Privacy Policy

1. Who we are

Fatelore ("we", "us") is the data controller for personal information processed when you use https://fatelore.com.

2. Information we collect

Account data: email, username, Clerk user ID, and sign-in timestamps obtained through Clerk authentication. We never store your password.

Payment metadata: payments are processed by Stripe. We retain only the transaction ID, amount, currency, and status returned by Stripe. We never store your card details.

Reading inputs: information you submit such as birth date, questions, and uploaded photos.

Reading outputs: AI-generated text and images, plus the related credit-transaction record.

Technical logs: request timestamps, IP address, User-Agent, and error traces, used for security and debugging.

3. How we use this information

(a) Deliver the readings you request; (b) process payments and credit balance; (c) honor your preferences and surface your history; (d) prevent abuse, monitor service health, and fix bugs; (e) comply with legal obligations.

By default we do not send marketing emails. You will only receive product updates or promotions if you explicitly opt in under Settings → Account. Transactional messages (receipts, password reset, etc.) are not affected by this toggle.

4. Who we share data with

We rely on the following processors, sharing only what is needed:

Clerk — authentication (email, sign-in metadata).

Stripe — payments (billing email, amount).

OpenAI / OpenRouter / other LLM providers — reading generation (your reading inputs and uploaded photos). These providers process data under their own privacy policies.

Cloudflare R2 — storage for generated images and your uploads.

OpenAI omni-moderation — image content screening before storage or downstream sharing.

We do not sell personal information to advertisers or data brokers.

5. Retention

We keep your reading history for the lifetime of your account so you can re-open and share it. After account deletion, PII fields, readings, and uploaded/generated images are permanently deleted within 30 days. Credit-transaction rows are anonymized (the user association is severed) and retained for tax and accounting purposes.

Technical logs are kept for no more than 90 days.

6. Your rights

From Settings → Account you can: (a) view and edit your profile; (b) export all your data as a JSON file with one click; (c) delete your account, which triggers the deletion described above; (d) toggle marketing-email preferences.

If you are in the EU, UK, Switzerland, or California, you have additional GDPR / UK-GDPR / CCPA rights of access, rectification, deletion, portability, and objection. Reach us at [email protected] to exercise them.

7. Cookies and tracking

We use only the cookies strictly necessary to maintain your sign-in session (Clerk). No third-party analytics, advertising, or cross-site tracking cookies are deployed.

8. International transfers

Our processors operate in the United States, the European Union, and other regions. By using the service you consent to such transfers, understanding that data-protection standards may differ across jurisdictions.

9. Minors

The service is not directed to users under 18. Accounts opened by minors will be removed once identified.

10. Changes to this policy

We may update this policy over time. Material changes will be announced in-app or via email. Continued use constitutes acceptance.

11. Contact

Data-protection inquiries should be sent to [email protected].