Privacy Policy

Oracle is operated for English-language customers by NOMAD SUSTAINTECH LIMITED (hereinafter "we").

Registered address: Auckland, New Zealand.

Support: [email protected]｜Read together with our Terms of Service.

Account: email, password hash, locale, timezone, login device / IP (for fraud prevention).

Reading inputs: name or handle, birth date, birth time, birth place, gender, calendar, your question. Birth time and place are treated as highly sensitive.

Payment: name, email, order ID, amount, result. We do not collect or store full card numbers, expiry, or CVV — those are handled directly by Stripe (the only payment processor used for English-market checkouts).

Public supporter data: if you choose named support for the first-signal pool, we store and publish your display name, short message, and support amount. Anonymous support does not publish your name or message.

Oracle Memory: context, preferences, boundaries, or recurring themes you explicitly save for future readings. You can edit or delete these notes in your account.

Usage: readings you generate (saved to your history), token transactions, subscription status, master bookings, support tickets.

Location and region data: we use country-code headers, browser language, and timezone to route visitors to the right language, currency, payment flow, and legal entity. If you have already granted browser location permission, we may log rounded approximate GPS coordinates for traffic distribution analysis; we do not store precise street-level location.

Cookies and similar technologies: login session, locale, anti-fraud, first-party analytics; if enabled for paid campaigns, Meta Pixel, Google Ads, Google Tag Manager, or Microsoft Clarity may measure ad performance, conversion events, heatmaps, and session replay. Question textareas, birth-data fields, and reading body content are masked from session-replay tooling.

To deliver the services you bought (readings, tarot, oracle, subscription, master matching, e-invoices).

To publish named support records on the supporter wall when you opt in.

To send service notifications (password reset, subscription renewal, master reply, reading complete). If you leave your email after the first signal and opt in, we may send a short onboarding sequence; you can unsubscribe.

To provide continuity from Oracle Memory you explicitly save; these notes do not override the current chart, cards, or question.

To show the appropriate language, currency, payment processor, and legal entity for your region.

To improve quality via de-identified or aggregated analysis. We do not send your inputs / outputs to third-party AI vendors for model training.

Fraud prevention and lawful request compliance.

Payments: Stripe (Stripe Payments New Zealand Limited) processes all English-market payments, refunds, and card tokenisation. We do not pass your card details through our servers.

AI vendors: Anthropic (Claude API) and our self-hosted Qwen model are the two AI vendors used to generate readings. When Anthropic is used, your inputs are sent to Anthropic's servers (United States) for inference and are not used by Anthropic to train models, per Anthropic's commercial terms. When self-hosted Qwen is used, your inputs stay inside our infrastructure and are not sent to a third-party AI vendor.

Email: a third-party transactional email service (currently Gmail SMTP / Google Workspace) is used to deliver password resets, receipts, and onboarding messages.

Marketing measurement: when enabled for campaigns, Meta Pixel, Google Ads, Google Tag Manager, or Microsoft Clarity may receive pageview, registration, lead, checkout, and heatmap events. Sensitive surfaces (questions, birth data, reading bodies) are masked from session-replay tooling — see §2 for the masking detail.

Cloud infrastructure: Oracle is delivered from cloud infrastructure located in Taiwan (Taiwan Computing Cloud), chosen for cost and proximity to our self-hosted AI inference. This is hosting/infrastructure only — your billing relationship is with the New Zealand operating entity above, and the choice of cloud region does not change the legal entity you transact with or the consumer rights described in §6 below.

We do not sell your personal data.

Account: until 30 days after deletion (except records we must keep for tax / accounting law).

Reading inputs / reports: kept in your history until you delete; you can delete individual readings from the wallet page.

Oracle Memory: kept until you delete the note or delete your account.

Payment records: kept for at least 7 years to meet New Zealand Inland Revenue and Companies Act record-keeping requirements that apply to the operating entity above.

Server logs: 90 days.

Australian users: under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you may request access to and correction of personal information we hold about you. You may also complain to the Office of the Australian Information Commissioner (OAIC, oaic.gov.au) if you believe your rights have been breached.

New Zealand users: under the New Zealand Privacy Act 2020, you may request access to and correction of personal information we hold about you, and you may complain to the Office of the Privacy Commissioner (privacy.org.nz) if you believe your rights have been breached.

EEA / UK users: GDPR / UK GDPR rights apply where relevant, including access, rectification, erasure, restriction, portability, and the right to lodge a complaint with your supervisory authority.

To make a request, email [email protected]. We respond within a reasonable period — typically 30 days — subject to records we must keep for tax, dispute handling, fraud prevention, security, and legal compliance.

Service is for users 18+. If you are under 18, do not register or use the service. We terminate underage accounts and delete data on discovery.

TLS in transit; bcrypt for passwords; card data is handled directly by Stripe (PCI-DSS Level 1 certified) and never reaches our servers; cloud infrastructure (see §4) is configured with access control and least-privilege. No internet transmission is 100% secure.

Essential: login session, CSRF token, locale. Cannot be disabled.

Analytics and ad measurement: see §2 (Cookies and similar technologies) and §4 (Marketing measurement) — same vendors and same masking rules apply, listed there in detail rather than duplicated here.

Policy version: 2026-05-12. Material changes will be announced on the site or by email. Continued use constitutes acceptance.