EN

Privacy Policy

Effective date: April 8, 2026
Last updated: April 8, 2026

En ("we", "our", or "us") operates the service available at whisper.day. This Privacy Policy explains how we collect, use, and protect your personal data, and your rights under applicable law including the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

En
Contact: privacy@whisper.day

2. Data We Collect

2.1 Account Data (provided by you)

  • Name or nickname — used to personalise your oracle readings
  • Date of birth — used to calculate your zodiac sign, Four Pillars, and numerology
  • Blood type — used for blood type readings
  • Birth hour (optional) — used to improve Four Pillars accuracy

2.2 Authentication Data (via Google OAuth)

When you sign in with Google, we receive your Google account ID and email address. We do not store your Google password.

2.3 Usage Data (generated by the service)

  • Daily oracle readings generated for your account
  • Individual readings you request (zodiac, blood type, Four Pillars, numerology, tarot)
  • Date and time of reading generation

2.4 Technical Data

  • Session cookies required to keep you logged in
  • Basic server logs (IP address, request timestamps) retained by our infrastructure providers

3. How We Use Your Data

| Purpose | Legal Basis (GDPR) | |---|---| | Providing personalised oracle readings | Performance of contract (Art. 6(1)(b)) | | Authenticating your account via Google | Performance of contract (Art. 6(1)(b)) | | Storing your reading history | Performance of contract (Art. 6(1)(b)) | | Maintaining service security and preventing abuse | Legitimate interests (Art. 6(1)(f)) |

We do not use your data for advertising, profiling, or sale to third parties.

4. Third-Party Services

We share data with the following processors to operate the service:

| Provider | Purpose | Data shared | Privacy Policy | |---|---|---|---| | Google | Authentication (OAuth 2.0) | Google account ID, email | google.com/privacy | | Anthropic | AI oracle generation | Name, birth data, divination summary | anthropic.com/privacy | | Supabase | Database and authentication hosting | All account and reading data | supabase.com/privacy | | Vercel | Web hosting and deployment | Server request logs | vercel.com/legal/privacy-policy |

All processors are contractually bound to protect your data and process it only on our instructions. Data may be transferred to and processed in the United States. Such transfers are covered by Standard Contractual Clauses or equivalent safeguards.

5. Data Retention

| Data type | Retention period | |---|---| | Account profile | Until you delete your account | | Daily oracle readings | Until you delete your account | | Individual readings | Until you delete your account | | Server logs | Up to 90 days (held by infrastructure providers) |

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Erasure ("right to be forgotten") — request deletion of your data
  • Data portability — receive your data in a machine-readable format
  • Restriction — ask us to limit how we process your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at privacy@whisper.day. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national DPA in the EU).

7. Children's Privacy

En is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with their data, please contact us at privacy@whisper.day.

8. Divination Disclaimer

The personal data you provide (birth date, blood type, etc.) is used solely to generate personalised entertainment content. En does not use this data to make automated decisions that produce legal or similarly significant effects on you.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests:
privacy@whisper.day