Privacy Policy

Effective Date: February 10, 2026

MystiCodex ("we," "our," or "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data when you use our website at mysticodex.com ("the Service").

1. Information We Collect

a. Account Information

When you sign in with Google or Discord, we receive your name, email address, and profile avatar from the authentication provider. We do not receive or store your password for these services.

b. Usage Data

We collect information about how you interact with the Service, including pages visited, features used (e.g., Tarot readings, Spell Forge activity), and timestamps. This data helps us improve the Service and understand usage patterns.

c. User-Created Content

Content you create within MystiCodex — such as spells, journal entries, Grimoire notes, and reading histories — is stored in our database and associated with your account.

d. Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card number, CVV, or other sensitive payment details. We receive only limited information from Stripe, such as your subscription status, billing email, and the last four digits of your card for display purposes.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process subscriptions and manage your account.
  • To personalize your experience (e.g., discipline-based suggestions, reading history).
  • To generate personalized content (Tarot interpretations, spell suggestions) using your provided context.
  • To communicate with you about your account, service updates, or support inquiries.
  • To detect and prevent fraud, abuse, or security threats.

3. Third-Party Services

We use the following third-party services to operate MystiCodex:

  • Supabase — Database hosting and user authentication. Your account data and user-created content are stored on Supabase's infrastructure.
  • Stripe — Payment processing for subscriptions. Stripe handles all payment data under its own Privacy Policy.
  • xAI (Grok) — AI model provider for Tarot reading interpretations. When you request a reading, your selected cards, spread, and intention text are sent to xAI's API to generate the interpretation. We do not send your name, email, or other personal identifiers to xAI.
  • Vercel — Web hosting and deployment. Vercel processes web requests and may collect standard server logs (IP address, user agent, timestamps).

4. Cookies and Local Storage

We use essential cookies to maintain your authentication session and preferences. We do not use third-party advertising or tracking cookies. Some browser-based storage (e.g., localStorage) may be used to persist UI preferences locally on your device.

5. Data Security

We take reasonable measures to protect your personal information, including the use of HTTPS encryption for all data in transit and secure infrastructure provided by our hosting partners. Payment data is handled by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account data and user-created content for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or necessary for legitimate business purposes (e.g., resolving disputes, enforcing our Terms).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and account.
  • Portability: Request an export of your data in a portable format.

To exercise any of these rights, please contact us at support@mysticodex.com.

8. Children's Privacy

MystiCodex is not intended for anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal data, please contact us at support@mysticodex.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page. Your continued use of MystiCodex after changes take effect constitutes acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at support@mysticodex.com.