Privacy Policy

Last updated: May 2026  ·  occultix.com

This Privacy Policy explains how Occultix collects, uses, stores, and protects your personal data when you use our website and AI-powered tarot reading service. We comply with the UK GDPR, EU GDPR, and the California Consumer Privacy Act (CCPA).

1. Who We Are

Occultix operates occultix.com, an AI-powered tarot reading platform for entertainment purposes. Privacy contact: support@occultix.com.

2. Data We Collect

• Account data: name, email address, password hash
• Optional profile data: date of birth (used only to personalise interpretations)
• Reading data: chosen spreads, drawn cards, AI interpretations in your journal
• Payment data: transaction records (plan, amount, date) — card details handled exclusively by Stripe
• Technical data: IP address, browser type, session tokens, essential cookies
• Analytics data: aggregated usage statistics — only with your cookie consent

3. How We Use Your Data

• To provide and operate the Occultix service
• To personalise AI-generated tarot interpretations
• To process payments and manage your credit balance
• To maintain your reading journal and account history
• To send transactional emails (verification, purchase confirmation)
• To comply with legal obligations

4. Legal Basis for Processing (UK/EU GDPR)

• Contract performance — to provide the service
• Legitimate interests — security and fraud prevention
• Consent — optional analytics and marketing cookies
• Legal obligation — compliance with applicable law

5. Cookies

• Essential cookies — session cookies required for login. Set without consent.
• Analytics cookies — usage statistics. Only set after consent via our cookie banner.
• Marketing cookies — personalisation. Only set after explicit consent.

Manage cookie preferences at any time via the banner or your browser settings. Consent is stored in localStorage under the key occultix_cookie_consent.

6. Payments & Stripe

All payments are processed by Stripe, Inc. (PCI DSS-compliant). We never store your full card number, CVV, or other sensitive payment credentials.
Stripe Privacy Policy: stripe.com/privacy

7. Google Sign-In

If you sign in with Google, we receive your name and email from Google to create or link your account. We do not receive your Google password.
Google Privacy Policy: policies.google.com/privacy

8. Data Sharing & Third Parties

We do not sell your personal data. We share data only with:

• Stripe — payment processing
• OpenAI — your spread type, cards, and optional name/birth date are sent to generate your reading. OpenAI Privacy Policy
• Google — if you use Google Sign-In
• Hosting provider — infrastructure
• Law enforcement — if required by law

9. Data Retention

Account data is retained while your account is active. Payment records are kept for 7 years for financial compliance. You can request deletion at any time.

10. Your Rights — UK/EU (GDPR)

• Access — request a copy of your data
• Rectification — correct inaccurate data
• Erasure — request deletion ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — at any time for consent-based processing

Email support@occultix.com to exercise any right. We respond within 30 days.

11. Your Rights — California (CCPA)

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell data)
• Non-discrimination for exercising your privacy rights

To submit a CCPA request, email support@occultix.com with subject "CCPA Request".

12. Data Security

We use HTTPS encryption, hashed passwords, HTTP-only session cookies, and restricted database access. No method of transmission over the internet is 100% secure.

13. Children's Privacy

Occultix is for users aged 18 and over. We do not knowingly collect data from anyone under 18. Contact support@occultix.com if you believe this has occurred.

14. International Transfers

Your data may be processed outside your country (e.g. by OpenAI in the USA). We rely on standard contractual clauses or equivalent safeguards for transfers from the UK/EU.

15. Changes to This Policy

We will notify you of significant changes by updating the date at the top. Continued use after changes constitutes acceptance.

16. Contact

For privacy questions, requests, or complaints: support@occultix.com.