Back to home

Privacy Policy

Last updated: July 8, 2026

This Policy explains how Hermeticum Tarot collects, uses, shares and protects your personal data when you use hermeticumtarot.com. We process your data in accordance with Brazil's General Data Protection Law (LGPD, Law 13.709/2018) and, where applicable, the European Union's General Data Protection Regulation (GDPR).

1. Who processes your data

Hermeticum Tarot is the controller of the personal data processed on the platform. For privacy matters, contact us at privacidade@hermeticumtarot.com.

2. Data we collect

We collect the following categories of data:

  • Account data: display name, email and password (stored encrypted, never in plain text).
  • Usage data: your readings, history, preferred school, language and interactions with the platform.
  • Payment data: processed by Stripe. We do not collect or store card numbers; we receive only subscription metadata (status, customer and subscription identifiers).
  • Technical data: IP address, browser and device type, pages visited, date and time, and logs collected automatically via cookies and similar technologies.

3. Cookies and tracking pixels

We use cookies and similar technologies (including tracking pixels and web beacons) to operate and improve the platform. We explain each type transparently below.

Essential cookies: required for the site to work. They include the authentication session cookie (to keep you signed in), your language preference, and security and anti-fraud cookies used by Stripe at checkout. Without them the service does not function, so they do not rely on consent.

Tracking pixels and web beacons: tiny, often invisible images or snippets of code placed in pages or emails. When loaded, they record information such as the opening of an email, a page visit, the device used and actions taken. We may use them to measure audience and performance, understand how the platform is used, evaluate marketing campaigns and show relevant ads (remarketing).

These pixels may be provided by third parties — for example, analytics providers (such as Google Analytics) and advertising platforms (such as Meta/Facebook, Google Ads and TikTok) — as well as email open-tracking by our sending provider. When loaded, these partners may collect data about you through our platform, under their own privacy policies.

Consent and control: where the law requires (for example, in the European Union), we will ask for your consent before activating non-essential cookies and pixels, and you may refuse or change them at any time. You can also block or delete cookies in your browser settings and use the third parties' own opt-out tools. Blocking essential cookies may affect how the site works.

4. How and why we use your data

  • provide the service: create your account, generate readings and keep your history;
  • process payments and manage your subscription;
  • communicate with you about your account, security and essential notices;
  • improve the platform through usage analytics and metrics;
  • marketing and campaigns, where you consent or where permitted by law;
  • comply with legal obligations and prevent fraud and abuse.

5. Legal bases

We process your data on the basis of: performance of the contract (to provide the service and charge the subscription); consent (for non-essential cookies and pixels and marketing communications); legitimate interest (for security, fraud prevention and product improvement); and compliance with a legal or regulatory obligation. These bases correspond to articles 7 and 11 of the LGPD and article 6 of the GDPR, where applicable.

6. Sharing and processors

We do not sell your personal data. We share data only with providers that help us operate the platform, to the extent necessary:

  • Supabase — database, authentication and storage;
  • Stripe — payment processing and subscription management;
  • Cloudflare — hosting, content delivery (CDN) and security;
  • email provider — sending transactional messages (for example, account confirmation);
  • analytics and advertising tools — when enabled, as described in the cookies and pixels section.

We may also disclose data when required by law, court order, or to protect rights, safety and the integrity of the service.

7. International transfers

Our providers may process data on servers located outside your country. In such cases, we apply appropriate safeguards so your data remains protected under applicable law.

8. Retention

We keep your data for as long as your account exists and for the time needed to fulfil the purposes of this Policy and legal obligations. After that, data is deleted or anonymized. You may request deletion of your account at any time.

9. Your rights

You may, at any time: confirm whether processing exists; access your data; correct incomplete or outdated data; request anonymization, blocking or deletion; request portability; withdraw consent; and object to processing. To exercise these rights, write to privacidade@hermeticumtarot.com. You may also file a complaint with the relevant data protection authority (in Brazil, the ANPD).

10. Security

We apply technical and organizational measures to protect your data, including encryption in transit (HTTPS), hashed passwords and row-level access control (RLS) in the database. No system is 100% secure, but we work continuously to reduce risk.

11. Children

The platform is not intended for anyone under 18, and we do not knowingly collect data from children. If we become aware of such collection, we will delete the data.

12. Changes to this Policy

We may update this Policy from time to time. The “last updated” date at the top indicates the current version. Material changes will be communicated by reasonable means.

13. Contact

For privacy questions or requests: privacidade@hermeticumtarot.com.