Privacy Policy

Effective Date: May 12, 2026 · Last Updated: May 12, 2026

Tarotdoxa LLC ("Tarotdoxa," "we," "us," or "our") operates the Tarotdoxa mobile application (the "Service"). This Privacy Policy describes our practices regarding the collection, use, and disclosure of information when you use our Service.

We have deliberately designed Tarotdoxa to collect as little personal information as possible. The short version: we do not require you to create an account, we do not collect or sell your personal data, your readings stay on your device, and we do not retain transcripts of what you ask the cards.

---

1. Who We Are

Tarotdoxa LLC is an Oregon limited liability company. You can reach us at:

• Email: privacy@tarotdoxa.com
• Address: 273 NW 182nd Ave, Beaverton, OR 97006

2. Information We Do Not Collect

To be explicit about what Tarotdoxa does NOT do:

• We do not require an account, email, name, phone number, or date of birth to use the Service.
• We do not collect or store the text of questions you ask the cards.
• We do not retain transcripts of generated readings on our servers.
• We do not sell, rent, or trade your personal information to third parties.
• We do not use your data to train AI models on individual users.
• We do not track you across other apps or websites.
• We do not use third-party advertising networks.

3. Information We Do Process

Information You Provide

If you choose to contact us, we receive the information you send and use it only to respond to you.

Information Apple Processes for In-App Purchases

If you purchase a subscription or content, the transaction is processed entirely by Apple through the App Store. We receive only aggregate, anonymized purchase data from Apple. We do not see your payment information, billing address, or Apple ID. Apple's privacy practices are at apple.com/legal/privacy/.

Information Generated During Your Reading

When you draw cards, the cards drawn, your selected spread, and any optional context you provide (such as a topic) are sent to our reading engine to generate your reading. We do not retain this information after the reading is delivered. The reading is stored locally on your device under your control.

Anonymous Analytics

We use Apple's built-in analytics (which require your opt-in via iOS settings) to understand aggregate usage patterns. These analytics are anonymized by Apple and never tied to your identity.

Technical Information

When the app communicates with our reading engine, our servers automatically receive standard technical information (such as IP address and a timestamp). We use this only to operate and secure the Service. We delete server logs after 30 days.

4. How We Use Information

• Deliver the reading you requested
• Maintain and improve the Service (aggregate usage patterns only)
• Respond to your inquiries
• Comply with legal obligations
• Detect and prevent fraud or abuse

5. How We Train Our Reading Engine

Tarotdoxa's voice and reading patterns were developed by Holly Cole, co-founder of Tarotdoxa LLC, drawing on over two decades of her own tarot practice. We trained our reading engine using Holly's teaching materials, her voice characteristics, and readings between Holly and family members who provided explicit written consent for AI training use.

We have never used your reading as training data. We will never use your reading as training data without your explicit, separate, written consent.

Source materials used in training were destroyed once their pattern value was extracted. The model encodes patterns, not individual readings.

6. Sharing Information

We do not sell, rent, or trade personal information. We share information only in these limited circumstances:

• Apple, for App Store transactions
• Our reading engine infrastructure (Cloudflare Workers, Anthropic Claude API) processes the cards drawn and your optional context to generate your reading. These providers operate under their own privacy policies and do not retain your reading content beyond what is required to deliver it.
• Legal requirements, only if compelled by valid legal process. We will challenge requests we believe overreach.
• A successor in interest, if Tarotdoxa LLC is acquired or merged. Your information transfers subject to this Privacy Policy.

7. Your Rights

Regardless of where you live, you have the right to:

• Access: ask what personal information, if any, we hold about you
• Correct: ask us to correct inaccurate information
• Delete: ask us to delete personal information we hold
• Withdraw consent: withdraw any consent you previously provided
• Opt out of analytics: disable analytics in iOS settings at any time

To exercise any of these rights, email privacy@tarotdoxa.com. We respond within 30 days. Because we collect almost no personal information, in most cases the answer will be "we do not have records that identify you."

Additional rights for residents of California (CCPA/CPRA), Colorado, Virginia, Connecticut, Texas, and other US states with privacy laws

You have the same rights described above. You may designate an authorized agent to make requests on your behalf. We do not "sell" personal information and we do not engage in "sharing" for cross-context behavioral advertising under any applicable state law.

Additional rights for residents of the EEA, United Kingdom, Switzerland, and GDPR-equivalent jurisdictions

You have the same rights described above, plus the right to data portability, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority. Our lawful basis for processing the minimal information we do receive is performance of the contract and our legitimate interest in operating and securing the Service.

8. Children

Tarotdoxa is intended for users aged 17 and older. We do not knowingly collect personal information from anyone under 13 (or under 16 in the EEA/UK). If you believe a child has provided us information, please email privacy@tarotdoxa.com and we will delete it.

9. Security

We use industry-standard technical and organizational measures to protect the limited information we process. No system is perfectly secure, but our approach is data minimization first: we cannot lose what we never collected.

10. Data Retention

• Reading content: not retained after delivery (real-time only)
• Server logs: deleted after 30 days
• Analytics: retained in anonymized form per Apple's policies
• Support correspondence: retained for up to 3 years
• Records of consent: retained for the life of the Service plus 7 years

11. International Users

Tarotdoxa is operated from the United States. If you access the Service from outside the United States, you understand that your interactions with the Service may be processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in the app and via the Effective Date above. Your continued use of the Service after any change constitutes acceptance.

13. Contact

• Email: privacy@tarotdoxa.com
• Mail: Tarotdoxa LLC, 273 NW 182nd Ave, Beaverton, OR 97006

We are the data controller for purposes of GDPR. Our designated Privacy Contact is Russell Gardner.