Your privacy
matters deeply
to us.
We collect only what we need. We never sell your data. We are transparent about everything. This policy explains exactly how we handle your information.
Who we are
Tarot Engine is operated by Business Game Changer, a UK-based business. When this policy refers to "we", "us", or "our", it means Business Game Changer and the Tarot Engine platform.
We are the data controller for personal information collected through tarotengine.com and the Tarot Intelligence Engine WordPress plugin. Our contact address for data protection matters is:
Business Game Changer
Email: info@tarotengine.com
Data we collect
We collect information in the following ways:
Information you provide directly
- Account registration: your name, email address, and password when you create an account on tarotengine.com.
- Contact form submissions: your name, email address, and the content of your message when you contact us.
- Plugin licence purchases: transaction data processed by Gumroad on our behalf. We do not store payment card details.
Information generated by your use of the Engine
- Reading data: the tarot cards drawn in each session, your Decision Tension Index (DTI) score, event tags you assign, and any notes you choose to enter.
- Quiz responses: your answers to Seren's personality and archetype assessment quiz.
- Usage patterns: the dates and times of your readings, which we use to generate your personal timeline and pattern intelligence.
Technical information collected automatically
- IP address and approximate location (country/region level)
- Browser type and version
- Device type
- Pages visited and time spent on site
- Referring website
This technical data is collected via server logs and, if you consent, via analytics tools.
How we use your information
We do not use your reading data, DTI scores, or personal journal entries for any purpose other than providing and improving your personal intelligence service. We never use this data for advertising or profiling beyond the Engine itself.
Our legal basis under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we must have a lawful basis for processing your personal data. We rely on the following bases:
- Contract performance (Article 6(1)(b)): Processing necessary to provide the services you have signed up for.
- Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, provided these are not overridden by your rights. This includes improving our service and responding to enquiries.
- Consent (Article 6(1)(a)): Where we have asked for and received your explicit consent, such as for analytics cookies.
- Legal obligation (Article 6(1)(c)): Where processing is required to comply with a legal obligation.
Who we share your data with
We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:
Service providers
- Gumroad: processes payments for Pro licences. Their privacy policy applies to payment transactions.
- Bluehost / Newfold Digital: provides web hosting for tarotengine.com. Your data is stored on servers within the EEA or subject to adequate transfer safeguards.
- Anthropic / OpenAI: if you use AI-powered features within the Engine, your reading context (not your personal identifying information) may be processed by these AI providers to generate interpretations. We do not send your name or email to AI providers.
Legal requirements
We may disclose your information where required to do so by law, court order, or in response to lawful requests by public authorities.
Business transfers
In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
How long we keep your data
- Account data: retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.
- Reading data and timeline entries: retained for the lifetime of your account. You can delete individual entries or your entire archive at any time from your account settings.
- Contact form messages: retained for up to 2 years for correspondence purposes, then deleted.
- Technical logs: retained for up to 12 months then deleted or anonymised.
- Payment records: retained for 7 years to comply with UK tax and accounting obligations.
Your rights
Under UK GDPR, you have the following rights regarding your personal data:
You can request a copy of the personal data we hold about you (a Subject Access Request).
You can ask us to correct inaccurate or incomplete personal data.
You can ask us to delete your personal data in certain circumstances (the "right to be forgotten").
You can ask us to limit how we use your data in certain circumstances.
You can request your data in a structured, machine-readable format.
You can object to processing based on legitimate interests or for direct marketing.
You have rights where decisions are made solely by automated means that significantly affect you.
To exercise any of these rights, please contact us at info@tarotengine.com. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Contact us about this policy
If you have any questions about this Privacy Policy, how we handle your data, or wish to exercise your rights, please contact us:
Email: info@tarotengine.com
Website: tarotengine.com/contact-us
We take all privacy enquiries seriously and aim to respond within 5 working days, and always within the one-month statutory deadline.
We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email. The "last updated" date at the top of this page will always reflect the most recent version.