Legal
Privacy Policy
How I Ching Oracle collects, uses, and protects your personal data under the GDPR and applicable privacy laws.
Last updated:
Data controller
Martin Yeh (“I Ching Oracle”, “we”, “us”) operates https://www.ichingoracle.de.
For privacy-related requests, including access, correction, deletion, and objections, contact us at privacy@ichingoracle.de.
We process personal data to provide oracle readings, subscriptions, account services, and related communications.
Data we collect
Depending on how you use the service, we may process:
- Account data: name, email address, password hash (credentials accounts), profile image (if provided)
- Authentication data: session identifiers, OAuth subject IDs when you sign in with Google
- Reading data: questions, hexagram results, AI interpretations, notes, favorites, and share settings you enable
- Payment data: subscription status, Stripe customer and subscription IDs, billing period metadata (payment card details are processed by Stripe and not stored by us)
- Usage data: credits consumed, feature usage, language preferences, and technical logs
- Communications: support messages, waitlist sign-ups, and lifecycle emails you opt into
- Consent records: cookie and analytics preferences stored on your device
- Visitor identifiers: anonymous cookie for guest daily oracle features (where applicable)
Legal basis (GDPR)
We rely on the following legal bases under Articles 6 and 9 GDPR:
- Contract (Art. 6(1)(b)) — to deliver readings, subscriptions, credits, and account features you request
- Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, service improvement, and limited operational analytics where permitted
- Consent (Art. 6(1)(a)) — optional analytics/marketing cookies, non-essential emails, and public sharing of readings you explicitly enable
- Legal obligation (Art. 6(1)(c)) — tax, accounting, and regulatory requirements where applicable
Google sign-in
If you choose “Continue with Google”, we receive information from Google OAuth such as your email address, name, and profile image (if available), as permitted by your Google account settings.
Google processes your data under its own privacy policy. We use the information solely to create and maintain your account and authenticate sessions.
You can disconnect Google access from your Google account security settings; you may still need a password or another sign-in method if required by your account configuration.
Stripe payments
Premium subscriptions and billing are handled by Stripe, Inc. When you checkout, Stripe collects payment details directly on their secure pages.
We receive limited billing metadata from Stripe (e.g. customer ID, subscription status, invoice references) to activate Premium features and manage your account.
Stripe’s privacy notice applies to payment processing: https://stripe.com/privacy
Email communications
We send transactional emails (e.g. email verification, password reset, billing-related notices) via our email provider (Resend) when necessary to operate your account.
With your consent or where permitted, we may send lifecycle emails such as daily guidance, weekly reflections, or product updates. You can manage preferences in account settings or unsubscribe via links in each message.
Email delivery logs may include timestamps and delivery status for troubleshooting and compliance.
AI-generated content
Your questions and hexagram context may be sent to our AI provider (DeepSeek) to generate interpretations and pattern insights.
We do not use your readings to train public AI models. Prompts are processed to deliver your session and related features only.
AI output is generated automatically and may be inaccurate, incomplete, or inappropriate for your situation. It is not professional, medical, legal, or financial advice.
You are responsible for how you use AI-generated text. See our Terms of Service and spiritual disclaimer for further limitations.
Analytics
With your consent, we may use privacy-oriented product analytics (e.g. PostHog) and/or Google Analytics to understand feature usage and improve the experience.
Analytics data is aggregated where possible and configured to minimize personal identifiers. You can withdraw consent at any time via the cookie preferences control in the footer.
If analytics are disabled, we still collect essential server logs for security and reliability.
Retention
Account and reading data are kept while your account is active.
After account deletion, we remove or anonymize personal data within a reasonable period, except where law requires longer retention (e.g. billing records).
Backups may retain deleted data for a limited technical window before automatic purging.
Your rights
If you are in the EEA, UK, or Switzerland, you may have the right to:
- Access, rectify, or erase your personal data
- Restrict or object to certain processing
- Data portability
- Withdraw consent for optional cookies or marketing emails
- Lodge a complaint with your supervisory authority (e.g. your local data protection authority in Germany)
Data deletion requests
You can delete your account from account settings when signed in. This removes your profile and associated readings from active systems, subject to backup retention windows.
To request deletion or export of data without signing in, email privacy@ichingoracle.de from the address associated with your account. We may ask for reasonable verification.
For general support (non-privacy), contact support@ichingoracle.de via our support page.
International transfers
Some processors may process data outside the European Economic Area (e.g. United States). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
Children
The service is not directed at children under 16. We do not knowingly collect personal data from children. Contact us if you believe a child has provided data.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date.