Legal

Privacy Policy

Last updated: April 9, 2026.

This policy explains how Oracle Now handles personal data under GDPR, UK GDPR, and CCPA. It describes what we collect, why we collect it, and your rights.

Data Controller and Contact

Controller: Oracle Now. Contact email: privacy@oraclenow.com.

Data Subject Access Requests (DSAR), deletion requests, and privacy complaints can be sent to the address above. We aim to respond within 30 days.

Data We Collect

  • Question text you submit, which may include sensitive topics such as health, relationships, or emotional state.
  • Email address collected during Stripe checkout.
  • Birth date (optional), when provided by you.
  • Payment metadata from Stripe (we do not store full card numbers).
  • Usage and performance data for analytics, using PostHog with autocapture and session replay disabled.

Lawful Bases (GDPR and UK GDPR)

  • Contract performance: generating and delivering readings and transactional email.
  • Legitimate interests: service reliability, fraud prevention, and product analytics.

How We Use Data

  • Generate your reading and deliver paid unlock access.
  • Send transactional reading summary emails.
  • Operate, debug, and improve product quality.
  • Produce aggregated analytics and performance reporting.

We do not sell personal data and we do not profile users for advertising based on question text.

Storage Location, Processors, and International Transfers

Data is stored in Supabase (region depends on project configuration). Our processors may process data in the United States or the European Union.

  • Stripe (payments, US and other regions)
  • Anthropic (AI generation, US)
  • Resend (transactional email, US)
  • PostHog (analytics, EU/US depending on setup)
  • Vercel (hosting and logs, US)

For cross-border transfers, we rely on applicable safeguards such as Standard Contractual Clauses (and UK transfer addendum where required).

Retention and Deletion

Reading records and related metadata are retained for up to 12 months unless a shorter legal or contractual period applies.

You can request deletion via privacy@oraclenow.com. We process valid requests within 30 days, subject to legal exceptions.

Your Rights (GDPR and UK GDPR)

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability

To exercise these rights, contact privacy@oraclenow.com.

Your Rights (CCPA)

  • Right to know what personal information we collect and use
  • Right to request deletion
  • Right to non-discrimination for exercising privacy rights
  • Right to opt out of sale/share (we do not sell personal data)

Cookies and Analytics

We use first-party cookies for essential functionality and analytics preferences. For visitors likely located in Europe, a cookie consent banner appears on first visit.

Analytics is run through PostHog with manual events, autocapture disabled, and session replay disabled.

Sensitive Topics and Children

Question text may contain sensitive personal topics. We use this content only to generate your requested reading and service-related operations.

Oracle Now is intended for adults 18 and older. We do not knowingly provide services to children.

Policy Changes

We may update this policy as the product evolves. Material updates will be reflected by a new “Last updated” date on this page.

Related legal terms: Terms of Service.