Privacy
Privacy Policy
We keep data collection lightweight, avoid storing payment card details, and respect your privacy rights worldwide.
Get Your Free ReadingLast updated: May 19, 2026
1. Who We Are
Fate Compass ("we", "us", "our") operates the website fatecompass.org, a Chinese astrology reading platform. For privacy inquiries, contact us at [email protected].
2. Information We Collect and Process
We collect and process the following categories of personal data:
| Data Category | Examples | Purpose |
|---|---|---|
| Birth information | Birth date, birth time, gender, timezone or birth-place | Generate personalized astrology charts and AI readings |
| Generated content | Chart data, AI-generated reading text, scorecards | Deliver the reading you requested |
| Technical identifiers | Anonymous reading hash (SHA-256), session ID, device ID (UUID) | Link reading results to URLs, prevent duplicate generation |
| Consent records | Cookie consent level and timestamp | Comply with privacy regulations |
| Usage analytics | Page views, reading events, payment clicks, errors, referrer | Improve reliability and user experience |
| Connection data | IP address, user agent, approximate geolocation (country-level) | Security, fraud prevention, page view logging |
| Payment metadata | Payment status, transaction reference | Process unlocks, fraud prevention, accounting |
We do not collect full payment card numbers, bank credentials, or login details. These are handled directly by our payment provider (Creem).
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): Processing birth information to generate and deliver the astrology reading you requested.
- Legitimate interests (Art. 6(1)(f) GDPR): Logging page views and technical data for security, fraud prevention, and service reliability improvement.
- Consent (Art. 6(1)(a) GDPR): Setting non-essential cookies (analytics, device identification) and processing analytics events beyond strictly necessary ones.
- Legal obligation (Art. 6(1)(c) GDPR): Retaining payment records and logs as required by applicable tax and accounting laws.
4. Third-Party Processors
We share limited personal data with the following categories of processors:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| DeepSeek (High-Flier / 深度求索) | AI reading generation | Birth date, time, gender, chart data (sent via API for interpretation) | China / Global |
| Creem (Armitage Labs Inc.) | Payment processing (Merchant of Record) | Payment card data is sent directly to Creem; we receive only payment status and metadata | United States |
| Cloudflare, Inc. | CDN, security, reverse proxy | IP address, HTTP headers (processed transiently) | United States |
| Database hosting provider | PostgreSQL data storage | All data stored in our database | Per hosting configuration |
We have entered or will enter into data processing agreements (DPAs) with each processor that handles personal data on our behalf, in compliance with GDPR Article 28.
Important notice regarding DeepSeek: Your birth information and chart data are sent to DeepSeek's API servers to generate the AI reading text. DeepSeek may process this data in China. If you are uncomfortable with this, you may use the free BaZi Calculator (which processes data entirely in your browser) instead of requesting an AI-powered reading.
5. International Data Transfers
Fate Compass may be accessed globally. Your data may be transferred to and processed in countries other than your own, including:
- China — AI reading generation via DeepSeek API
- United States — Payment processing (Creem), CDN (Cloudflare)
- European Union / Your local region — Database storage and web application hosting
For EEA users: Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework (where applicable), or your explicit consent.
6. Cookies and Browser Storage
6.1 Cookies We Set
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| fc_session | Session tracking for page view logging and service continuity | 30 days | Strictly Necessary |
| fc_consent | Stores your cookie consent preference | 365 days | Strictly Necessary |
| fc_device_id | Anonymous device identifier (UUID) for analytics deduplication | 365 days | Analytics (opt-in) |
6.2 Browser Storage
| Key | Purpose | Type |
|---|---|---|
| fc_reading_{hash} | Cache reading data to avoid re-generation | Functional |
| fc_unlock_{hash} | Remember which readings are unlocked | Functional |
| fc_daily_hexagram | Cache today's I Ching hexagram | Functional |
| fc_daily_zodiac_animal | Remember preferred zodiac animal | Preference |
6.3 Your Cookie Choices
When you first visit our site, you will see a cookie consent banner with the following options:
- Accept All: Enables analytics cookies and tracking.
- Necessary Only: Only strictly necessary cookies are set. Analytics events are limited to essential ones.
- Decline: Only strictly necessary cookies are set.
- Customize: You can toggle analytics on or off individually.
You can change your cookie preferences at any time by clicking "Cookie Preferences" in the website footer.
You can also clear cookies and browser storage through your browser settings at any time.
7. Analytics
We use a self-built, lightweight analytics system (no third-party analytics providers such as Google Analytics). We collect:
- Always (strictly necessary): Page views, consent events, payment events, reading generation failures.
- Only with your consent: Additional events including detailed reading interactions, navigation patterns, referrer data, and device information.
Analytics events are buffered client-side and sent in batches. Server-side analytics are stored in-memory (not persisted to database) and are lost on server restart.
8. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Reading data (charts, AI content) | Indefinite (cached by anonymous hash) | Allow users to re-access results via URL; avoid duplicate AI generation costs |
| Unlock / payment records | 7 years | Accounting, tax compliance, chargeback handling |
| Request logs (IP, user agent) | 90 days | Security monitoring, debugging |
| Analytics events (server-side) | Until server restart (in-memory only) | Temporary analysis |
| Cookie consent record | 365 days (cookie expiry) | Regulatory compliance |
| Session cookie | 30 days | Session continuity |
9. Your Rights
9.1 Rights Under GDPR (EEA / UK / Switzerland Users)
You have the following rights:
- Right of access (Art. 15): Request a copy of your personal data we hold.
- Right to rectification (Art. 16): Request correction of inaccurate data.
- Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your personal data.
- Right to restriction (Art. 18): Request that we restrict processing of your data.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)): Withdraw consent at any time via Cookie Preferences in the footer or by emailing us.
- Right to lodge a complaint: You may complain to your local data protection authority. For the EU, see edpb.europa.eu.
9.2 Rights Under CCPA / CPRA (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: Request disclosure of what personal data we collect, use, and disclose.
- Right to delete: Request deletion of your personal data.
- Right to correct: Request correction of inaccurate personal data.
- Right to opt-out of sale/sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising. No "Do Not Sell or Share My Personal Information" action is needed.
- Right to limit use of sensitive data: We limit the use of sensitive personal data as required by CPRA.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, email [email protected]. We will respond within 45 days (or 90 days for complex requests) as required by law.
Global Privacy Control (GPC): We honor the GPC browser signal. If your browser sends a GPC signal, we will treat it as an opt-out request for any data processing that would constitute a "sale" or "share" under CCPA/CPRA.
9.3 Rights Under Singapore PDPA
For users in Singapore, the Personal Data Protection Act (PDPA) grants you:
- Right to access your personal data held by us.
- Right to correct inaccurate data.
- Right to withdraw consent for data processing.
Our Data Protection Officer can be reached at [email protected].
Do Not Call (DNC) Registry: Fate Compass does not make telemarketing calls or send marketing SMS/fax. We may send service-related emails (e.g., reading delivery, refund confirmation) only when you provide your email address.
9.4 Rights Under Other Jurisdictions
If you are located in a jurisdiction with its own data protection law (e.g., Thailand PDPA, Philippines DPA, Malaysia PDPA, Vietnam's PDPD, Indonesia's PDP Law), you may have similar rights. Contact us at [email protected] to exercise your rights.
10. Data Deletion Requests
To request deletion of your data, email [email protected] with:
- The reading URL or hash (from your browser address bar), if available.
- Your approximate date of visit.
- A description of the data you want deleted.
We will process deletion requests within 30 days. Note: we cannot delete data we do not possess, such as payment records held solely by Creem.
11. Children's Privacy
Fate Compass is not directed at children under 13. We do not knowingly collect personal data from children under 13. Our website includes an age verification gate that requires users to confirm they are at least 13 years old before using the service.
If we learn that we have collected personal data from a child under 13, we will delete that data promptly. Contact us at [email protected].
12. AI-Generated Content Disclosure
Some reading content is generated by artificial intelligence (DeepSeek). Your birth information is processed by this AI to produce the reading text. AI-generated content may contain inaccuracies and should not be treated as factual advice. For more details, see our Terms of Service.
13. Data Protection Officer
Our Data Protection Officer can be contacted at [email protected] for all privacy-related inquiries, including GDPR, CCPA, PDPA, and other data protection matters.
14. European Union Representative
Pursuant to GDPR Article 27, Fate Compass has designated an EU representative for data protection matters. For the contact details of our EU representative, please email [email protected].
15. Security Measures
We implement reasonable technical and organizational measures to protect your data, including:
- HTTPS encryption for all connections.
- HttpOnly and Secure flags on session cookies.
- Server-side-only API keys (never exposed to the browser).
- Parameterized SQL queries to prevent injection attacks.
- Anonymous hashing (SHA-256) for reading identifiers instead of storing names or emails.
16. Changes to This Policy
We may update this privacy policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through a notice on our website.
17. Contact
For all privacy inquiries, data access requests, deletion requests, and opt-out requests:
Email: [email protected]