Privacy Policy

1. Data collected

When booking: first name, email, date/time/place of birth, palm photo, iris photo (optional), drawn tarot cards, voice intention, written question, private journal notes.

2. Purpose

Producing the personalised reading, providing private space access, sending the 12 follow-up emails, processing payment via Stripe. No data is sold or used for marketing.

3. Sub-processors

• Hosting: Hostinger International Ltd, 61 Lordou Vironos Street, 6023 Larnaca, Chypre
• Payment: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Irlande
• Email: Hostinger Email — smtp.hostinger.com
• AI: Anthropic, PBC — claude-opus-4-7 (USA). Photo and data sent to the API only for the duration of the analysis.

4. Retention

• Palm/iris photo: 12 months
• Reading, cards, birth data: 5 years (accounting prescription)
• Email: until unsubscribed, max 3 years after last interaction
• Journal notes: deletable any time

5. Your GDPR rights

Access, rectification, erasure, restriction, objection, portability, withdrawal of consent, complaint to French CNIL. To exercise: contact@romytahiti.com.

6. Cookies

Two functional cookies only: romy_access (site access) and romy_admin (editor only). No advertising or third-party tracking cookie.

7. Security

Data stored on a European server, HTTPS communications, payments processed directly by Stripe.