sparkle
VedicPersonality
elephant

LEGAL · Privacy Policy

Privacy Policy

Last updated2026-04-22

Your privacy is a core commitment. We collect only what's needed to generate reports and deliver service (name, birth time/place, email) — never sell personal data, never use it for ad targeting. You can access, correct, or delete your data any time.

1. Introduction

VedicPersonality (the "Service", "we", "our") values every user's privacy. This Privacy Policy explains how we collect, use, store, and share your personal data, and what rights you have over your personal data.

This policy follows the requirements of Taiwan's Personal Data Protection Act, the EU GDPR, and California's CCPA / CARL. The commitments below apply uniformly regardless of where you are located.

Using the Service means you have read and agreed to this policy. If you do not agree, please do not use the Service or submit any personal data.

2. Data Controller

For the personal data described in this policy, [Provider Legal Name]is the Data Controller, responsible for determining the purposes and means of processing.

  • Operating entity: [Provider Legal Name]
  • Registered address: [Address]

3. Contact

For any questions about data processing or to exercise your rights, contact us via:

If you are located in the European Economic Area (EEA), in addition to contacting us, you have the right to lodge a complaint with your local data protection authority.

4. Data We Collect

We collect only what is necessary to provide the Service. Categories:

4.1 Identity Data

  • Name (or your preferred way of being addressed)

4.2 Birth Data (sensitive)

  • Date of birth
  • Time of birth (if provided)
  • City of birth (coordinates)

Birth information is the core necessary data for computing your Vedic chart. See Section 5 "Sensitive Data" for more.

4.3 Contact Data

  • Email (used to send reports and subscription communications, collected at checkout)

4.4 Test & Report Data

  • 30 MBTI test answers (Likert 7-point spectrum values)
  • System-computed personality type and intensity
  • Vedic chart computation results (planet positions, Nakshatra, Lagna, Dasha)
  • Full text of AI-generated personalized reports

4.5 Transaction Data

  • Order ID, payment amount, payment time, subscription status
  • Credit card information is processed by our payment partner Polar.sh — we do not store card numbers ourselves

4.6 Technical Data

  • IP address, browser type, operating system
  • Browsing path, dwell time, error logs
  • Session ID, feature usage

5. Sensitive Data (Birth Info)

Birth time and place are not explicitly listed as a "special category" under GDPR, but due to their unique identifying nature, we handle them with the highest standard of protection.

We use your birth data only to:

  • Compute your Vedic chart (planet positions, Nakshatra, Dasha)
  • Provide as input for AI-generated personalized reports (no identifiers, just chart values)
  • Re-load when you view historical reports

We will never:

  • Sell or rent birth data to third parties
  • Use it for ad targeting or market analysis
  • Share it with other users
  • Use it to train AI models (see Section 8)

6. How We Collect

We obtain your personal data via:

  • Direct interaction: you fill in the test, birth-info form, checkout info
  • Automatic technology: website cookies, server logs (see Section 9)
  • Third-party services: payment success notifications from Polar.sh, including your email and subscription status

7. How We Use Your Data

We process your personal data on the following lawful bases:

7.1 Contract Performance (necessary to provide the Service)

  • Generate your chart and AI report
  • Deliver the basic report and weekly subscription reports you purchase
  • Process payments, refunds, and cancellations

7.2 Legitimate Interest (operating the Service)

  • Analyze usage to improve test and report quality
  • Detect and prevent fraud and abuse
  • Provide customer support

7.3 Legal Obligation

  • Tax filing, accounting record retention
  • Responding to lawful government requests

7.4 Explicit Consent

  • Marketing communications (you may opt out at any time)

8. Third-Party Services

We use the following service providers to help us operate. All have signed data processing agreements and ensure their privacy standards meet this policy:

  • Cloudflare (US): website hosting and CDN
  • Neon (US): PostgreSQL database
  • Polar.sh (US): payment processing, subscription management
  • Anthropic (US): Claude AI report generation.
    Data we send to Claude includes only MBTI type, chart computation results, and salutation — no email, payment info, or birth date itself. Per Anthropic's data policy, these requests are not used to train AI models.
  • Resend (US): email delivery

9. Cookies & Tracking

We use necessary cookies to operate the Service:

  • Strictly necessary cookies: session identification, test progress (localStorage)
  • Functional cookies: language preference, theme setting
  • Analytics cookies (future): Cloudflare Web Analytics (no personal identification)

We do not use Google Analytics, Facebook Pixel, or other personalized tracking.You may disable cookies in your browser settings at any time, but this may affect some features (e.g. test progress cannot be saved).

10. Data Retention

  • Purchased reports: kept until you request deletion, or after 5 years of inactivity
  • Payment records: kept for 5-7 years per tax laws
  • Tested but not purchased: kept 90 days, then anonymized automatically
  • Customer support communications: kept for 2 years

11. Data Security

We take reasonable precautions to protect your data:

  • Site-wide HTTPS / TLS encryption in transit
  • Database passwords and API keys stored as encrypted environment variables
  • Sensitive payment data is handled by PCI DSS-compliant payment providers
  • Regular dependency updates and patching
  • Restricted internal access to data

Despite our best efforts, internet transmission and storage are not absolutely secure. In the event of a data breach, we will notify affected users and authorities within 72 hours.

12. Your Rights

You have the following rights over your personal data, exercisable at any time:

  • Right of access: know what data we hold about you
  • Right to rectification: have us correct inaccurate data
  • Right to erasure (right to be forgotten): have us delete all your data (except statutory retention)
  • Right to restrict processing: pause processing for specific purposes
  • Right to data portability: get a machine-readable copy of your data
  • Right to object: opt out of marketing communications and analytics
  • Right to withdraw consent: for processing previously based on consent

To exercise any right, emailsupport@vedicpersonality.comwith subject "Privacy rights request". We will respond within 30 days.

13. Minors

The Service is not offered to anyone under 18. We do not knowingly collect data from users under 18.

If a parent or legal guardian discovers a minor has provided data without authorization, contact us immediately and we will delete the relevant data as soon as possible.

14. International Transfers

Some third-party providers (e.g. Anthropic, Resend, Polar) have servers in the United States. Your data may therefore be transferred to countries with different data-protection standards.

We ensure all cross-border transfers use EU Standard Contractual Clauses (SCCs)or other recognized safeguards.

15. Policy Changes

This policy may be revised in response to regulatory changes or service updates. We will notify users of material changes via email or website announcement at least 14 days in advance. The "Last updated" date at the top of this page indicates the version.

Continued use of the Service constitutes acceptance of the updated policy. If you disagree with the new version, please exercise your rights per Section 12.

© 2026 VedicPersonality. All rights reserved.