Privacy Policy
Table of Contents
- Introduction
- Information We Collect
- Purpose of Collection
- Retention Periods
- Third-Party Sharing and Service Providers
- International Data Transfers
- Your Rights
- Children's Privacy
- Security Measures
- AI-Generated Content Notice
- Cookies and Tracking Technologies
- GDPR — Rights of EU Users
- CCPA — Rights of California Residents
- Data Protection Officer
- Changes to This Policy
- Contact Information
1. Introduction
This Privacy Policy explains how Techtainment ("Operator," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use the Zodi mobile application ("Service" or "App").
We are committed to protecting your privacy and complying with applicable data protection laws, including the Korean Personal Information Protection Act ("PIPA"), the General Data Protection Regulation ("GDPR"), and the California Consumer Privacy Act ("CCPA").
By using the Service, you consent to the collection and processing of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Required Information
| Information | Purpose | Collection Method |
|---|---|---|
| Email address | Account identification, login, notifications | Automatically via social login (Google/Apple) |
| Nickname | Display name within the Service | User input during profile setup |
| Date of birth | Zodiac sign calculation, personalized fortune interpretations | User input during profile setup |
| Gender | Personalized fortune interpretations | User input during profile setup |
2.2 Optional Information
| Information | Purpose | Collection Method |
|---|---|---|
| Birth time | Precise fortune readings (saju, astrology) | User input (optional) |
| Birth place | Astrological chart calculation | User input (optional) |
2.3 Automatically Collected Information
| Information | Purpose | Collection Method |
|---|---|---|
| Tarot reading history | Reading history display, service improvement | Automatically during service use |
| Device information (OS type, version, app version) | Error analysis, service optimization | Automatically collected |
| App usage logs (feature usage, session data) | Usage statistics, service improvement | Automatically collected |
| Payment information (transaction ID, amount, date, subscription status) | Payment processing, refund handling, entitlement management | Via App Store / Google Play / RevenueCat |
2.4 Information We Do NOT Collect
- Precise geolocation data
- Contacts or address book data
- Photos, camera, or microphone data
- Biometric data
- Browsing history outside the App
3. Purpose of Collection
We process your personal information for the following purposes only:
3.1 Account Management
- User identification and authentication
- Account creation, maintenance, and deletion
- Prevention of unauthorized or fraudulent use
- Delivery of service-related notices and notifications
3.2 Service Provision
- Tarot card reading services
- AI-powered personalized fortune interpretation generation
- Zodiac sign calculation based on date of birth
- Storage and display of reading history
3.3 Payment Processing
- Processing in-app purchases and subscription payments
- Managing subscription status and entitlements via RevenueCat
- Refund processing
- Payment record keeping as required by law
3.4 Service Improvement
- Analyzing usage patterns and service performance
- Identifying and fixing technical issues
- Developing new features and improving existing ones
3.5 Legal Compliance
- Compliance with applicable laws and regulations
- Responding to lawful requests from public authorities
- Protecting our legal rights and interests
We do not use your personal information for targeted advertising or sell your data to third parties.
4. Retention Periods
4.1 General Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Account information (email, nickname, DOB, gender) | Until account deletion + 30-day grace period | User consent |
| Optional profile data (birth time, birth place) | Until account deletion + 30-day grace period | User consent |
| Tarot reading history | Until account deletion + 30-day grace period | User consent |
| Device information and usage logs | 1 year from collection | Legitimate interest (service improvement) |
4.2 Legally Required Retention (Korean Law)
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Contract or subscription withdrawal records | 5 years | Act on Consumer Protection in Electronic Commerce |
| Payment and digital content delivery records | 5 years | Act on Consumer Protection in Electronic Commerce |
| Consumer complaint and dispute resolution records | 3 years | Act on Consumer Protection in Electronic Commerce |
| Advertising and promotion records | 6 months | Act on Consumer Protection in Electronic Commerce |
| Service access logs | 3 months | Protection of Communications Secrets Act |
4.3 Post-Retention Processing
When the retention period expires, personal information is destroyed without delay. Data that must be retained by law is stored separately from active service data and is accessible only for legal compliance purposes.
5. Third-Party Sharing and Service Providers
5.1 No Sale of Personal Information
We do not sell, rent, or trade your personal information to any third party.
5.2 Service Providers (Data Processors)
We share personal information with the following service providers solely for the purposes described below. These providers process data only on our behalf and under our instructions:
| Service Provider | Purpose | Data Shared | Data Location | Retention |
|---|---|---|---|---|
| Supabase Inc. | Database hosting, user authentication | Account info, reading history | Mumbai, India (AWS ap-south-1) | Until account deletion |
| Google LLC (Gemini API) | Basic AI interpretation generation | Date of birth, gender, zodiac sign, tarot card data | United States | Deleted immediately after processing |
| Anthropic (Claude API) | Detailed AI interpretation generation | Date of birth, gender, zodiac sign, tarot card data | United States | Deleted immediately after processing |
| RevenueCat Inc. | Subscription management, entitlement tracking | Anonymous user ID, purchase receipts, subscription status | United States | Per RevenueCat's privacy policy |
| Apple Inc. | In-app purchases (iOS), Apple Sign-in | Payment info, Apple ID | United States | Per Apple's privacy policy |
| Google LLC (Play Store) | In-app purchases (Android), Google Sign-in | Payment info, Google account | United States | Per Google's privacy policy |
5.3 AI Data Processing Notice
When generating fortune interpretations, the following data is temporarily sent to AI providers:
- Date of birth, gender, zodiac sign
- Selected tarot card information (card name, position, orientation)
5.4 Legal Disclosure
We may disclose your information when required by law, including in response to valid legal process (court orders, subpoenas), to comply with applicable laws and regulations, or to protect the rights, safety, or property of the Operator or others.
6. International Data Transfers
As a globally available service, your personal information may be transferred to and processed in countries other than your country of residence.
6.1 Transfer Details
| Recipient | Destination | Data Transferred | Purpose | Safeguards |
|---|---|---|---|---|
| Supabase Inc. | India (AWS Mumbai, ap-south-1) | Account info, reading history | Database hosting | TLS 1.3, SOC 2 certification |
| Google LLC | United States | DOB, gender, zodiac, tarot data | Gemini AI interpretation | Standard Contractual Clauses, TLS |
| Anthropic | United States | DOB, gender, zodiac, tarot data | Claude AI interpretation | Standard Contractual Clauses, TLS |
| RevenueCat Inc. | United States | Anonymous user ID, purchase data | Subscription management | Standard Contractual Clauses, SOC 2 |
| Apple Inc. | United States | Payment info, Apple ID | In-app purchases | Standard Contractual Clauses |
| Google LLC (Play) | United States | Payment info, Google account | In-app purchases | Standard Contractual Clauses |
6.2 Safeguards for International Transfers
- All data transfers use TLS 1.3 encryption in transit.
- Service providers maintain international security certifications (SOC 2 Type II, ISO 27001).
- For EU Users, transfers to non-EEA countries are protected by Standard Contractual Clauses (SCCs) or adequacy decisions as required by the GDPR.
7. Your Rights
You have the following rights regarding your personal information:
| Right | Description | How to Exercise |
|---|---|---|
| Right of Access | Request a copy of your personal information | In-app Settings or email |
| Right to Rectification | Correct inaccurate personal information | In-app profile editing |
| Right to Erasure | Request deletion of your personal information | Settings > Account > Delete Account |
| Right to Restriction | Request restriction of processing | Email request |
| Right to Withdraw Consent | Withdraw consent for data processing | In-app Settings or email |
| Right to Data Portability | Receive your data in a structured, machine-readable format (JSON/CSV) | Email request |
How to Exercise Your Rights
- In-App: Settings > Privacy & Data
- Email: support@techtainment.io
We may request identity verification before processing your request. Requests will be processed within 10 business days (or within the timeframe required by applicable law, e.g., 30 days under GDPR, 45 days under CCPA).
Limitations
Your rights may be limited where retention is required by applicable law, processing is necessary for the establishment or defense of legal claims, or fulfilling the request would adversely affect the rights and freedoms of others.
8. Children's Privacy
8.1 Age Restriction
Zodi is not intended for children under 14 years of age. We do not knowingly collect personal information from children under 14.
8.2 Discovery of Underage Users
If we discover that we have inadvertently collected personal information from a child under 14, we will immediately delete all such information and terminate the associated account.
8.3 Parental Rights
Parents or legal guardians who believe their child under 14 has provided personal information to us may contact us at support@techtainment.io to request access to, deletion of, or termination of the child's account.
8.4 Regional Variations
- EU/EEA (GDPR): The minimum age may be 16 in some EU member states. We apply the minimum age requirement of the User's country of residence.
- United States (COPPA): We comply with the Children's Online Privacy Protection Act for Users under 13.
9. Security Measures
9.1 Technical Measures
- Encryption in transit: TLS 1.3 for all data transmissions
- Encryption at rest: AES-256 encryption for stored data
- Row Level Security (RLS): Database-level access control ensuring users can only access their own data via Supabase RLS policies
- Access control: Role-based access with principle of least privilege
- Authentication security: OAuth 2.0 via Supabase Auth (Google/Apple), no password storage
9.2 Administrative Measures
- Minimization of personnel with access to personal information
- Regular security reviews and audits
- Incident response procedures for data breaches
9.3 Infrastructure Security
Cloud infrastructure is provided by Supabase (hosted on AWS) with SOC 2 Type II certification, ISO 27001 certification, and physical security controls at AWS data centers.
9.4 Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (as required by GDPR) and will notify affected Users without undue delay.
10. AI-Generated Content Notice
10.1 AI Services Used
All fortune interpretations in Zodi are generated by artificial intelligence:
| Interpretation Type | AI Provider | Description |
|---|---|---|
| Basic Interpretation | Google Gemini | Standard interpretation of tarot card readings |
| Detailed Interpretation | Anthropic Claude | In-depth, personalized analysis and advice |
10.2 Data Sent to AI Providers
To generate personalized interpretations, we send the following data to AI providers via Supabase Edge Functions:
- Date of birth and gender
- Zodiac sign (calculated from date of birth)
- Selected tarot card information (card name, position, upright/reversed)
- Reading type (daily, 3-card) and topic (if applicable)
10.3 AI Data Protection
- AI providers process data only for generating the requested interpretation.
- Data is transmitted via encrypted API calls and is not stored by AI providers after processing.
- Your data is not used for training AI models under the API terms of service of both Google and Anthropic.
10.4 AI Content Disclaimer
- All AI-generated interpretations are labeled as "AI-Generated Content."
- AI interpretations are for entertainment purposes only and do not constitute professional advice.
- Accuracy is not guaranteed. See the Terms of Service for full disclaimers.
11. Cookies and Tracking Technologies
11.1 App-Based Collection
As a native mobile application, Zodi does not use browser cookies. However, we collect:
| Technology | Purpose | Opt-Out |
|---|---|---|
| App usage analytics | Service improvement, crash reporting | Adjustable in app settings |
| Device identifiers | Account association, fraud prevention | Limited by OS settings |
11.2 Third-Party SDKs
| SDK | Purpose | Data Collected |
|---|---|---|
| Supabase | Authentication, database | Account data, usage |
| RevenueCat | Subscription management | Anonymous ID, purchase data |
We do not use advertising tracking SDKs or share data with advertising networks.
12. GDPR — Rights of EU Users
This section applies to Users residing in the European Union (EU) or European Economic Area (EEA).
12.1 Data Controller
Techtainment
Email: support@techtainment.io
12.2 Legal Basis for Processing
| Processing Purpose | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and service provision | Performance of contract | Art. 6(1)(b) |
| Payment processing | Performance of contract | Art. 6(1)(b) |
| Legal record-keeping obligations | Legal obligation | Art. 6(1)(c) |
| Service improvement and analytics | Legitimate interests | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
| AI interpretation generation | Consent / Performance of contract | Art. 6(1)(a) / Art. 6(1)(b) |
12.3 Your GDPR Rights
| Right | Description |
|---|---|
| Right to Data Portability | Receive your data in a structured, commonly used, machine-readable format (JSON or CSV) |
| Right to Object | Object to processing based on legitimate interests |
| Right Not to be Subject to Automated Decision-Making | Zodi does not make automated decisions that produce legal or similarly significant effects. AI interpretations are informational entertainment content only. |
| Right to Lodge a Complaint | File a complaint with your local Data Protection Authority |
12.4 International Transfers from the EU
Personal data transferred outside the EEA is protected by Standard Contractual Clauses (SCCs) approved by the European Commission and technical measures including TLS 1.3 encryption.
12.5 Supervisory Authority
You have the right to lodge a complaint with the data protection supervisory authority in your EU/EEA country of residence.
13. CCPA — Rights of California Residents
This section applies to Users residing in California, United States, under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA").
13.1 Categories of Personal Information Collected (Past 12 Months)
| Category | Collected | Examples |
|---|---|---|
| A. Identifiers | Yes | Email address, nickname, account ID |
| B. Personal information per Cal. Civ. Code 1798.80 | Yes | Date of birth, gender |
| C. Protected classification characteristics | Yes | Gender, age (date of birth) |
| D. Commercial information | Yes | Purchase and subscription records |
| E. Internet or network activity | Yes | App usage logs, feature interaction data |
| F. Geolocation data | No | — |
| G. Sensory data | No | — |
| H. Professional or employment information | No | — |
| I. Education information | No | — |
| J. Inferences | Yes | Zodiac sign derived from date of birth |
| K. Sensitive personal information | No | — |
13.2 Your CCPA Rights
| Right | Description |
|---|---|
| Right to Know | Request disclosure of the categories and specific pieces of personal information we have collected about you |
| Right to Delete | Request deletion of your personal information |
| Right to Correct | Request correction of inaccurate personal information |
| Right to Opt-Out of Sale/Sharing | Opt out of the sale or sharing of your personal information |
| Right to Non-Discrimination | Not be discriminated against for exercising your CCPA rights |
13.3 Sale and Sharing of Personal Information
Zodi does not sell your personal information. We do not share personal information for cross-context behavioral advertising purposes.
13.4 How to Exercise Your Rights
- Email: support@techtainment.io
- In-App: Settings > Privacy & Data
We will verify your identity before processing your request. Requests will be processed within 45 days (may be extended by an additional 45 days with prior notice).
13.5 Authorized Agents
California residents may designate an authorized agent to submit requests on their behalf. Authorized agents must provide written authorization from the consumer and may be required to verify their own identity.
14. Data Protection Officer
| Item | Details |
|---|---|
| Company | Techtainment |
| Role | Data Protection Officer / Privacy Officer |
| support@techtainment.io |
Regulatory Contacts (Republic of Korea)
For privacy-related complaints, Korean Users may also contact:
| Organization | Contact | Website |
|---|---|---|
| Personal Information Infringement Report Center | 118 (no area code) | privacy.kisa.or.kr |
| Personal Information Dispute Mediation Committee | 1833-6972 | kopico.go.kr |
| Supreme Prosecutors' Office Cybercrime Investigation Division | 1301 (no area code) | spo.go.kr |
| National Police Agency Cybercrime Bureau | 182 (no area code) | ecrm.police.go.kr |
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- Minor changes: We will update the "Last Updated" date and post the revised policy within the App.
- Material changes: We will provide at least 30 days advance notice via email and/or in-app notification before the changes take effect.
- Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
16. Contact Information
For any questions, concerns, or requests related to this Privacy Policy or your personal information:
| Channel | Details |
|---|---|
| support@techtainment.io | |
| In-App | Settings > Help & Support |
| Operator | Techtainment |
| Application | Zodi (com.namwookkim.zodi) |
We aim to respond to all inquiries within 10 business days.
This Privacy Policy is effective from March 21, 2026.