Privacy

Privacy Policy

Last updated 2026-05-15 · Tarot Land (kr.co.doubletime.tarotland)

This policy describes what Tarot Land collects, why, and how to delete it. We collect the minimum needed to provide the service. We do not sell data, we do not run advertising, and we do not profile users for marketing.

Who we are

The app is published by DoubleTime ("we", "us"), based in the Republic of Korea. You can reach us at contact@doubletime.co.kr.

What we collect

• Anonymous account identifier. When you first open the app we mint a random bearer token (stored securely on your device) so the server can recognize your subsequent requests. There is no name, email, phone number, social-network identity, or password attached.
• Install fingerprint hash. A SHA-256 hash of installation parameters, used only to limit signup-bonus abuse from repeated reinstalls. Not linked to any external identity.
• Locale preference (English / Korean) and basic app version + build number for compatibility handshakes.
• Your readings. Each card you draw, the optional reflection you type before drawing, and the questions you ask of the reading. These power the on-device history and the LLM responses.
• Feedback messages you submit through the in-app Feedback thread (Settings → Feedback). Optionally an email address you type if you'd like a reply by email.
• Purchase records. App Store / Play Store receipt identifiers needed to validate ticket purchases. Apple and Google handle your payment; we never see your card number.
• Push token (Firebase Cloud Messaging) if you opt in to push notifications. Used only to notify you when an admin replies to a feedback thread. Not used for marketing, daily reminders, or promotions.

Where it goes

Your data is stored on our server hosted at tarotland-api.doubletime.co.kr (DigitalOcean, US region). Limited data is sent to the following processors:

• OpenAI — to generate the LLM portion of your reading we send your draw, optional reflection, and inquiry text to OpenAI's API. We do not send your account identifier, IP, email, or device fingerprint. OpenAI processes the request per its API terms and does not train on API data by default.
• Apple / Google — for receipt validation of ticket purchases (receipt IDs only).
• Firebase Cloud Messaging — push delivery, when you opt in. We send Firebase only the push token + the notification payload.
• Cloudflare — DNS resolution for our domain.
• Zoho Mail / ZeptoMail — only if you email contact@doubletime.co.kr.

How long we keep it

Readings stay in your history until you delete your account. Feedback threads stay so the conversation makes sense. Purchase records are retained for the legally required period (typically 5 years under Korean accounting law). Everything else is kept only as long as needed to operate the service.

How to delete it

Open the app, go to Settings → Account → Delete account. This is a two-step type-DELETE confirmation that wipes your account, all readings, feedback threads, and push tokens from our server immediately and irreversibly. Alternatively email contact@doubletime.co.kr with your public code (Settings → About).

Children's privacy

Tarot Land is designed for adults. We do not knowingly collect personal data from anyone under the age of 18. If we learn that someone under 18 has created an account we will delete it. If you believe a minor has provided us with data, please contact us. See also our Child Safety statement.

Your rights

Under Korean PIPA and other applicable laws, you have the right to access, correct, or delete your data, and to withdraw consent. The fastest paths are the in-app Delete Account action and email to contact@doubletime.co.kr. We respond within 30 days, usually within 48 hours.

Security

The app talks to our server over HTTPS only. Your bearer token is stored in the platform's secure storage (Keychain on iOS, Keystore on Android). Our database server is not publicly reachable; only the Phoenix application and our TLS reverse-proxy expose ports.

Changes to this policy

If we change anything material we will update the "Last updated" date at the top of this page and notify in-app where appropriate. The current version is always at tarotland.doubletime.co.kr/en/privacy.