PRIVACY POLICY

MY TAROT APP

Effective Date: March 1st, 2020
Last Updated: September 5th, 2025

1. INTRODUCTION

1.1 Our Commitment

My Tarot App is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our application.

1.2 Legal Compliance

This policy complies with:

  • Lei Geral de Proteção de Dados (LGPD) - Brazil

  • General Data Protection Regulation (GDPR) - European Union

  • Other applicable data protection legislation

1.3 Acceptance

By using My Tarot App, you agree to the collection and use of information as described in this policy.

2. INFORMATION WE COLLECT

2.1 Data Provided Directly by You

Registration Data:

  • Full name

  • Last name

  • Year of birth

  • Gender

  • Email address

  • Password (stored in encrypted form)

Usage Data:

  • History of readings performed

  • Cards and decks consulted

  • Reading preferences

  • Personalized settings

  • Content saved by the user

2.2 Data Collected Automatically

Technical Information:

  • Device model and manufacturer

  • Operating system and version

  • Application version

  • Unique device identifiers

  • IP address

  • Approximate location data (when authorized)

  • Network and connectivity information

Navigation and Usage Data:

  • Screens visited in the application

  • Usage time and sessions

  • Interactions with features

  • Performance and crash data

  • System logs and errors

2.3 Advertising Data

Advertising Identifiers:

  • Google Advertising ID (Android)

  • Identifier for Advertisers - IDFA (iOS)

  • Cookies and similar technologies

  • Ad interaction data

  • Advertising preferences

2.4 Location Data

  • IP for approximate location (when applicable)

2.5 Third-Party Data

Firebase/Google Services:

  • Authentication data

  • Analytics metrics

  • Push message information

  • Remote configuration data

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

Authentication and Access:

  • Create and manage your account

  • Perform secure login

  • Verify your identity

  • Maintain active sessions

Application Features:

  • Save and sync personal readings

  • Personalize user experience

  • Provide interpretations of different types of cards

  • Maintain consultation history

  • Offer relevant content

Improvements and Analytics:

  • Analyze usage patterns (anonymized data)

  • Improve application performance

  • Develop new features

  • Fix bugs and technical issues

  • Generate internal statistics

3.2 Communication

Service Notifications:

  • Update alerts

  • Important information about the application

  • Push notifications related to usage

  • Promotional messages (optional)

Customer Support:

  • Respond to questions and requests

  • Provide technical assistance

  • Resolve reported issues

3.3 Advertising

Personalized Ads:

  • Display relevant ads through Google AdMob

  • Personalize advertising content (including regional personalization via approximate location)

  • Measure campaign effectiveness

  • Optimize advertising experience

4. INFORMATION SHARING

4.1 No Sale Policy

We DO NOT SELL your personal information to third parties under any circumstances.

4.2 Authorized Sharing

Service Providers (Google/Firebase):

  • Google Firebase (authentication, database, analytics)

  • Google AdMob (advertising)

  • Google Cloud Platform (hosting and processing)

  • Other Google services necessary for operation

App Stores:

  • Apple App Store (for iOS users)

  • Google Play Store (for Android users)

  • Data necessary for payment processing and downloads

4.3 Third-party Privacy Policies

For detailed information on how our partners handle your data, see:

  • Google Play Services: https://policies.google.com/privacy

  • Firebase Analytics: https://firebase.google.com/policies/analytics

  • Firebase Crashlytics: https://firebase.google.com/support/privacy

  • AdMob: https://support.google.com/admob/answer/6128543

  • RevenueCat: https://www.revenuecat.com/privacy

  • OpenAI: https://openai.com/privacy

  • Facebook Analytics: https://www.facebook.com/privacy/explanation

4.4 Legal Sharing

Competent Authorities: We may disclose information when:

  • Required by law or court order

  • Necessary for protection of legal rights

  • For investigation of fraudulent activities

  • In emergency situations to protect safety

Business Transfer: In case of merger, acquisition, or sale of assets, your data may be transferred, always under the same protections of this policy.

5. DATA SECURITY

5.1 Technical Measures

Data Protection:

  • Encryption of passwords and sensitive data

  • Secure transmission via HTTPS/TLS

  • Rigorous access controls

  • Continuous security monitoring

  • Safe and regular backups

Infrastructure:

  • Servers in certified data centers

  • Protection against DDoS attacks

  • Firewalls and detection systems

  • Regular security updates

5.2 Security Limitations

Important Notice: Although we implement robust security measures, no system is 100% secure. We cannot guarantee absolute protection against:

  • Sophisticated hacker attacks

  • Failures in third-party systems

  • Leaks caused by external factors

  • Undiscovered vulnerabilities

5.3 User Responsibility

You should:

  • Keep your password secure and confidential

  • Use trusted devices

  • Keep your application updated

  • Report suspicious activities

6. STORAGE AND INTERNATIONAL TRANSFER

6.1 Data Location

IMPORTANT: Your data is stored and processed specifically in:

  • Google Firebase servers located in the US-Central (United States) region

  • Google Cloud Platform cloud infrastructure in the United States

  • Certified data centers located in the United States

6.2 International Transfers

Consent for International Transfer:

By accepting this Privacy Policy, you expressly consent that:

  • Your personal data may be transferred, stored and processed in the United States

  • Your data may be accessed from countries where Google maintains facilities

  • The United States may have data protection laws different from your country of residence

Applied Safeguards:

  • We apply adequate safeguards according to LGPD and GDPR

  • We use approved Standard Contractual Clauses

  • We rely on Google's adequacy certifications

  • For European users, we apply GDPR safeguards as necessary

  • We guarantee equivalent level of protection

For users in the European Union: This transfer is based on your explicit consent according to Art. 49(1)(a) of GDPR.

6.3 Storage Period

Account Data:

  • Maintained while the account is active

  • Accounts with unvalidated email are automatically deleted after 7 days

  • Inactive accounts for more than 2 years may have data automatically deleted

  • Anonymized analytics data may be maintained indefinitely for metrics

Other Data:

  • Usage data: stored for up to 2 years for analytics

  • Security logs: maintained for up to 1 year

  • Security backup maintained for up to 30 days after account deletion

7. EMAIL VALIDATION AND AUTOMATIC DELETION

7.1 Mandatory Validation Policy

IMPORTANT: To maintain your account and data:

  • You must validate your email address within 7 (seven) days after registration

  • Validation is done through the confirmation link sent to your email

  • Accounts with unvalidated email are automatically deleted after 7 days

7.2 Automatic Cleanup Process

Automated Routines:

  • We run daily routines to identify unvalidated accounts

  • Users receive email reminders (when possible) before deletion

  • Deletion includes all data: profile, history, settings and personal information

  • This deletion is definitive and irreversible

  • It is not possible to recover data from automatically deleted accounts

7.3 Your Responsibilities

To prevent data loss:

  • Validate your email immediately after registration

  • Check your inbox and spam folder

  • Maintain a valid and accessible email address

  • Respond to validation reminders

8. YOUR PRIVACY RIGHTS

8.1 Rights Under LGPD/GDPR

Access:

  • Request a copy of all data we maintain about you

  • Obtain information about how your data is processed

Rectification:

  • Correct inaccurate or incomplete personal data

  • Update outdated information

Deletion (Right to be Forgotten):

  • Request deletion of your personal data

  • Delete account and associated information

Portability:

  • Receive your data in structured and readable format

  • Transfer data to another service (when technically feasible)

Opposition:

  • Object to data processing for marketing

  • Revoke consent at any time

Limitation:

  • Request restriction of processing under certain circumstances

8.2 How to Exercise Your Rights

Through the Application:

  • Access privacy settings

  • Use data management options

  • Delete account through settings menu

By Email:

  • Contact through the privacy email

  • Clearly specify your request

  • Provide information for identity verification

8.3 Response Time

We will respond to your requests within:

  • 30 days according to LGPD

  • 1 month according to GDPR

  • We may request extension in complex cases

9. COOKIES AND SIMILAR TECHNOLOGIES

9.1 Types of Technologies

Cookies and Identifiers:

  • Session and persistent cookies

  • Unique device identifiers

  • Authentication tokens

  • Local cache data

Purposes:

  • Maintain active login

  • Remember preferences

  • Personalize experience

  • Collect analytics

  • Display relevant ads

9.2 Management

User Control:

  • Configure preferences in the application

  • Users can manage ad preferences through device settings

  • It's possible to reset the advertising identifier in system privacy settings

  • Use system privacy settings

  • Log out to clear sessions

Third-Party Cookies:

  • Google Analytics

  • Google AdMob

  • Firebase

10. MINORS

10.1 General Policy

We do not intentionally collect personal information from minors without adequate consent from parents or legal guardians.

10.2 Parental Responsibility

When minors use the application:

  • Parents/guardians assume full responsibility

  • Must supervise usage and provide consent

  • May request deletion of minor's data

  • Must ensure the minor understands the nature of the content

10.3 Discovery of Use by Minors

If we discover that we collected data from minors without adequate consent:

  • We will promptly delete the information

  • We will suspend the account if necessary

  • We will notify guardians when possible

11. DATA RETENTION

11.1 Retention Periods

Account Data:

  • Maintained while the account is active

  • Unvalidated accounts: automatically deleted after 7 days

  • Deleted within 30 days after deletion request

  • Some data may be retained for legal obligations

Analytics Data:

  • Anonymized data for up to 2 years

  • Aggregated data may be retained indefinitely

  • Personally identifiable data deleted according to policy

Security Data:

  • Security logs for up to 1 year

  • Investigation data until resolution

  • Legal information according to regulatory requirements

11.2 Automatic Deletion

  • Unvalidated accounts are automatically deleted after 7 days

  • Accounts inactive for more than 2 years may be deleted

  • Temporary data removed regularly

  • Old backups eliminated according to schedule

12. CHANGES TO THIS POLICY

12.1 Updates

We may update this Privacy Policy periodically to:

  • Reflect changes in our practices

  • Meet new legal requirements

  • Improve clarity and transparency

  • Include new features

12.2 Change Notification

When there are significant changes:

  • We will publish the updated version in the application

  • We will notify by email when appropriate

  • We will inform through push notification

  • We will highlight important changes

12.3 Continued Acceptance

Continued use of the application after changes constitutes acceptance of the new policy.

13. JURISDICTION AND APPLICABLE LAW

13.1 Brazilian Law

This policy is governed by Brazilian laws, particularly:

  • Lei Geral de Proteção de Dados (Law No. 13.709/2018)

  • Marco Civil da Internet (Law No. 12.965/2014)

  • Consumer Protection Code

13.2 International Regulations

For users in other jurisdictions, we respect:

  • GDPR (European Union)

  • CCPA (California, USA)

  • Other local data protection laws

14. CONTACT AND EXERCISE OF RIGHTS

14.1 Data Protection Officer (DPO)

For privacy and data protection related questions:

Privacy Email: contato@meutarotapp.com

14.2 General Support

For other questions about the application:

Support Email: contato@meutarotapp.com

14.3 Data Protection Authorities

You have the right to file complaints with competent authorities:

  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD)

  • Europe: Local data protection authorities

  • Other countries: Applicable regulatory authorities

14.4 Contact Information

When contacting us, provide:

  • Full name

  • Email registered in the application

  • Clear description of your request

  • Documents for identity verification (when necessary)

Response time: up to 30 days according to LGPD
Data portability process: available upon request
For European users: additional rights according to applicable GDPR

15. FINAL PROVISIONS

15.1 Effectiveness

This Privacy Policy takes effect on the date of its publication and remains valid until replaced by a new version.

15.2 Independence of Clauses

If any part of this policy is deemed invalid, the remaining provisions will remain in effect.

15.3 Language

In case of conflict between versions in different languages, the Portuguese version will prevail.

Last update date: September 5th, 2025
Version: 2.0

Your privacy is important to us. If you have questions about this policy or how we handle your data, please don't hesitate to contact us.