1. Introduction
Welcome to Destara ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how Destara AI ("Destara," "the App," or "the Service") collects, uses, stores, shares, and protects your personal data when you use our mobile-first progressive web application, available at destaraai.lovable.app, and any related services, features, or content we offer.
By creating an account or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.
This policy applies to all users of Destara globally. Where additional rights or obligations apply based on your country or region of residence, we have noted these throughout this document.
2. Who We Are
Destara AI is the data controller responsible for your personal information collected through the Service. For all privacy-related enquiries, please contact us at the details provided in Section 14.
3. Information We Collect
We collect information in the following ways:
3.1 Information You Provide Directly
| Data Type | Examples | Purpose |
|---|---|---|
| Account credentials | Email address, password (hashed), phone number | Authentication and account security |
| Birth data | Date of birth, time of birth, sex assigned at birth, country and city of birth | Computing your Chinese zodiac, element, KUA number, and Yin/Yang polarity |
| Profile information | Display name, profile photo, personal aspirations | Personalising your experience and forecasts |
| User-generated content | Messages sent to the Destiny Mentor AI, wishing paper content, calendar notes, compass room photos | Delivering the Service features |
| Support communications | Messages submitted via the Help Centre or contact form | Resolving your support requests |
| Survey responses | In-app feedback surveys | Improving the Service |
| Payment information | Billing details for Premium, Ultimate, or other paid tiers | Processing subscriptions (handled via third-party payment processors) |
3.2 Information We Collect Automatically
When you use the Service, we automatically collect:
- Device information — device type, operating system, browser type and version, screen resolution
- Usage data — pages and features visited, time spent, tap interactions, session duration, pull-to-refresh events
- Activity signals — heartbeat signals sent at regular intervals to support analytics (via our internal ActivityTracker system)
- Log data — IP address, timestamps, error logs, crash reports
- Push notification tokens — if you grant notification permissions
- Compass and location data — directional heading data captured when you use the Feng Shui Compass feature; precise GPS location is not collected unless explicitly granted
3.3 Information from Third Parties
| Source | Data Received | Purpose |
|---|---|---|
| Supabase Auth | Authentication tokens, session data | Secure sign-in and session management |
| Firebase | Phone number, OTP verification status | Phone-based login |
| Google Gemini (via Lovable AI Gateway) | AI-generated response content | Powering the Destiny Mentor, compatibility narratives, and AI support assistant |
| reCAPTCHA (Google) | Risk score, interaction signals | Bot prevention on forms and sign-up flows |
4. How We Use Your Information
We use the information we collect for the following purposes:
4.1 Providing and Personalising the Service
- Calculating your Chinese zodiac animal, ruling element, Yin/Yang polarity, and KUA number
- Generating personalised daily, weekly, monthly, and yearly AI-powered forecasts
- Delivering directional Feng Shui guidance based on your KUA number
- Personalising the Destiny Mentor AI chatbot responses
- Populating the Chinese Almanac with sign-specific auspicious dates
- Remembering your preferences, language selection, and aspirations
4.2 Account and Security Management
- Creating and maintaining your user account
- Authenticating your identity via email/password or phone OTP
- Enforcing subscription tier access levels (Free, Trial, Premium, Ultimate, Admin, Master)
- Detecting and preventing fraudulent activity, abuse, or unauthorised access
4.3 Communications
- Sending transactional emails (email verification, password reset, billing receipts)
- Delivering push notifications for daily forecasts (only if you have opted in)
- Sending our newsletter or promotional content (only with your explicit consent)
4.4 Analytics and Product Improvement
- Analysing feature usage, session patterns, and user flows to improve the product
- Reviewing support ticket trends to address common issues
- Conducting internal surveys and satisfaction analysis
4.5 Legal and Compliance
- Complying with applicable laws, regulations, and legal processes
- Enforcing our Terms of Service
- Responding to lawful requests from public authorities
5. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service and core features | Performance of a contract (Article 6(1)(b)) |
| Birth data for zodiac calculations | Performance of a contract (Article 6(1)(b)) |
| Account security and fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Analytics and product improvement | Legitimate interests (Article 6(1)(f)) |
| Marketing and newsletter communications | Consent (Article 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Article 6(1)(c)) |
| Processing sensitive categories of data | Explicit consent (Article 9(2)(a)) |
You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
6. Sharing Your Information
We do not sell your personal data. We may share your information only in the following circumstances:
6.1 Service Providers (Data Processors)
We share data with trusted third-party providers who process it on our behalf, under strict contractual data processing agreements:
| Provider | Service | Data Shared |
|---|---|---|
| Supabase | Database, authentication, edge functions | All user and profile data |
| Google (Gemini / Firebase / reCAPTCHA) | AI engine, phone OTP, bot prevention | Conversation inputs, phone number, interaction signals |
| Payment processor | Subscription billing | Billing details (not stored by us) |
| Email delivery provider | Transactional and marketing email | Email address, name |
| Push notification provider | Web and mobile push | Device token |
6.2 Legal Requirements
We may disclose your data if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Destara, our users, or the public.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent in-app notice before your data becomes subject to a different privacy policy.
6.4 With Your Consent
We may share data with third parties in any other case where you have given us explicit consent to do so.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods:
| Data Category | Retention Period |
|---|---|
| Account and profile data | Duration of account + 30 days after deletion request |
| Destiny Mentor chat messages | Duration of account; deletable by user at any time |
| Support tickets and communications | 3 years from ticket closure |
| Activity and analytics logs | 13 months on a rolling basis |
| Billing records | 7 years (legal and tax compliance) |
| Compass photos | Until deleted by the user |
| Wishing paper content | Not stored after the animation completes |
When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.
8. Data Security
We take the security of your personal data seriously and implement the following technical and organisational measures:
- Row-Level Security (RLS) on all Supabase database tables, ensuring each user can only access their own data
- Hashed passwords — passwords are never stored in plain text
- JWT verification on all Edge Functions processing sensitive requests
- Email verification required before account activation
- Profanity filtering on user-generated content
- TLS/HTTPS encryption for all data in transit
- reCAPTCHA integration to prevent automated abuse
Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data and encourage you to use a strong, unique password and to keep your login credentials confidential.
9. Cookies and Tracking Technologies
Destara uses the following technologies:
| Technology | Purpose | Can be Opted Out |
|---|---|---|
| Authentication cookies | Maintaining your logged-in session ("Remember Me") | No — essential |
| Service Worker cache | Offline access to critical assets (PWA functionality) | No — essential |
| Local storage | Storing UI preferences and language settings | No — essential |
| reCAPTCHA | Bot and fraud prevention | No — essential |
| Analytics | Usage tracking for product improvement | Yes — contact us |
We do not use advertising cookies or share tracking data with advertising networks.
10. Children's Privacy
The Service is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, please contact us immediately at the details in Section 14 and we will take steps to delete it promptly.
11. International Data Transfers
Destara operates globally. Your personal data may be transferred to, stored in, and processed in countries other than your own — including countries that may not provide the same level of data protection as your jurisdiction.
Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the relevant authorities, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
12. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your personal data ("right to be forgotten") |
| Restriction | Request that we restrict processing of your data |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw consent | Withdraw consent at any time where processing is consent-based |
| Lodge a complaint | File a complaint with your local data protection authority |
To exercise any of these rights, please contact us at privacy@destara.ai. We will respond within 30 days. We may need to verify your identity before processing your request.
California residents (CCPA/CPRA): You have the right to know what personal information is collected, the right to delete, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.
Philippines residents (Republic Act 10173 — Data Privacy Act of 2012): You have the right to be informed, the right to access, the right to object, the right to erasure or blocking, the right to damages, and the right to data portability. You may also file a complaint with the National Privacy Commission.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document
- Display a prominent notice within the App
- Send an email notification to your registered email address (for significant changes)
Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Destara AI — Privacy Team
Email: privacy@destara.ai
Website: destaraai.lovable.app
We aim to respond to all privacy enquiries within 5 business days.