Last updated June 2026
Privacy Policy
This policy explains what Familiar Tarot ("Familiar", "we") collects, how we use it, who else processes it, and the choices you have. Familiar is operated from Hong Kong.
What we collect
- Account data — your email address, and your name if you add one.
- Your conversations — the questions you ask and the readings the deck gives you, so your history is there when you return.
- Payment data — handled by Stripe. We receive billing metadata (plan, status, the last digits of a card) but never your full card number.
- Usage data — basic activity such as when you were last active, and technical data such as IP address and device info collected in our hosts’ server logs.
How we use it
- to generate and save your readings and run your account;
- to process membership and deck payments;
- to keep the service secure and prevent abuse;
- to improve Familiar and respond to your support requests.
We do not sell your personal data, and we do not use your conversations for advertising.
AI processing of your messages
To produce a reading, the text you send is transmitted to our AI provider (Anthropic, accessed via OpenRouter) to generate a response. Please don’t include sensitive personal information in your questions that you wouldn’t want processed this way.
Who else processes your data
We use trusted service providers to run Familiar. Each processes data only to provide their service to us:
- Supabase — database and authentication;
- Stripe — payments and billing;
- OpenRouter and Anthropic — AI generation of readings;
- Cloudflare — card-art storage (R2) and content delivery;
- Vercel — application hosting;
- Resend — sending sign-in codes and account emails.
Some of these providers process data in the United States and other countries, so your data may be transferred and processed outside where you live.
Cookies
We use only the essential cookies needed to keep you signed in. We do not use advertising or third-party tracking cookies.
How long we keep it
We keep your account and conversation data while your account is active. When you delete your account, we delete your personal data and conversations, except where we must keep limited records (for example, payment records) to meet legal obligations.
Your rights
Depending on where you live (including under GDPR/UK GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing.
You can delete your account and data yourself from your account settings, or email us to exercise any of these rights. We will not sell your personal information.
Children
Familiar is intended for adults and is not directed at children under 18. We do not knowingly collect data from children.
Changes to this policy
We may update this policy as the product evolves. If a change is material, we’ll give you reasonable notice.
Questions, or want to exercise a data right? Write to hello@familiartarot.com.