Privacy Policy
Last Updated: 2026-03-22
Last Updated: Mar 22, 2026
1. Information We Collect
Information You Provide
- Account Information: Email, nickname, profile photo (optional)
- Birth Information: Birth date, time, and place for fortune services
- Service Usage Records: Reading history, analysis results, saved results
- Payment Information: Purchase history (payment info handled by payment processor)
Automatically Collected Information
- Device Information: Device model, operating system version, app version
- Network Information: IP address, access logs, connection timestamps
- Usage Patterns: Service usage frequency, feature access records, session duration
- Device Identifiers: Push notification tokens (Firebase Cloud Messaging)
2. How We Collect Information
We collect personal information through the following methods:
- Direct Collection: Information provided during registration, profile setup, and service use (e.g., birth date entry for fortune analysis)
- Automatic Collection: Device information, access logs, and usage records collected automatically during service use
- Third-Party Collection: Information received through Apple ID or Google social login authentication
Required vs. Optional Information
| Type | Information | Purpose |
|---|
| Required | Email, birth date | Account creation, core service provision |
| Optional | Nickname, profile photo, birth time, birth place | Personalization, enhanced analysis accuracy |
Members may decline to provide optional information; however, some service features that rely on that information may be limited.
3. How We Use Information
- Service Provision: Personalized fortune analysis and results
- Service Improvement: Improving service quality through usage pattern analysis
- Customer Support: Responding to inquiries and resolving issues
- Fraud Prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activity
- Statistical Analysis: Aggregated and anonymized data analysis for service development and research
- Legal Obligations: Compliance with applicable laws, regulations, and legal proceedings
4. Information Sharing
Member personal information is not shared with third parties except:
- With explicit member consent
- When required for legal compliance
- When using external services essential for service provision
SOULCARD does not sell or share your personal information with third parties for advertising or cross-context behavioral advertising purposes.
For specific third-party recipients and data transfers, please refer to the "Third-Party Data Sharing," "Data Processing Delegation," and "International Data Transfers" sections below.
5. Third-Party Data Sharing
SOULCARD shares personal information with the following third parties for service provision:
- Supabase (USA): User authentication, profile and service data storage
- Firebase/Google (USA): Push notifications, app analytics
- Fortune API Server (South Korea): Fortune analysis processing (birth date, time, and place transmitted)
- Apple/Google: In-app purchase processing
Each recipient receives only the minimum information necessary for service provision and manages data in accordance with their respective privacy policies.
6. Data Processing Delegation
SOULCARD delegates processing of personal information to the following service providers:
| Service Provider | Delegated Tasks | Information Processed |
|---|
| Supabase (USA) | Cloud database hosting, user authentication | Account information, service data |
| Google/Firebase (USA) | Push notification delivery, app analytics | Device tokens, usage statistics |
| Apple (USA) | In-app purchase processing | Purchase transaction data |
| Google Play (USA) | In-app purchase processing | Purchase transaction data |
Each delegated processor is contractually bound to process personal information only for the specified purposes and to implement appropriate security measures.
7. International Data Transfers
Your personal information may be transferred to the following countries for service provision:
- United States: Supabase (database), Firebase (notifications/analytics)
- South Korea: Fortune API (fortune analysis server)
Information transferred: Account information, birth date information, service usage records
Purpose of transfer: Service operation and provision
Protective measures: SSL/TLS encryption, access control management, data processing agreements
8. Data Retention
- Account Information: Retained 30 days after account deletion, then permanently destroyed
- Service Usage Records: Retained per member settings (default 1 year)
- Payment Records: Retained 5 years per legal requirements
- Access Logs: Retained 3 months per applicable telecommunications regulations
Upon expiration of the retention period, personal information is permanently destroyed within 5 business days. Information that must be retained under applicable law is stored separately and securely until the legal retention period expires.
9. Your Rights
- Access: Request access to collected personal information
- Correction: Request correction of inaccurate information
- Deletion: Request deletion (except legal retention requirements)
- Portability: Request download of personal information
- Consent Withdrawal: Withdraw consent for collection and use of personal information at any time
How to Exercise Your Rights
- In-App: Settings > Privacy Management for direct access to data management options
- Email: Submit requests to privacy@soulcard.app; requests will be processed within 30 days
- Consent Withdrawal: Specific consent items (e.g., marketing, optional data collection) can be withdrawn individually through in-app settings or by email request
- Legal Representative: Rights may be exercised through an authorized legal representative with proper verification documentation
The company will not impose any disadvantage on members who exercise their rights. If a request cannot be fulfilled (e.g., legal retention requirements), the reason will be communicated in writing.
10. Children's Privacy
SOULCARD does not knowingly collect personal information from children under 14 years of age (or the minimum age for digital services as required by the laws of your country of residence). If we become aware that we have collected personal information from a child under 14 years of age (or the minimum age for digital services as required by the laws of your country of residence), we will take steps to delete such information promptly.
11. Regional Privacy Rights
This service operates globally, and additional privacy rights may apply depending on your region of residence.
California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we collect.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale/Sharing: SOULCARD does not sell or share your personal information with third parties for cross-context behavioral advertising purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
EU/EEA Residents (GDPR)
Under the General Data Protection Regulation (GDPR):
- Right to Object (Art. 21): You may object to the processing of your personal data in certain circumstances.
- Right to Restriction of Processing (Art. 18): You may request restriction of the processing of your personal data.
- Legal Basis for Processing (Art. 6): Processing of your data is based on your consent (Art. 6.1.a), which you may withdraw at any time.
- Right to Lodge a Complaint: You may file a complaint with the data protection supervisory authority in your country.
Japanese Residents (APPI)
Under Japan's Act on the Protection of Personal Information (APPI):
- Consent is obtained for third-party data sharing in accordance with Article 27.
- For provision of personal information to third parties in foreign countries, information about the personal data protection systems of those countries is provided in accordance with Article 28.
- The United States (Supabase, Firebase) does not have a comprehensive federal personal information protection law, but each service provider meets security standards such as SOC 2 certification.
CIS Region Residents
SOULCARD is designed for Russian-speaking users outside the Russian Federation, including users in Commonwealth of Independent States (CIS) countries. Personal data is stored on servers in the United States (Supabase) and South Korea (Fortune API). If your country of residence has data localization requirements, please consider this when using the service.
To exercise any of these rights, contact privacy@soulcard.app.
12. Data Breach Notification
In the event of a personal data breach, SOULCARD will respond as follows:
- Notify affected members via email or in-app notification within 72 hours of becoming aware
- Provide details of the breached data, timing, circumstances, and response measures
- Report to relevant regulatory authorities without delay
- Implement immediate technical measures to minimize damage
13. Automated Decision-Making
SOULCARD uses AI-based algorithms to generate fortune analysis results.
- Automated processing: All fortune services including tarot interpretation, Four Pillars analysis, astrology charts, and compatibility analysis
- Processing method: AI analyzes information such as birth date, time, and place provided by members to generate results
- Important note: All results are for entertainment and reference purposes only and do not replace professional advice
- Your rights: You may request an explanation of automated decision-making or request human intervention. Contact privacy@soulcard.app
14. Cookies and Local Storage
SOULCARD is a mobile application and does not use web browser cookies. However, the app utilizes the following local storage mechanisms:
- Secure Storage: Authentication tokens are stored in the device's secure storage (iOS Keychain / Android Keystore) for maintaining login sessions
- Shared Preferences: Language settings, consent records, notification preferences, and app configuration are stored locally on the device
- Local Cache: Temporary data for improving app performance (e.g., cached images, recent results)
All locally stored data is deleted when the app is uninstalled from the device. Members may also clear app data through their device settings at any time.
15. Data Security
SOULCARD implements the following security measures to protect member information:
- SSL/TLS encrypted communications
- Encrypted storage of personal information
- Access control management
- Regular security audits
16. Changes to Privacy Policy
- For general changes, at least 7 days advance notice will be provided via in-app notification before the effective date.
- For changes that materially reduce member privacy rights or expand the scope of information collection/use, at least 30 days advance notice will be provided via both in-app notification and email.
- The revised policy becomes effective from the posted effective date.
- Members who do not agree with the changes may request account deletion.
17. Complaints and Remedies
Data Protection Officer
| Item | Details |
|---|
| Name | Lucide Seo |
| Email | privacy@soulcard.app |
| Responsibility | Oversight of all personal information processing, handling of member inquiries and complaints |
Filing Complaints
Members who believe their personal information rights have been violated may seek assistance from the following organizations:
For users in all jurisdictions:
- Contact your local data protection authority for guidance on your rights under applicable local law.
- SOULCARD Data Protection Officer: privacy@soulcard.app
For users in South Korea:
- Korea Internet & Security Agency (KISA) Privacy Center: 118 (no area code), privacy.kisa.or.kr
- Personal Information Dispute Mediation Committee (KOPICO): 1833-6972, kopico.go.kr
- Supreme Prosecutors' Office Cyber Investigation Division: 1301, spo.go.kr
- National Police Agency Cyber Bureau: 182, cyberbureau.police.go.kr
Privacy Inquiries: privacy@soulcard.app
Data Protection Officer: Lucide Seo