Privacy Policy
Effective date: April 18, 2026
We collect what's needed to draw your BaZi chart and nothing else. We don't sell data. We send the derived chart (not your raw birth info) to Anthropic to power conversation.
1. What we collect
Account identifier. Your email address, via Supabase Auth magic-link sign-in. We use it to identify your account and sync your data across devices. We don't send you marketing email.
Birth data per profile. Date, time, time zone, city, and longitude. You enter these to generate a BaZi chart. This is sensitive data — see §4.
Profile metadata. A name you type for the profile (e.g. "Mom", "Me") and a relation tag (self, partner, parent, child, friend). Used only to label your charts in the app.
Derived chart. The four pillars, day master, ten gods, decade luck pillars, and annual pillars we compute from your birth data. This is what the AI reads — not your raw birth date.
Conversation history. The messages you send and the responses Claude returns. Stored so you can return to a reading across sessions.
Subscription and quota state. Which product you purchased (free tier, monthly plan, yearly plan, query top-up), and how many queries you've used in the current billing window. Managed via RevenueCat.
Aggregate telemetry. Event counts, model latency, token usage, and cache hit rates — none linked to you directly. Before writing to the telemetry table, your user ID is SHA-256 hashed with a server-side secret salt. We cannot reverse the hash back to your identity.
2. What we never collect
- Your location at the time you use the app. We don't track where you are.
- Contacts, photos, calendar, microphone, or any other iOS capability requiring a permission prompt.
- Advertising identifiers (IDFA or equivalent).
- Any data from third-party data brokers or ad networks.
3. How we use your data
To draw your chart. The BaZi calculation runs entirely on-device using only the birth data you entered. No server call is needed.
To store and sync your charts and conversations. So you can pick up where you left off on any device.
To power the AI reading. We send your derived chart (the pillars, ten gods, and luck cycles — not your raw birth date, time, or location) plus your conversation history to Anthropic's Claude API. Claude returns a reading and follow-up questions. Your raw birth data never leaves our servers.
To enforce quotas and subscription entitlements. Every request that calls the LLM goes through a Supabase Edge Function that checks your quota server-side before forwarding anything to Anthropic.
To improve the app. We use the aggregate, de-identified telemetry described in §1 to understand performance and fix problems.
4. Sensitive-category data handling
Birth date, time, and location — especially in combination with a spiritual or astrological framing — may qualify as special-category personal data under GDPR Article 9 (data revealing religious or philosophical beliefs by inference). We treat it accordingly:
- No third-party analytics or advertising platforms receive it.
- It is never written to logs.
- It is encrypted at rest in Supabase Postgres.
- Row-level security policies mean only your authenticated session can read your own rows. Our backend functions access data only through scoped service roles.
- On the iOS app, drafts are kept in the app's private storage container. On the web app at app.reckoned.app, drafts live in browser memory only — not localStorage, not cookies — so a page reload clears any in-progress birth-info draft. Your saved charts and conversation history still sync across devices via Supabase, once you've completed a profile.
5. Third parties
We work with a small, fixed set of sub-processors. No others.
Supabase stores your account, birth data, chart, and conversations in a Postgres database hosted on AWS us-east-1. Auth, storage, and Edge Functions also run on Supabase infrastructure. Privacy policy: supabase.com/privacy.
Anthropic receives your derived chart and conversation on every LLM request. Anthropic's current data-retention policy applies (typically 30 days for abuse monitoring, then deletion — verify at their policy page before relying on this). Privacy policy: anthropic.com/legal/privacy.
RevenueCat handles subscription and purchase state. It receives a hashed user identifier and your entitlement/product information. It does not receive your birth data or conversation history. Privacy policy: revenuecat.com/privacy.
Apple processes in-app purchases through StoreKit. Apple's own privacy policy and App Store terms govern that data.
Google Places (future, off by default). If we enable location autocomplete for city entry, search strings you type would be sent to Google. By default the app uses a bundled offline city list, so no data goes to Google. If we ever enable Google Places, we will update this section and request explicit consent. Privacy policy: policies.google.com/privacy.
We have no relationship with analytics providers, ad networks, or cross-site trackers.
6. Data retention
Your account data — birth profiles, chart data, and conversation history — is retained until you delete your account.
Account deletion is available at Settings → Delete account. This action is irreversible. We overwrite sensitive columns with null values before the row is deleted, to defeat residual storage artifacts. Full deletion completes within 30 days.
Anthropic's copies. Anthropic retains API request data per their own policy (typically 30 days for abuse monitoring). We have no control over this; verify at anthropic.com/legal/privacy.
Aggregate telemetry is retained indefinitely, because it is already de-identified and cannot be linked back to you.
7. Your rights
Access. Every field we store about you is visible within the app — your profiles, charts, and conversation history.
Correction. Edit profile fields at any time in Settings → Profiles.
Deletion. Go to Settings → Delete account to remove everything. The deletion is irreversible and complete.
Export. We'll honor data-export requests within 30 days. Email [email protected] with the subject line "Data export request."
If you are in the EU or UK, you also have the right to lodge a complaint with your local supervisory authority.
8. Children
This app is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a minor has created an account, please contact support and we will delete it promptly.
9. International users
We do not operate in, or support access from, mainland China.
All data is stored on Supabase's AWS us-east-1 (Northern Virginia) infrastructure. If you are in the European Economic Area, your data is transferred to the United States under Supabase's standard contractual clauses; see supabase.com/privacy for their transfer mechanism details.
10. Changes to this policy
If we make a material change — new data collected, new sub-processor, change in retention — we will update the effective date at the top and post a notice in the app for active users. Continuing to use the app after a material change takes effect constitutes acceptance.
11. Contact
Questions about this policy or requests related to your data: