Privacy Policy

1. Data we collect

Birth data (sensitive): your birth date, birth time and birth place. We treat this as sensitive personal data under every privacy law that applies to you, and we process it only on the basis of your explicit, informed and freely given consent, which you give when you submit your birth details to generate a chart. It is used only to compute your astrology and 命理 charts (BaZi / Four Pillars, Zi Wei Dou Shu, Western natal charts and related calculations). We do not use it to infer health, religious or political characteristics about you, and you may withdraw your consent and delete this data at any time.

Account data: your email address and authentication identifiers, created when you sign in. Authentication is handled through Better Auth.

Payment data: when you purchase credits or a subscription, payments are processed by our payment provider Creem.io. We do not store your full card numbers; we receive only the transaction status and limited billing metadata needed to fulfil and account for your order.

Usage and analytics data: basic technical data such as your IP address, browser/device type, pages viewed and interactions, used to keep the service secure and to understand and improve how it is used.

2. How we use your data

We use your data to: provide and operate the chart calculations and AI interpretations you request; create and secure your account; process payments and manage your credit balance; respond to support requests; prevent fraud and abuse; comply with legal obligations; and improve our service.

Our legal bases under the GDPR include: performance of our contract with you (to deliver the service you ask for), your consent (for non-essential analytics cookies and for processing your sensitive birth data), our legitimate interests (security, fraud prevention, product improvement), and compliance with legal obligations.

3. Third parties we share data with

We use a small number of processors and service providers to run FateChart, and share only the data each needs: Creem.io (payment processing and billing); Supabase (database hosting where account and chart data are stored, in PostgreSQL); Photon by komoot (geocoding — converting a birth place name into coordinates so we can compute your chart); and OpenRouter (our AI provider, which routes your chart data to large language models that generate the text interpretations of your charts). These providers process data on our behalf under appropriate agreements. We do not sell or share your personal data for advertising or for any third party’s own purposes.

4. International transfers

FateChart is operated online and our processors are located in multiple countries, so your personal data — including your sensitive birth data — may be processed outside your country of residence, including in the United States and other jurisdictions. For example, Supabase hosts data on cloud infrastructure, OpenRouter routes requests to model providers, and Creem.io processes payments, each of which may involve cross-border transfers.

Where the law of your region requires it, we rely on appropriate safeguards for these transfers — such as the European Commission Standard Contractual Clauses, your explicit consent to the transfer, or the equivalent transfer mechanism recognised under PIPA (Korea), the DPDP Act (India), PDPA (Taiwan, Singapore, Malaysia, Thailand), PDPO (Hong Kong), PDPD (Vietnam), UU PDP (Indonesia) or the CCPA/CPRA (United States).

5. Data retention

We keep your account and chart data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except where we must retain certain records (for example, transaction and tax records, which we keep for up to 7 years to meet accounting and legal obligations). Sensitive birth data is deleted promptly when you delete the associated chart or withdraw your consent. Limited security and abuse-prevention logs are kept for a short period (typically up to 90 days) and then deleted.

6. Your rights

Subject to applicable law, you have the right to access the personal data we hold about you, to request its correction or deletion, to obtain a portable copy (export) of your data, to restrict or object to certain processing, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at support@fatechart.me. We will respond within the timeframe required by law.

7. Your regional privacy rights

Depending on where you live, specific data-protection laws apply to you in addition to, or instead of, the general rights described above. We honour the rights granted to you under the law of your region. To exercise any of them, email us at support@fatechart.me.

Korea — PIPA (Personal Information Protection Act): your birth data is "sensitive information" that we process only with your separate, explicit consent. You have the right to be informed of, access, correct, suspend the processing of, and delete your personal information, and to withdraw your consent at any time without detriment to services already provided. You may also raise a dispute with the Personal Information Dispute Mediation Committee or the Personal Information Protection Commission (PIPC).

India — DPDP Act 2023 (Digital Personal Data Protection Act): we process your personal data on the basis of your consent for the stated purpose. You have the right to access a summary of your data, to correction, completion, updating and erasure, to grievance redressal, and to nominate another person to exercise your rights. You may withdraw consent at any time as easily as you gave it. You can contact our Grievance Officer at support@fatechart.me; if unresolved, you may complain to the Data Protection Board of India.

Taiwan — PDPA (個人資料保護法 / Personal Data Protection Act): you may inquire about and review your data, request a copy, request correction or supplementation, and request that we stop collecting, processing or using your data and delete it. Birth data is collected and used only with your consent for the stated purpose.

Hong Kong — PDPO (Personal Data (Privacy) Ordinance): you have the right to make a Data Access Request and a Data Correction Request regarding the personal data we hold about you, which we will handle within the statutory timeframe. You may also complain to the Office of the Privacy Commissioner for Personal Data (PCPD).

Southeast Asia — Singapore PDPA, Malaysia PDPA, Thailand PDPA, Vietnam PDPD (Decree 13/2023/ND-CP) and Indonesia UU PDP (Law No. 27 of 2022): under these laws you generally have rights to be informed, to give and withdraw consent, to access and correct your personal data, and (where the law provides) to request deletion or to object to or restrict processing. We process your sensitive birth data only with your consent and apply additional safeguards required by each of these laws, including for cross-border transfers.

United States — CCPA/CPRA (California) and comparable state laws: you have the right to know what personal information we collect and how it is used and shared, the right to access and delete your personal information, the right to correct inaccurate information, and the right to opt out of the "sale" or "sharing" of personal information and to limit the use of sensitive personal information. We do not sell your personal information and we do not share it for cross-context behavioural advertising. We will not discriminate against you for exercising these rights.

EU/UK — GDPR: if you are in the EEA, the UK or Switzerland, the full set of rights in section 6 above applies, including the right to lodge a complaint with your local supervisory authority.

8. Children

FateChart is not directed to children and we do not knowingly collect their personal data. Because age thresholds differ by region, you must be at least the age required where you live to use the service and to consent to the processing of your sensitive birth data: 18 by default for sensitive data and for India under the DPDP Act; 14 in Korea (and in a mainland-China context); 16 in the EU/EEA (unless your member state has set a lower age, no lower than 13); and 13 in the United States under COPPA. Where a user is below the applicable age, a parent or legal guardian must provide verifiable consent. If you believe a child has provided us data without the required consent, please contact us so we can delete it.

9. Security

We use technical and organisational measures, including encryption in transit and access controls, to protect your data. No method of transmission or storage is completely secure, but we work to protect your information and to address incidents promptly.

10. Changes and contact

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, for material changes, take additional steps where required.

Questions about this policy or your data? Email us at support@fatechart.me.