Privacy Policy

Last updated: April 30, 2026

1. Who We Are

D8ly Read ("we", "us", "our") operates the website at d8ly.app. This policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

We collect the following types of information: • Account Information: When you sign in with Google, we receive your name, email address, and profile picture as provided by Google. If you sign up with email and password, we store your email and a securely hashed password (we never store your password in plain text). • Birth Data: If you choose to use our daily reading feature, you may provide your birth date, birth time, and birth city. This information is used solely to calculate your Bazi (Four Pillars) chart and generate personalized readings. • Portrait Photos: If you choose to use our Face Reading (面相) feature, you can upload a photo of your face. The photo is downscaled in your browser before being sent. We send the resized image to Google Gemini for analysis and we do not store the original or resized image bytes on our servers. We do store the resulting text reading and a hash of the image (SHA-256, truncated to 32 hex characters) so that re-uploading the same photo returns the cached reading without billing another AI call. The hash is one-way and cannot be used to reconstruct the photo. Face Reading is for adults only — by uploading you confirm you are 18 or older and that you have the right to upload the depicted person's image. • Usage Data: We collect standard server logs including IP addresses, browser type, and pages visited. On the anonymous fortune API endpoint, we temporarily store IP addresses in server memory for rate limiting purposes only. This data is not persisted and is cleared on each server restart. • Local Storage: We store preferences (language setting), cached readings, and birth data in your browser's local storage to improve performance and provide offline access. This data never leaves your device unless you are signed in, in which case it may be synced to our database.

3. How We Use Your Information

We use your information for the following purposes: • To calculate your Bazi chart and generate daily readings, yearly outlooks, and Western horoscope readings based on your birth data • To generate AI-powered fortune narratives using third-party AI services (your birth chart data and zodiac sign are sent for narrative generation. No personally identifiable information such as your name or email is included in these requests) • To generate Face Reading (面相) interpretations: when you opt in by uploading a photo and accepting the consent prompt, the resized image is sent to Google Gemini for one-time analysis. The image bytes are not retained by us beyond the request; only the generated text reading is cached. Google Gemini's handling of submitted content is governed by Google's terms; see the link in the Third-Party Services section below. • To moderate questions submitted through the moon blocks (擲筊) divination feature using third-party AI services (only the question text is sent, no personal data) • To authenticate your account and maintain your session • To cache generated readings so we don't regenerate them unnecessarily • To send contact form messages via email using Resend (your name, email, and message are transmitted to Resend's servers for delivery) • To enforce rate limits and prevent abuse of our services • To improve our service based on aggregated, anonymized usage patterns

4. Data Storage and Security

Your account data and birth information (for signed-in users) are stored in a PostgreSQL database hosted by Supabase with encryption at rest. Passwords are hashed using bcrypt before storage. All data transmission uses HTTPS/TLS encryption. For anonymous users, birth data and readings are stored only in your browser's local storage and are never transmitted to our servers except during fortune generation requests. We retain your data for as long as your account is active. You can delete your data at any time through the Settings page, or by contacting us.

5. Third-Party Services

We use the following third-party services: • Google OAuth: For authentication. Google receives standard OAuth data per their privacy policy (https://policies.google.com/privacy). We only request basic profile scopes (email and name). • Third-party AI services (OpenAI and Google Gemini): For AI-generated fortune narratives and content moderation. Your Bazi chart pillars (abstract astrological data, not personal identifiers) are sent to AI service providers for narrative generation. No personally identifiable information is included in these requests. For the Face Reading feature, your downscaled portrait photo is additionally sent to Google Gemini for analysis when you opt in. We access these providers via their standard API. How submitted content may be retained or used by these providers (including for service operation, abuse monitoring, or model improvement) is governed by their own terms — please review them directly at https://ai.google.dev/gemini-api/terms and https://openai.com/policies if this matters to you. • Supabase: For database hosting. Data is stored in Supabase's infrastructure with their security practices (https://supabase.com/privacy). • Vercel: For application hosting and anonymous analytics. Standard web traffic passes through Vercel's infrastructure. Vercel Analytics collects aggregated, non-personally-identifiable page view data (https://vercel.com/legal/privacy-policy). • PostHog: For product analytics including page views, feature usage, and session recordings. PostHog processes anonymized interaction data to help us improve the service (https://posthog.com/privacy). • OpenStreetMap Nominatim: For geocoding birth city to coordinates (used for True Solar Time calculation). Only the city name you enter is sent. No other personal data is included. • Resend: For delivering contact form emails. When you submit the contact form, your name, email, and message are transmitted via Resend's servers. See Resend's privacy policy at https://resend.com/legal/privacy-policy. We do not sell, rent, or share your personal information with any other third parties.

6. Cookies and Tracking

We use the following cookies and analytics: • Session cookies for authentication (managed by NextAuth.js) • Vercel Analytics for anonymous, aggregated page view and visitor metrics (no personally identifiable information is collected; no cookies are used by Vercel Analytics) • PostHog for product analytics (page views, feature usage, session recordings). PostHog uses a first-party cookie to distinguish unique visitors. No data is sold or shared with advertisers. See PostHog's privacy policy at https://posthog.com/privacy. • No advertising cookies • No third-party ad tracking scripts

7. Your Rights

You have the right to: • Access: View all data we store about you through your account settings • Delete: Remove your birth data and generated readings at any time via Settings > Clear Data. To delete your entire account, contact us. • Portability: Your birth data and chart are displayed to you in full and can be recorded at any time • Withdraw Consent: You can stop using the service at any time. Signing out and clearing your browser's local storage removes all client-side data. • Opt Out: You can use the basic Bazi calculator without creating an account. Anonymous usage stores data only in your browser's local storage. For California residents (CCPA): We do not sell personal information. You may request deletion of your data by contacting us. For EU/EEA residents (GDPR): Our legal basis for processing your data is consent (you choose to provide birth data) and legitimate interest (operating the service). You may exercise your rights under GDPR by contacting us.

8. Children's Privacy

D8ly Read is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, and will take immediate steps to mitigate any harm.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, you can reach us through our contact form at d8ly.app/contact or by email at d8lyread@gmail.com.