Privacy Policy

Privacy Policy

Last Updated: December 4, 2024

Divin8 (“we,” “us,” or “our”) operates the Divin8 mobile application (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using Divin8, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Email address, name (via Google OAuth)
  • Profile Information: Display name, profile picture (optional)
  • Birth Data: Date, time, and place of birth (for astrological calculations) – optional
  • Payment Information: Processed by Apple App Store or Google Play Store; we do not store your payment details

1.2 Information Collected Automatically

  • Usage Data: Features accessed, readings performed, interaction patterns
  • Device Information: Device type, operating system, app version, unique device identifiers
  • Location Data: Approximate location (city/region) based on IP address for location-dependent astrological calculations
  • Analytics Data: Interaction events, session duration, feature usage (via Mixpanel)
  • Log Data: IP address, access times, pages viewed, app crashes

1.3 Information from Third Parties

  • Google OAuth: Basic profile information (email, name, profile picture) when you sign in with Google
  • Apple/Google: Subscription status and transaction information

2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Generate readings, interpretations, and astrological calculations
  • Personalization: Tailor experiences based on your history and preferences
  • Account Management: Create and maintain your account, process subscriptions
  • Communication: Send service updates, subscription confirmations, support responses
  • Analytics & Improvement: Understand how users interact with Divin8 to improve features
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with applicable laws and regulations
  • AI Training: Improve AI interpretation quality (anonymized data only)

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Public Sharing Features

When you use our reading sharing feature, the following information becomes publicly accessible via a unique link:

  • Your question (if provided)
  • Card/element details
  • Interpretation summary
  • Reading date

Important: Shared readings do NOT include your name, account details, or full reading history. You can revoke public access at any time.

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Requests from government authorities
  • Situations involving potential threats to safety
  • Protection of our rights and property

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Until you delete your account, plus 30 days for backup retention
  • Reading History: While your account is active, or until you manually delete readings
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely
  • Legal Obligations: Some data may be retained longer if required by law

5. Your Privacy Rights

Depending on your location, you may have the following rights:

5.1 All Users

  • Access: Request a copy of your personal information
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and data
  • Opt-Out: Unsubscribe from marketing communications

5.2 GDPR Rights (EU/EEA Users)

If you are in the European Union or European Economic Area, you have additional rights under GDPR:

  • Data Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Lodge Complaint: File a complaint with your local data protection authority

Legal Basis for Processing (GDPR):

  • Contract performance (providing the Service)
  • Consent (birth data, analytics)
  • Legitimate interests (fraud prevention, service improvement)

5.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Know: Request disclosure of personal information collected, used, or shared
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the “sale” of personal information (we do not sell data)
  • Non-Discrimination: Exercise rights without discrimination

Note: We do not sell personal information as defined by CCPA.

5.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days (or as required by applicable law). We may ask for verification of your identity before processing requests.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data transmitted via HTTPS/TLS; sensitive data encrypted at rest
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Authentication: Secure OAuth 2.0 authentication via Google
  • Monitoring: Regular security audits and vulnerability assessments
  • Infrastructure: Hosting with Supabase (SOC 2 Type II compliant)

Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Children’s Privacy

Divin8 is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at support@divin8.com, and we will delete it promptly.

8. International Data Transfers

Your information may be processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

For EU/EEA users: We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Service providers’ compliance with GDPR requirements
  • Your explicit consent for data transfers (where required)

9. Third-Party Links & Services

Divin8 may contain links to third-party websites or services (e.g., App Store, Play Store, social media). This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

10. Cookies & Tracking Technologies

We use the following tracking technologies:

  • Local Storage: Store preferences and session data on your device
  • Analytics SDKs: Mixpanel for usage analytics (you can opt out in Settings)
  • Device Identifiers: Used for analytics and fraud prevention

Our public share website (share.divin8.com) may use cookies for basic functionality. It does not use tracking cookies.

11. Do Not Track Signals

Our Service does not currently respond to “Do Not Track” (DNT) browser signals. You can control analytics tracking through in-app settings.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

  • Email notification to your registered address
  • In-app notification
  • Prominent notice on our website

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller:
Divin8
Email: support@divin8.com
Website: divin8.com

For EU/EEA users: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

By using Divin8, you acknowledge that you have read and understood this Privacy Policy.