% secure. We cannot guarantee absolute security of data transmitted to or from the Service.

5. Third-Party Services

We use the following third-party services to operate ReadMyLuck:

Supabase (database & authentication)

Stores your account, birth data, readings, and token balance. Supabase Privacy Policy ↗

OpenRouter (AI model routing)

Routes reading generation requests to AI language models (including Anthropic Claude and Google Gemini). Your chart data is transmitted to OpenRouter to generate readings. OpenRouter Privacy Policy ↗

Midtrans (payment processing)

Handles all payment transactions. Midtrans processes your payment card details directly — we never see them. Midtrans Privacy Policy ↗

We do not sell, rent, or otherwise share your personal data with any third party for marketing, advertising, or commercial purposes.

6. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account data — retained until you delete your account
• Readings and birth data — retained until you delete your account
• Payment records — retained for 5 years for accounting and legal compliance purposes, even after account deletion
• IP address logs — retained for 90 days

7. Your Rights

You have the following rights regarding your personal data:

Right to access

You can view all readings associated with your account at any time through the "My Readings" section of the app.

Right to deletion

You can permanently delete your account and all associated data through Settings → Delete Account in the app. This action is immediate and irreversible. Payment records are retained for legal compliance as noted above.

Right to correction

You can update your password through the Settings section. To update your email address, contact us at support@readmyluck.com.

Right to portability

To request a copy of your data in a structured format, contact us at support@readmyluck.com. We will respond within 30 days.

Right to object

You may object to our processing of your data at any time by contacting us. In most cases, objection will require account deletion as your data is necessary to provide the Service.

8. Children's Privacy

The Service is not intended for users under the age of 17. We do not knowingly collect personal data from children. If you believe a child has registered an account, please contact us and we will promptly delete it.

9. Cookies

ReadMyLuck does not use tracking cookies. We use localStorage in your browser to store your session token (login credential) so you remain signed in across visits. This is a functional necessity, not a tracking mechanism, and does not contain personal data beyond the authentication token.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by updating the "Last updated" date above. Continued use of the Service after changes are posted constitutes acceptance of the revised Policy.

11. Contact

For any privacy-related questions, data requests, or concerns:

Email: support@readmyluck.com

We aim to respond to all privacy enquiries within 5 business days.