Privacy Policy

1. Introduction

Lotus Moon (“Lotus Moon,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our yoga, meditation, and tarot platform, website (lotusmoon.fit), mobile application, and related services (collectively, the “Service”).

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Our Privacy Principles

Before diving into the details, here are the core principles that guide how we handle your data:

• We NEVER sell your personal information. Not to advertisers. Not to data brokers. Not to anyone. Ever.
• We NEVER share your data for cross-context behavioral advertising. Your wellness journey won’t follow you around the internet.
• We collect only what we need. Every piece of data we collect serves a specific purpose in making your experience better.
• You control your data. You can access, download, correct, or delete your data at any time.
• We’re transparent about third parties. When we share data with service providers, we tell you exactly who and why.
• Security is not optional. We use industry-standard encryption and security practices to protect your information.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you register for an account, use our Service, or communicate with us:

• Account Information: Name, email address, password, and profile information.
• Personal Details: Birthday, zodiac sign, and wellness preferences.
• Cycle Tracking Data: Menstrual cycle length and last cycle start date (if you opt in to cycle tracking).
• Wellness Data: Mood entries, breathwork sessions, gratitude journal entries, and meditation preferences.
• Tarot Data: Tarot card pulls, reading history, questions asked during readings, and AI-generated interpretations.
• Journal Entries: Workshop reflections, post-class journal prompts, and personal notes.
• Payment Information: Credit card details, billing address, and transaction history (processed securely through Stripe).
• Communications: Messages, feedback, support requests, and survey responses you send to us.
• Community Content: Moon circle reflections, discussion posts, challenge check-ins, and other community participation.

3.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers, browser type, and mobile network information.
• Usage Data: Pages visited, features used, classes viewed, time spent on the Service, and interaction patterns.
• Location Data: General geographic location based on IP address.
• Log Data: IP address, access times, referring URLs, and error logs.

3.3 Information from Third Parties

We may receive information about you from third parties:

• Authentication Providers: If you sign in using a third-party service (e.g., Google, Apple), we receive your name, email, and profile picture as permitted by your privacy settings.
• Analytics Partners: Aggregated usage and demographic data from analytics providers.

4. How We Use Your Information

4.1 Service Delivery

• Provide personalized yoga class recommendations based on your preferences and mood.
• Generate AI-powered tarot card interpretations tailored to your questions and readings.
• Track your wellness journey including mood, breathwork, gratitude, and meditation progress.
• Manage community features including moon circles, discussions, and challenges.
• Process your subscription payments and manage your account.
• Provide customer support and respond to your inquiries.

4.2 Service Improvement

• Analyze usage patterns to enhance user experience and develop new features.
• Conduct research and analytics to understand user preferences.

4.3 Communications

• Send transactional emails (e.g., account confirmation, password reset).
• Send marketing communications about new features, classes, and updates (with your consent).
• Send weekly digest emails and streak reminders based on your notification preferences.

4.4 Legal and Security

• Detect, prevent, and address fraud, security issues, and technical problems.
• Comply with legal obligations and enforce our Terms of Service.
• Protect the rights, property, and safety of Lotus Moon, our users, and the public.

5. Information Sharing and Disclosure

WE DO NOT SELL YOUR PERSONAL INFORMATION. We do not share your personal information for cross-context behavioral advertising. We do not provide your data to data brokers. Your information is used only to provide and improve the Service, never to be monetized by selling it to third parties.

We may share your information only in the following limited circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to use your data only for the purposes we specify and to protect your information:

• Stripe: Payment processing.
• RevenueCat: Mobile app subscription management.
• Anthropic (Claude AI): AI-powered tarot card interpretations.
• Supabase: Database hosting and authentication services.
• Resend: Transactional and marketing email delivery.
• Vercel: Web hosting and application deployment.
• Upstash: Rate limiting and security infrastructure.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5.3 Business Transfers

If Lotus Moon is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. Any successor entity will be bound by this Privacy Policy’s commitment not to sell your personal information.

5.4 With Your Consent

We may share your information for other purposes only with your explicit consent.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service.

• Account Data: Retained while your account is active and for 30 days after account deletion to allow for account recovery.
• Transaction Records: Retained for 7 years to comply with tax and accounting requirements.
• Usage Analytics: Retained in aggregated, anonymized form indefinitely for service improvement.
• Marketing Preferences: Retained until you opt out or request deletion.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS. Sensitive data at rest is encrypted.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
• Rate Limiting: All API endpoints are protected by rate limiting to prevent abuse.
• Row-Level Security: Database policies ensure users can only access their own data.
• Incident Response: We will notify affected users of any data breach within 72 hours as required by applicable law.

8. Your Rights and Choices

• Access and Portability: Request access to your personal information and receive a copy of your data in a portable format.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information.
• Marketing Opt-Out: Opt out of marketing communications at any time through your account notification preferences.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to correct inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out—we simply don’t do it.

To exercise these rights, contact us at privacy@lotusmoon.fit.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your personal data based on: (a) your consent, (b) performance of a contract with you, (c) our legitimate interests, or (d) compliance with legal obligations.
• Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing.
• Data Transfers: Your data may be transferred to and processed in the United States. We use Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

11. Children’s Privacy

Our Service is not directed to children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information and to improve and analyze our Service:

• Essential Cookies: Required for the Service to function properly (authentication, theme preferences).
• Analytics Cookies: Help us understand how users interact with the Service.
• Preference Cookies: Remember your settings and preferences (theme, color scheme).
• Marketing Cookies: We do NOT use cookies to track you across the web for advertising purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top.

Important: Our commitment to never sell your personal information is a foundational principle. Any future changes to this Privacy Policy will maintain this commitment.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Lotus Moon
Email: privacy@lotusmoon.fit
Website: https://lotusmoon.fit