Privacy Policy

1. Information We Collect

We collect information you provide directly, such as your email address, account profile information, uploaded palm photo, and support messages. We may also collect payment status information from DodoPayments, such as whether a transaction succeeded or failed.

We also collect basic technical data needed to run the service, such as IP address, browser type, device information, pages visited, upload status, and error logs.

2. Palm Photos & Reports

Your palm photo is used only to validate the image and generate your paid visual palm reading after payment is confirmed.

Reports and uploads are stored in private Supabase buckets. When you view your own images or report, the app uses short-lived signed URLs rather than public files.

3. How We Use Your Data

We use your data to operate the upload flow, validate photo quality, generate full reports, provide account access, process payments through DodoPayments, troubleshoot errors, prevent abuse, and respond to support requests.

We do not use your palm photo to identify you personally, and we do not sell your photo or personal data.

4. Data Sharing

We do not sell your personal data. We share data only with service providers needed to run PalmPhotoReading, such as hosting, database, authentication, payment, and AI generation providers. These may include Supabase, Vercel, DodoPayments, and OpenAI or equivalent AI infrastructure.

We may also disclose information when required by law, to protect our rights, to prevent fraud or abuse, or to keep the service secure.

5. Data Security

We use access controls, private storage buckets, server-side API keys, and short-lived signed URLs to protect uploaded photos and generated reports. Service credentials are kept on the server and are not exposed to the browser.

No online service can guarantee perfect security. If we discover a security issue affecting your data, we will take reasonable steps to investigate and respond.

6. Data Retention

Unpaid uploads are automatically deleted after 24 hours. Paid palm photos are deleted shortly after the report is created, subject to operational cleanup timing. Generated reports and purchase records may be retained so you can access your reading and so we can satisfy payment, accounting, security, and support obligations.

You can contact us to request deletion of your reading data. Some transaction records may need to be retained where required for legal, tax, fraud-prevention, or accounting reasons.

7. Your Rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data. You may also have the right to object to certain processing or request that we restrict processing.

To make a privacy request, email hello@palmphotoreading.com.

8. Cookies

We use essential cookies and similar storage for authentication, session management, checkout state, and security. We do not need advertising cookies to provide the core palm reading flow.

9. Contact Us

For privacy-related questions or deletion requests, contact us at hello@palmphotoreading.com.