Privacy Policy

1. Introduction

LYRA Oracle ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and website at lyraoracle.com. Please read this policy carefully. By using LYRA, you consent to the practices described in this Privacy Policy.

2. Information We Collect

Information you provide directly: email address and password when creating an account; the text of questions you ask during tarot readings (transcribed from voice); payment information processed through Stripe (we do not store your credit card details — Stripe handles all payment data securely).

Information collected automatically: device type, operating system, and browser type; IP address and approximate location (country level only); app usage data including reading frequency, session duration, and feature usage; anonymized analytics data.

Information we DO NOT collect: we do NOT store your voice recordings. Voice input is transcribed to text in real-time and the audio is immediately discarded. We do not have access to your voice data. We do not collect biometric data. We do not access your contacts, photos, camera, or other device data.

3. How We Use Your Information

We use collected information to: provide, maintain, and improve the Service; process transactions and manage subscriptions; generate personalized tarot readings based on your questions; communicate with you about your account or the Service; respond to support inquiries; detect, prevent, and address fraud or technical issues; comply with legal obligations.

We do NOT use your information to: train AI models on your personal data; sell your personal information to third parties; create advertising profiles; make automated decisions that produce legal effects concerning you.

4. Data Sharing

We share your information only with the following service providers who are necessary for operating the Service:

Supabase: authentication and database hosting (your account data and reading history). Stripe: payment processing (Stripe's own privacy policy governs payment data). Anthropic: AI text generation (your transcribed question is sent to generate readings — Anthropic does not store this data per their data retention policy). ElevenLabs: text-to-speech synthesis (reading text is sent for voice generation). Deepgram: speech-to-text transcription (your voice audio is transcribed and immediately discarded).

We do not sell, rent, or trade your personal information to any third party.

5. Data Retention

Account data: retained for as long as your account is active. Reading history: retained for as long as your account is active or until you delete it. Transcribed questions: stored as part of your reading history. Voice audio: never stored — immediately discarded after transcription.

You can delete your reading history at any time from the app. To delete your entire account and all associated data, email hello@lyraoracle.com.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (TLS/SSL), encrypted database storage, Row Level Security ensuring users can only access their own data, and API keys stored securely in server-side environment variables, never exposed to client applications.

However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights

Depending on your location, you may have the right to: access the personal data we hold about you; correct inaccurate personal data; delete your personal data; object to or restrict processing of your personal data; data portability; withdraw consent at any time.

To exercise any of these rights, contact us at hello@lyraoracle.com. We will respond to requests within 30 days.

8. Children's Privacy

LYRA is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

9. Cookies and Tracking

LYRA uses only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking cookies. We use anonymized analytics to understand app usage patterns. You can disable cookies in your browser settings, but this may affect the functionality of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your country. By using the Service, you consent to the transfer of your information to these countries.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect about you; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); non-discrimination for exercising your privacy rights.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal basis for processing personal data includes your consent, performance of a contract, and our legitimate interests in operating and improving the Service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

Email: hello@lyraoracle.com
Website: lyraoracle.com