Privacy Policy
DharmaChart LLC ("DharmaChart," "we," "us," or "our") is an Oregon single-member limited liability company. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the DharmaChart mobile application and related services (collectively, the "Service").
We take your privacy seriously. This is not a formality. Your spiritual practice data is among the most personal information you possess, and we treat it accordingly.
1. Scope and Applicability
This Privacy Policy applies to all users of the DharmaChart mobile application (iOS and Android), the DharmaChart website, and any associated services.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, do not use the Service.
This Policy is designed to comply with the Oregon Consumer Privacy Act (OCPA), effective July 1, 2024, and incorporates protections consistent with the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.
The Service is intended for users aged 18 and older. See Section 11 for details.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | Description | Encryption |
|---|---|---|
| Email address | Account creation and magic link authentication | Stored in plaintext for authentication |
| Birth data | Date, time, and place of birth for natal chart calculation | Stored in database |
| Journal entries | Personal reflections, mood tags, dream journals, and metadata | Fernet field-level encryption at rest |
| Card reading data | Tarot/oracle card selections, spreads, questions, and AI interpretations | Fernet field-level encryption at rest |
| Card reading photos | Photos of physical tarot/oracle cards uploaded for recognition | Encrypted object storage |
| Companion chat history | Conversations with the AI companion | Fernet field-level encryption at rest |
| Transit intentions | Personal goals and reflections tied to transits | Fernet field-level encryption at rest |
| Community posts | Content voluntarily shared to the community feed (opt-in) | Visible to other users per your settings |
| Voice recordings | Audio input for voice companion | Never stored -- transcribed and discarded |
| Synastry profiles | Birth data for relationship chart comparisons | Fernet field-level encryption at rest |
| Feedback and reports | Bug reports, feature requests, shake-to-report submissions | Stored in issue tracking system |
2.2 Information Collected Automatically
| Data Type | Description | Purpose |
|---|---|---|
| Geolocation | Geographic coordinates when using astrocartography | Astrocartography calculations; collected only with your permission |
| Device information | Device type, OS version, app version | Debugging and service improvement |
| Usage analytics | Feature usage patterns, session duration, error logs | Service reliability and improvement |
| Authentication tokens | JWTs stored locally on your device | Session management |
2.3 Information Derived from Your Data
We generate derived data from the information you provide, including:
- Natal chart calculations (planetary positions, house placements, aspects)
- Transit analyses computed from current planetary positions relative to your natal chart
- Pattern detections identifying correlations between journal entries, mood data, and transits
- AI-generated interpretations produced by our AI companion
- Energy scores and practice suggestions derived from your transit data
2.4 Voice Recording Processing
When you use voice input features, your audio is:
- Captured temporarily in your device's memory
- Transmitted to OpenAI's Whisper API for transcription
- Converted to text
- The audio recording is immediately discarded and is never stored on our servers
Only the resulting text transcription is retained, subject to the same encryption protections as other user-generated content.
3. How We Use Your Information
We use your information exclusively to provide, maintain, and improve the Service. Specific uses include:
- Calculating and displaying your natal chart, transits, and astrological analyses
- Powering the AI companion with relevant personal context
- Generating personalized transit readings, daily briefings, and practice suggestions
- Processing card readings and providing interpretive context
- Storing and encrypting your journal entries for your private use
- Enabling astrocartography features using your location data
- Detecting crisis situations to surface mental health resources
- Sending transactional emails (magic link authentication, password resets)
- Diagnosing technical issues and improving service reliability
- Processing subscription payments
We do NOT use your information for:
- Advertising or ad targeting
- Selling or renting to third parties
- Building marketing profiles
- Training AI models on your personal data
- Any purpose unrelated to delivering the Service to you
4. Data Storage and Security
4.1 Encryption
We employ Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256) at the field level for sensitive data. The following categories are encrypted at rest:
- Journal entries (content, mood tags, themes)
- Card reading interpretations and questions
- Companion chat messages (both user and AI)
- Transit intentions and reflections
- Synastry partner profiles
Fernet encryption means that even in the event of unauthorized database access, encrypted fields are unreadable without the encryption key, which is stored separately from the database.
4.2 Infrastructure
| Component | Provider | Location |
|---|---|---|
| Application backend | Render | United States |
| Database | PostgreSQL (Render) | United States |
| Object storage | Cloudflare R2 | Globally distributed |
| Email delivery | Resend | United States |
4.3 Access Controls
- Database access is restricted to the application service account
- Administrative access requires multi-factor authentication
- Encryption keys are stored as environment variables, separate from the database
- All data transmission uses TLS 1.2 or higher
5. We Do Not Sell Your Data
DharmaChart does not sell, rent, lease, trade, or otherwise transfer your personal information to any third party for monetary or other valuable consideration.
We have never sold personal data. We will never sell personal data.
Under the Oregon Consumer Privacy Act and the California Consumer Privacy Act, you have the right to opt out of the sale of personal information. Because we do not sell personal information, there is no sale to opt out of.
6. Third-Party Service Providers
We share limited data with the following third-party service providers, solely to operate the Service. Each provider receives only the minimum data necessary.
6.1 Anthropic (Claude AI)
Data shared: Assembled context: natal chart data, transits, journal excerpts, card reading history, companion conversation history
Purpose: AI companion, transit interpretations, card reading analysis, journal metadata extraction
6.2 OpenAI
Data shared: Voice audio (Whisper transcription), text content (text-to-speech)
Purpose: Speech-to-text transcription and text-to-speech audio generation
6.3 Mapbox
Data shared: Geographic coordinates (latitude/longitude)
Purpose: Astrocartography map rendering and reverse geocoding
6.4 Resend
Data shared: Email address
Purpose: Transactional emails (magic link authentication, password resets)
6.5 Sentry
Data shared: Error logs, stack traces, device metadata (no personal content)
Purpose: Error monitoring and application stability
6.6 Cloudflare
Data shared: Uploaded files (card reading photos)
Purpose: Object storage (R2) for user-uploaded content
6.7 Apple App Store / Google Play Store
Data shared: Subscription status, purchase receipts
Purpose: In-app purchases and subscription management
7. Data Retention and Deletion
7.1 Retention
We retain your personal data only for as long as your account is active and as necessary to provide the Service.
- Account data: Retained while your account is active
- Journal entries, card readings, companion chat: Retained while your account is active
- Voice recordings: Never retained; transcribed and immediately discarded
- Geolocation data: Used transiently; historical queries are not logged
- Authentication tokens: Expire automatically; refresh tokens rotate on use
7.2 Deletion -- "Delete Means Delete"
When you delete data or your account, we perform permanent, irreversible deletion -- not soft deletion, not archival, not anonymization.
- Deleting a journal entry: Permanently removed. No trash folder. No recovery period.
- Deleting a card reading: Record and associated photos permanently removed.
- Deleting companion chat: All encrypted messages permanently removed.
- Deleting your account: All data permanently and irreversibly deleted from database and object storage.
We do not maintain backups of deleted data. Once you request deletion, the data is gone.
Data shared with third-party providers prior to deletion is subject to those providers' respective data retention policies. We select providers that do not retain API inputs for training purposes.
8. Your Rights Under the Oregon Consumer Privacy Act (OCPA)
If you are an Oregon resident, you have the following rights under the OCPA, effective July 1, 2024:
- Right to Know. You can confirm whether we are processing your personal data and access that data.
- Right to Correction. You can correct inaccuracies directly within the app's Settings.
- Right to Deletion. You can delete individual items or request full account deletion, which permanently removes all data.
- Right to Data Portability. The Service includes a built-in data export feature providing your data in a machine-readable format.
- Right to Opt Out of Sale. We do not sell personal data (see Section 5).
- Right to Opt Out of Profiling. DharmaChart's analyses are for entertainment and self-reflection only and do not produce legal or similarly significant effects.
- Right to Non-Discrimination. We will not discriminate against you for exercising any privacy rights.
How to Exercise Your Rights
You may exercise your rights by:
- Using in-app features (Settings > Delete Account, Settings > Export Data)
- Emailing us at: privacy@dharmachart.com
We will respond to verified requests within 45 days, as required by the OCPA. If we need additional time, we will notify you within the initial 45-day period.
9. Rights for Users in Other Jurisdictions
9.1 California Residents (CCPA/CPRA)
California residents have rights similar to those in Section 8, including the right to know, delete, correct, and opt out of sale. We do not sell personal information.
9.2 EEA, UK, and Switzerland (GDPR/UK GDPR)
- Legal basis: Consent, contractual necessity, and legitimate interest in maintaining security
- Data transfers: Processed in the United States; we rely on Standard Contractual Clauses where required
- Additional rights: You may lodge a complaint with your local supervisory authority
- Contact: privacy@dharmachart.com
9.3 All Users
Regardless of your jurisdiction, we extend the core rights -- access, deletion, portability, and correction -- to all users of the Service.
10. Cookies, Tokens, and Local Storage
DharmaChart does not use tracking cookies, advertising cookies, or third-party analytics cookies.
| Mechanism | Purpose | Duration |
|---|---|---|
| JWT access token | Authentication | Short-lived (expires automatically) |
| JWT refresh token | Session continuity | Longer-lived; rotates on use |
| Capacitor Preferences | Auth state, user settings on mobile | Until user clears app data or deletes account |
| Service Worker cache | Offline functionality for app shell, fonts, map tiles | Until invalidated by app update |
No data stored locally is transmitted to third parties. Local tokens are used exclusively for authenticating with DharmaChart's own backend.
11. Children's Privacy
The Service is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18.
If we learn that we have collected personal information from a user under 18, we will promptly delete that information and terminate the account.
If you believe a person under 18 has provided us with personal information, please contact us at privacy@dharmachart.com.
12. AI Disclaimer
The Service uses artificial intelligence (Anthropic's Claude and OpenAI's models) to generate astrological interpretations, card reading analyses, companion responses, and other content.
All AI-generated content is for entertainment and self-reflection only. It does not constitute:
- Medical or health advice
- Psychological or therapeutic counseling
- Financial or investment advice
- Legal advice
- Professional advice of any kind
If you are experiencing a mental health crisis, please contact the 988 Suicide & Crisis Lifeline (call or text 988) or the Crisis Text Line (text HOME to 741741).
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document
- Notify you via in-app notification or email
- Provide at least 30 days' notice before material changes take effect
Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree, you should discontinue use and delete your account.
14. Contact Us
For privacy rights requests, please include sufficient information for us to verify your identity (the email address associated with your account is typically sufficient).
15. Oregon Consumer Privacy Act -- Additional Disclosures
15.1 Categories of Personal Data Processed
- Identifiers (email address)
- Personal characteristics (birth date, birth time, birth location)
- Geolocation data
- User-generated content (journal entries, card readings, companion conversations, voice transcriptions)
- Internet or electronic network activity (usage analytics, error logs)
- Inferences drawn from the above (natal chart calculations, transit analyses, pattern detections)
15.2 Purposes for Processing
As described in Section 3.
15.3 Categories of Third Parties
As described in Section 6.
15.4 Categories of Data Shared
- AI providers (Anthropic, OpenAI): Assembled context data
- Mapping provider (Mapbox): Geolocation coordinates
- Email provider (Resend): Email addresses
- Error monitoring (Sentry): Technical error data
- Storage (Cloudflare): Uploaded files
15.5 No Profiling with Sensitive Data
We do not process sensitive data (as defined by the OCPA) for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects.