Total Tarot

Privacy Policy

Effective date: 14 February 2026 · Last updated: 14 February 2026

Sharing intimate questions with an oracle requires trust. We take that seriously. This policy explains, in plain language, exactly what data Total Tarot collects, why we collect it, who else sees it, and what rights you have over it.

If anything here feels unclear, reach out to us at guide@totaltarot.app — we'd rather explain than hide behind legalese.

Who We Are

Total Tarot is operated by Voxium AI Ltd, a company registered in England. Voxium AI Ltd is the data controller responsible for your personal data. For any privacy-related questions, you can contact us at guide@totaltarot.app.

What We Collect

We only collect what we need to give you personalised readings and keep the service running. Here's the full picture:

Account information

Your email address, display name, and — if you sign in with Google — basic profile details (name and profile picture). We use this to identify your account and personalise your experience.

Your questions and readings

The questions you ask, the cards drawn for each reading, the oracle domain selected, and the interpretation generated. We store these so you can revisit your reading history and so the oracle can learn your patterns over time.

Journal entries and feedback

If you write journal entries or give feedback on readings (resonance voting), we store that to deepen personalisation and improve reading quality.

Payment information

When you purchase credits or unlock a deck, the payment is handled entirely by a secure third-party payment processor. We never see or store your card number, expiry, or CVV. We only receive confirmation that a payment was successful and the amount.

Usage data

Anonymised analytics about which pages you visit and features you use. This helps us understand what's working and what needs improvement. We don't use advertising trackers.

Legal Basis for Processing

Under UK GDPR, we need a lawful basis for processing your personal data. Here's how each applies:

  • Contractual necessity — We process your questions, readings, and credits because that's the service you signed up for. Without this data, we can't generate readings or manage your account.
  • Legitimate interest — We use anonymised analytics to improve the service and monitor for abuse. We balance this against your privacy by keeping analytics anonymised and minimal.
  • Consent — Pattern analysis of your reading history (identifying themes, frequent cards, and growth observations) runs automatically for eligible users.

How We Use Your Data

  • Generate your readings — Your question and drawn cards are processed by our AI to produce your personalised interpretation.
  • Identify your patterns — After you've completed 5 or more readings, your reading history is analysed by AI to identify recurring themes, frequent cards, and growth observations. This powers the Patterns page on your dashboard.
  • Process payments — Credit purchases and deck unlocks are handled by our secure payment provider.
  • Improve the service — We use anonymised, aggregated data to understand how the reading experience performs and where things can be better.
  • Send essential emails — Account confirmations, password resets, and important service updates.

Third-Party Services

We work with a small number of trusted third-party services to deliver Total Tarot. Here's what each category of provider can see:

AI providers

Our AI providers generate your readings and analyse your patterns. They receive your question and the cards drawn. Under their commercial API terms, your inputs are not used to train their models.

Payment processor

Our payment processor handles all transactions directly — we never see or store your card number, expiry, or CVV. Their own privacy policy governs how they handle payment data.

Cloud infrastructure & hosting

Your account data, readings, and journal entries are stored securely with strict access controls — each user's data is isolated so only you can access yours. Our hosting provider delivers the pages you see but doesn't have access to your readings or personal data.

Analytics

We use anonymised usage analytics to understand which pages are popular and where the experience can be improved. No personal data or reading content is shared with our analytics provider.

International Data Transfers

Some of the services listed above are based outside the United Kingdom (primarily in the United States). When your data is transferred outside the UK, it is protected by appropriate safeguards including Standard Contractual Clauses and adequacy decisions recognised by the UK government. We only work with providers who maintain strong data protection standards.

Data Retention

  • Readings and journals — Stored for as long as your account exists. Delete your account and they're gone.
  • Pattern analysis — Refreshed weekly while your account is active; deleted with your account.
  • Credit transactions — We keep these records to comply with accounting and legal requirements, even after you've deleted your account. The good news: these records contain only transaction amounts and dates — never your personal questions or reading content.
  • Analytics data — Anonymised and aggregated; not linked to your account after collection.

Your Rights

Under UK GDPR, you have the following rights over your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Ask us to correct inaccurate data.
  • Erasure — Delete your account and all associated data. You can do this directly from your profile settings, or email us.
  • Portability — Request your data in a portable format.
  • Restrict processing — Ask us to limit how we use your data.
  • Object — Object to processing based on legitimate interest.
  • Withdraw consent — Where we rely on consent (e.g., pattern analysis), you can withdraw it at any time.

To exercise any of these rights, email guide@totaltarot.app. We aim to respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have not been respected.

Cookies & Tracking

  • Authentication cookies — Essential for keeping you signed in. These are strictly necessary and don't require consent.
  • Analytics cookies — Anonymised usage tracking to help us improve the service. No advertising or cross-site tracking.

We do not use advertising trackers, sell your data, or participate in any ad networks.

Children's Privacy

Total Tarot is designed for users aged 13 and over. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created an account, please contact us at guide@totaltarot.app and we will delete the account promptly.

Security

We take the security of your data seriously. All connections to Total Tarot are encrypted via HTTPS. Your data is stored securely with strict access controls — each user can only access their own readings and account information, enforced at the database level. Payments are handled by a PCI-DSS certified payment processor.

No system is perfectly secure. If a security incident occurs that affects your personal data, we will notify you and the ICO as required by law.

Changes to This Policy

We may update this policy from time to time. For material changes (new data collection, new third-party services, changes to your rights), we will notify you by email before they take effect. For minor clarifications, we will update the “last updated” date at the top of this page.

Contact Us

Questions, concerns, or requests about your data? We're here.

Email: guide@totaltarot.app