ARCANA

Last updated: 2026-02-17

Privacy Policy

1. Data Controller

Arcana Chamber ("we", "us", "our") is the data controller responsible for your personal data. For privacy inquiries, contact us at privacy@arcanachamber.com.

2. What Data We Collect

Account data

When you register, we collect your email address, name, and authentication credentials. If you sign in via a third-party provider (such as Google), we receive basic profile information from that provider.

Usage and analytics data

With your explicit consent, we collect aggregated information about how you interact with the service — pages visited, features used, and performance metrics. Analytics cookies are only set after you opt in. See our Cookie Policy for details.

Payment data

Payments are processed by third-party providers. We store transaction references and credit balances but never your full card number.

Communication preferences

If you subscribe to marketing emails, we store your opt-in choice separately from your account. You can unsubscribe at any time.

3. Purposes and Legal Bases

We process your personal data for the following purposes:

  • Account and service delivery — to create and manage your account, process purchases, and provide tarot readings. Legal basis: performance of a contract.
  • Security and fraud prevention — to protect accounts and detect abuse. Legal basis: legitimate interest.
  • Analytics — to understand usage patterns and improve the service. Legal basis: your consent (opt-in only).
  • Marketing emails — to send occasional updates if you subscribe. Legal basis: your consent (opt-in only).
  • Legal obligations — to comply with applicable laws (e.g., tax records). Legal basis: legal obligation.

4. Recipients and Sharing

We do not sell your personal data. We share data with:

  • Hosting and infrastructure providers (AWS) — to run the platform.
  • Analytics provider — Google Analytics 4 (GA4). Scripts load only after you opt in; IP addresses are anonymized.
  • Payment processor — to handle transactions securely.
  • Email service — Amazon Simple Email Service (AWS SES) for transactional emails (account verification, password resets, receipts).
  • Law enforcement — when required by law.

5. International Transfers

Your data may be processed outside your country of residence. Where data is transferred outside the EU/EEA/UK, we rely on Standard Contractual Clauses or adequacy decisions to ensure appropriate safeguards.

6. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion request.
  • Analytics data — aggregated, retained for up to 14 months.
  • Payment records — retained as required by tax law (typically 5–7 years).
  • Consent records — retained for the duration of consent plus 3 years for audit purposes.

7. Your Rights

Depending on your location, you may have the following rights:

EU / EEA / UK residents (GDPR / UK GDPR)

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — limit processing in certain cases
  • Portability — receive your data in a structured format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — at any time, without affecting prior processing
  • Lodge a complaint with your local supervisory authority

Ukraine residents

Under the Law of Ukraine "On Protection of Personal Data", you have the right to know what data we hold, request correction or deletion, and withdraw consent. Contact us at privacy@arcanachamber.com.

US residents

If you are a California resident, you have rights under the CCPA/CPRA to know, delete, and opt out of the sale of personal information. We do not sell personal information. To exercise any right, email privacy@arcanachamber.com.

8. Cookies

We use necessary cookies for authentication and session management, and analytics cookies only with your consent. You can manage your preferences at any time via the "Privacy choices" link in the footer. For full details, see our Cookie Policy.

9. Children

Arcana Chamber is not intended for anyone under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated through the service. Continued use after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or to exercise your rights:

privacy@arcanachamber.com