Privacy Policy
Last updated: April 24, 2026
1. Data Controller
TarotWithU (“we”, “us”, or “our”) is the data controller for the personal data processed through this website. For privacy-related inquiries, contact us at privacy@tarotwith.u.
2. Data We Collect
We collect and process the following data:
- Email address — collected when you create an account. Used for authentication. Legal basis: your consent.
- Username — collected at registration for display in the community forum. Legal basis: your consent.
- Authentication cookies — Supabase session tokens stored as HTTP cookies. Legal basis: legitimate interest (necessary for login functionality).
- Cookie consent preference — stored in localStorage to remember your choice. This is necessary storage and does not require separate consent.
- Reading counter — stored in localStorage to enforce daily free reading limits. Necessary for service operation.
- Session data — tarot reading results and fortune cookie state stored in sessionStorage for page navigation. Cleared when the tab closes.
- Aggregate page-view analytics — when you visit a page, your browser sends the page path, referrer, country (derived from your IP address, which is not stored), and browser/OS information to Vercel Analytics. A daily-rotating anonymous hash is used to count unique visitors. No cookies, no localStorage, no persistent identifiers. Legal basis: legitimate interest.
We do not use advertising or cross-site tracking cookies.
3. Data Storage
Server-side data (accounts, forum posts) is stored on Supabase cloud infrastructure. The application is deployed on Vercel’s edge network. Client-side data (localStorage, sessionStorage) never leaves your browser.
4. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of all personal data we hold about you.
- Rectification — ask us to correct inaccurate personal data.
- Erasure — request deletion of your personal data. We will respond within 30 days.
- Restriction of processing — ask us to limit how we use your data.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing of your personal data.
To exercise any of these rights, email privacy@tarotwith.u. We will respond within 30 days.
5. Third-Party Services
- Supabase — authentication and database. Supabase Privacy Policy
- Vercel — hosting and edge network. Vercel Privacy Policy
- Vercel Analytics — cookie-free aggregate page-view statistics, processed by Vercel under the privacy policy linked above. No personal identifiers are stored.
6. Cookie & Storage Details
Below is a complete list of cookies and browser storage used by this website. All items are classified as “Necessary” — we do not use any marketing cookies, and our analytics provider does not set cookies.
| Name | Purpose | Type | Storage | Expiry |
|---|---|---|---|---|
| sb-*-auth-token | Supabase authentication session | Necessary | Cookie | Session / 7 days |
| cookie-notice-seen | Remembers that you dismissed the cookie notice | Necessary | localStorage | Persistent |
| tarot_date / tarot_count | Daily free reading rate limiting | Necessary | localStorage | Resets daily |
| tarot_result | Pass reading results between pages | Necessary | sessionStorage | Tab close |
| tarot_blindbox_seen | Prevent showing duplicate fortune cookies | Necessary | sessionStorage | Tab close |
7. Changes to This Policy
We may update this privacy policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.