Taru Logo

Welcome to Taru

Privacy Policy

Last updated: May 21, 2025

Introduction

Welcome to Taru ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our tarot reading application.

Data Controllers

This service is a personal project operated by Hanno and Xanu, who serve as the data controllers for any personal information collected through this application. As data controllers, we determine the purposes and means of processing your personal data and are committed to handling your information responsibly and in compliance with applicable privacy laws.

Information We Collect

We limit our data collection to what is necessary to provide our services:

  1. For Standard Accounts:
    • OAuth account ID (for authentication purposes only)
    • We do not collect your email address for standard accounts
  2. For Daily Reading Subscribers:
    • Your email address (with your explicit consent)
    • This is used solely to deliver your daily readings

Cookies

We only create strictly necessary cookies for authentication purposes. These cookies are essential for the functioning of our service and allow you to log in and access your account securely.

Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Consent: We collect and process your email address only with your explicit consent when you subscribe to daily readings
  • Contractual Necessity: We process your OAuth account ID as necessary to provide you with access to our service
  • Legitimate Interests: We implement security measures to protect your data based on our legitimate interest in maintaining service security

How We Protect Your Data

  • All your tarot readings are encrypted using a password that you create
  • We do not store your encryption password on our servers
  • We cannot access your readings without your password
  • All communication with our service is conducted over HTTPS to ensure secure data transmission
  • We implement appropriate technical and organizational measures to protect your data

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we are committed to:

  • Notifying affected users promptly through in-app messages
  • Posting a notification on our website (taru.guru)
  • Providing information about what data was affected, potential impacts, and steps we're taking to address the situation
  • Sharing recommendations for any actions you should take to protect yourself

For significant breaches affecting EU residents, we will aim to provide these notifications within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

Sharing Features

When you choose to share a reading:

  • We create a separate encrypted copy of the reading
  • The copy is encrypted with a unique random key
  • The encryption key is included in the sharing URL
  • We do not store or track sharing URLs

Authentication Services

We offer OAuth authentication options for your convenience. When you use these authentication methods:

  • We only receive your OAuth account ID
  • We do not receive or store your passwords
  • We do not receive access to your social media profiles or other account details
  • We do not post to your accounts

Please refer to each provider's privacy policy to understand how they handle your information:

Data Retention

  • For active accounts, we retain your OAuth account ID for as long as you maintain an account with us
  • For subscribers, we retain your email address until you unsubscribe or request deletion
  • After account deletion, we retain a hashed version of your OAuth account ID for 12 months solely for fraud prevention purposes (to prevent signup bonus exploitation)
  • This minimal retention is based on our legitimate interest in preventing fraudulent activity
  • All other personal data is deleted within 30 days of account deletion

Your Rights

Under GDPR and CCPA, you have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Restrict or object to certain processing of your data
  • Data portability (receive your data in a structured, commonly used format)
  • Withdraw consent at any time (for email subscription)
  • Not be subject to automated decision-making, including profiling
  • Opt-out of the sale of personal information (we do not sell your information)

Regarding automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on our users.

How to Exercise Your Rights

You can exercise your rights by:

  • Contacting us at the email address below
  • Using the account management features in the app
  • Response time: We will respond to all legitimate requests within 30 days

Children's Privacy

While our app has a content rating of 3+ (meaning the content is appropriate for all ages), our service requires users to be 13 years of age or older to create an account and use the service. We do not knowingly collect personal information from children under 13. If we discover we have collected personal information from a child under 13, we will promptly delete that information.

If you believe we might have inadvertently collected information from a user under 13, please contact us immediately at privacy@taru.guru.

International Data Transfers

Your information may be transferred to and processed in South Africa, where our servers are located. For transfers from the European Economic Area (EEA), we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) where applicable
  • End-to-end encryption of your reading data
  • Processing data only based on your explicit consent or other legal bases described above

By using our services, you consent to these international transfers of your information as described in this policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is being collected
  • Know whether your personal information is sold or disclosed and to whom
  • Say no to the sale of personal information (we do not sell your information)
  • Access your personal information
  • Request deletion of your personal information
  • Not be discriminated against for exercising your privacy rights

Do Not Sell My Personal Information

We do not sell your personal information as defined by the CCPA. In the preceding 12 months, we have not sold any personal information about our users.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact the data controllers (Hanno and Xanu) at privacy@taru.guru