Privacy Policy

Last updated: April 2026

1. Information We Collect

We collect information you voluntarily provide when creating your profile and using the app:

  • Account Data: Email address and authentication identifier (when signing up via email, Apple Sign-In, or Google).
  • Profile Data: Display name, full name, gender, birth date, birth time, birth place, blood type, dominant hand, zodiac sign (auto-derived from birth date), relationship status, areas of focus, and spiritual experience level.
  • Palm Photos: If you use palmistry, photographs of your dominant and non-dominant hands.
  • Voice Audio: If you use voice chat with an oracle, your microphone audio is captured during the session. See Section 4 for details on how it is handled.
  • Reading History: Your conversations with oracles, saved readings, summaries, and reading method history.
  • Saved People (My Circle): If you use this feature, profile data you enter for loved ones — name, relationship, gender, birth date, birth time, birth place, blood type, dominant hand, zodiac sign.
  • Usage Data: Reading method history, voice session minutes, Stardust transactions, daily streaks, and feature usage. Used to power billing, milestones, and statistics.
  • Push Token: If you enable notifications, a device push token is stored to deliver daily digests and oracle alerts.

Most profile fields are optional — share only what you are comfortable with. The more you share, the more personalized your readings become.

2. App Permissions We Request

The app requests the following device permissions, each tied to a specific feature. You may decline any permission and the rest of the app will continue to function:

  • Camera: Capture palm photos for palmistry readings.
  • Photo Library: Select existing palm photos from your device instead of taking new ones.
  • Microphone: Voice chat with oracles in real time.
  • Push Notifications: Deliver your daily cosmic digest, milestone celebrations, and oracle alerts. You can disable notifications at any time in your device settings or in the app's notification preferences.
  • Vibration (Android): Haptic feedback for notifications.

3. How We Use Your Data

Your data powers our oracle engines to deliver personalized readings:

  • Birth details enable astrology, zodiac, and numerology calculations.
  • Palm photos are analyzed for palmistry readings.
  • Blood type data provides personality and compatibility insights.
  • Profile preferences tailor the tone, depth, and language of your readings.
  • Saved People data personalizes readings you request about someone in your life (e.g., a love reading about your partner).
  • Usage data tracks Stardust balance, voice session minutes for billing, milestone progress, and daily streaks.
  • Push token enables delivery of your daily cosmic digest.

We never use your data for advertising. We never sell your personal information to third parties. We do not run any third-party advertising or analytics SDKs (no Google AdMob, Facebook, Mixpanel, Amplitude, PostHog, Sentry, or similar) inside the app.

4. Voice Chat & Audio Handling

When you start a voice chat session with an oracle:

  • Your microphone audio is streamed in real time directly to xAI's Realtime API (Grok voice service). The audio passes through our edge function but is not stored on our servers.
  • We do not save voice recordings, transcripts of your spoken audio, or copies of the oracle's voice replies.
  • We do save the session metadata: session ID, start time, duration in minutes, and Stardust spent (10 Stardust per minute). This is used for billing transparency and your reading history.
  • Voice sessions are subject to xAI's privacy policy for the duration of the connection.

5. Palm Photos & Image Analysis

When you submit a palm photo for a palmistry reading:

  • The photo is uploaded to a private Supabase storage bucket protected by Row-Level Security (only you can access it).
  • The photo is sent to Google Gemini Vision API for AI analysis. Google's processing is governed by their own privacy policy.
  • The reading text generated from the analysis is saved with your reading history; the photo itself remains in your private storage.
  • You may delete palm photos at any time from your profile.

6. Data Storage & Security

Your data is encrypted and stored securely on Supabase cloud servers with industry-standard security practices including:

  • Row-Level Security (RLS) ensuring users can only access their own data.
  • Encrypted data at rest and in transit (HTTPS / TLS).
  • Private storage buckets for sensitive files (palm photos).
  • Public storage only used for shared oracle-generated images (cosmic weather illustrations, daily digest visuals) — these contain no personal information.
  • Secure authentication via Supabase Auth, including support for email, Apple Sign-In, and Google Sign-In.

7. Third-Party Services

We use the following third-party services to power the app. These services process your data according to their own privacy policies, and we share only the minimum data necessary for each to function:

  • xAI (Grok): Text generation for oracle readings and image generation for daily digests. Reading prompts include relevant profile context.
  • xAI Realtime API: Streaming voice chat. Receives microphone audio in real time during voice sessions only.
  • Google Gemini Vision: Palm photo analysis. Receives palm photos when you request a palmistry reading.
  • Supabase: Database, authentication, edge functions, and storage.
  • RevenueCat: Subscription and in-app purchase management. Receives a pseudonymous user identifier and purchase events.
  • Expo Push Service: Delivery of push notifications using device push tokens.
  • Apple Sign-In / Google Sign-In: Optional authentication methods you may choose at signup.
  • Expo / EAS: App build and over-the-air update infrastructure.

8. Daily Digest & Notifications

If you enable notifications, we send a daily cosmic digest containing AI-generated content personalized to your zodiac sign, birth chart, current planetary transits, and (if you have a bonded person) your relationship dynamic. You may also receive notifications for milestones, retrograde alerts, weekly forecasts, gemstone recommendations, and birthdays.

You can disable notifications at any time:

  • In the app, via notification preferences.
  • On your device, via system settings for the app.

9. Your Rights

You have full control over your data:

  • Access & Update: View and edit all your profile data at any time from within the app.
  • Delete: Permanently delete your account and all associated data from Profile → Delete Account, or via our account deletion page.
  • Export: Request a full data export by contacting us at info@spindleandstones.com.
  • Opt Out: Most profile fields are optional. You can remove any data point at any time.

10. Stardust & Purchases

Stardust is a virtual currency with no real-world cash value. Stardust cannot be exchanged, transferred, or refunded except as required by applicable law. Purchases are processed through the Apple App Store or Google Play Store, and their respective refund policies apply. Stardust transaction history is stored on your account for transparency.

11. Subscriptions

Premium subscriptions are billed on a recurring monthly basis through your device's app store and managed via RevenueCat. Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current billing period. You can manage and cancel subscriptions through your device's subscription settings. No refunds are provided for partial billing periods.

12. Children's Privacy & Age Confirmation

Spindle & Stones is not intended for children under the age of 13 (or 16 in jurisdictions where that is the minimum digital-consent age). By creating an account, you confirm that you are at least 13 years old (or the minimum digital-consent age in your country). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Entertainment Disclaimer

All readings, predictions, and guidance provided by the app are for spiritual guidance and entertainment purposes only. They are not a substitute for professional medical, financial, legal, or psychological advice. The app makes no guarantees about the accuracy of any reading. Use the app responsibly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the app. Continued use of the app after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy concerns, data requests, or questions about this policy: