Privacy Policy
Application: MindTarot
Last updated: March 3, 2026
1. Data Controller
Name: MindTarot
Developed by: PVTDev
Headquarters: Thailand
Contact: pvtdev.app@gmail.com
Distribution:
- iOS (App Store): Chiara Regazzoni, Switzerland
- Android (Google Play): PVTDev, Thailand
2. Data Collected
2.1 Account data
| Data | Purpose | Legal basis |
|---|---|---|
| Account creation and login | Contract performance | |
| Google ID | Google Sign-In | Contract performance |
| Apple ID | Sign in with Apple | Contract performance |
2.2 Profile data (optional)
| Data | Purpose | Legal basis |
|---|---|---|
| Name or pseudonym | Experience personalization | Consent |
| Date of birth | Zodiac sign calculation | Consent |
| Zodiac sign | Interpretation personalization | Consent |
2.3 Usage data
| Data | Purpose | Legal basis |
|---|---|---|
| Tarot draws (cards, intentions, themes) | History and personalized interpretations | Contract performance |
| Personal notes | Reflection journal | Contract performance |
| AI chat messages | Conversation with the assistant | Contract performance |
| Ambiance preferences | Sound configuration storage | Contract performance |
| Notification preferences | Sending relevant notifications | Consent |
2.4 Subscription data
| Data | Purpose | Legal basis |
|---|---|---|
| Subscription status (free/premium) | Access and quota management | Contract performance |
| Usage quotas | Usage limitation per plan | Contract performance |
Note: Financial transactions are managed by Google Play / App Store. We do not have access to your banking information.
3. Use of Artificial Intelligence (Google Gemini)
3.1 Data sent to Google Gemini
When you request an interpretation or use the chat, the following data is sent to Google Gemini:
- Your intention or question
- The cards drawn
- Your context (profile, zodiac sign if provided)
- Recent draw history (for personalization)
- Chat conversation messages
3.2 Processing by Google
Google Gemini processes this data to generate personalized interpretations. This processing is subject to Google's Privacy Policy.
4. Third-Party Services
4.1 Firebase (Google)
We use Firebase for:
- Authentication: user account management
- Firestore: secure data storage
- Cloud Functions: AI interpretation processing
- Cloud Messaging: push notifications
- Crashlytics: anonymized bug reports
Data is stored on Google servers (European Union / United States).
4.2 RevenueCat
RevenueCat manages in-app subscriptions. This service processes your user ID and subscription status.
5. Data Security
- All communications are encrypted (HTTPS/TLS)
- Data access is protected by authentication
- Firestore security rules prevent access to other users' data
- AI service calls are secured via Firebase App Check
- We do not store passwords in plain text
6. Your Rights
In accordance with data protection regulations, you have the right to:
| Right | Description | How to exercise |
|---|---|---|
| Access | Obtain a copy of your data | Settings > Export my data |
| Rectification | Correct your information | Settings > Profile |
| Deletion | Delete your account and all your data | Settings > Delete my account |
| Portability | Receive your data in a readable format | Contact by email |
| Objection | Object to certain processing | Contact by email |
7. Data Retention
- Your data is retained as long as your account is active
- After account deletion, data is erased within 30 days
- Anonymized technical logs may be retained for diagnostic purposes (max 90 days)
- Billing data is retained according to legal obligations
8. What We Do NOT Do
- We do not sell your personal data
- We do not display advertisements
- We do not share your data with third parties for marketing purposes
- We do not collect your location
- We do not access your contacts, photos, or other phone data
- We do not perform automated profiling for decision-making purposes
9. Cookies and Trackers
The MindTarot mobile app does not use cookies. Data is stored locally on your device and in your Firebase account.
10. International Transfers
Your data may be transferred to Google servers (Firebase, Gemini) located in the European Union and the United States. These transfers are governed by the European Commission's standard contractual clauses.
11. Minors
MindTarot is accessible to all ages (rated 3+). For users under 16, we recommend parental consent and supervision.
12. Changes
This policy may be updated. In case of significant changes, you will be notified through the application. The last update date is indicated at the top of this document.
13. Governing Law
This policy is governed by Thai law, without prejudice to rights you may have under your local legislation (notably the GDPR for EU residents).
14. Contact
For any questions regarding your personal data or to exercise your rights:
Email: pvtdev.app@gmail.com
Developer: PVTDev
We commit to responding within 30 days.