Privacy Policy
Last updated: April 13, 2026
1. Introduction
Tao Compass ("we," "us," or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
This policy applies to all users of www.taocompass.com and is governed by the California Consumer Privacy Act (CCPA/CPRA) and the General Data Protection Regulation (GDPR).
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address
- Password (stored as irreversible hash; no one — including site administrators — can view or access)
- Account creation date
2.2 Payment Information
When you make a purchase or subscribe, we collect:
- Billing name
- Payment method details (handled exclusively by Stripe — we never see or store your full card number)
- Transaction history and subscription status
- Stripe Customer ID
2.3 Shipping Information
For physical product orders, we collect:
- Full name
- Delivery address
- Phone number (if provided)
2.4 Communications
When you contact us or submit feedback through the platform, we collect:
- Your message and its contents
- Your email address
- Timestamp of submission
2.5 Technical Information
We automatically collect limited technical data when you use our platform:
- IP address
- Browser type and version
- Device type
- Pages visited and time spent
This data is collected through Vercel (our hosting provider) and Cloudflare (our security and content delivery provider) for security and performance purposes.
3. Ask Laozi — Conversation Data
Your conversations with Ask Laozi are not stored on our servers. Conversation history exists only in your browser session and is cleared when you close or refresh the page.
Conversations are processed in real time by AI to generate responses. We strongly advise you not to share sensitive personal information such as financial details, identification numbers, or medical information in your conversations with Ask Laozi.
4. The Oracle — Reading Data
Oracle readings are stored in our database (Supabase) and associated with your account so you can access your reading history. The reading content is generated by AI.
When you cast coins and receive a reading, the following data is processed:
- Your question/inquiry
- Hexagram lines (coin toss results)
- The generated reading content
We strongly advise you not to share sensitive personal information such as financial details, identification numbers, or medical information in your Oracle inquiries.
5. How We Use Your Data
We use your data to:
- Create and manage your account
- Process payments and manage your subscription
- Fulfill and ship physical product orders
- Send transactional emails (receipts, password resets, membership confirmations)
- Send our newsletter (only if you opt in at signup)
- Respond to your feedback and support requests
- Maintain the security and performance of our platform
- Comply with legal obligations
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
6. Weekly Tao Newsletter
You may opt in to receive our free Weekly Tao newsletter. The newsletter contains platform updates, new content announcements, and Taoist wisdom.
- You can unsubscribe at any time via the link in any newsletter email
- We use Resend to deliver emails — your email address is shared with Resend solely for delivery purposes
- We do not send promotional emails on behalf of third parties
7. Third Party Services
We use the following third party services to operate our platform. Each has their own privacy policy:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Anthropic | AI powering Ask Laozi and The Oracle | anthropic.com/legal/privacy |
| DeepSeek | AI powering Ask Laozi and The Oracle | cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html |
| OpenAI | AI powering Ask Laozi and The Oracle | openai.com/policies/privacy-policy |
| Google Gemini | AI powering Ask Laozi and The Oracle | policies.google.com/privacy |
| Vercel | Website hosting | vercel.com/legal/privacy-policy |
| Cloudflare | Security and performance | cloudflare.com/privacypolicy |
| Resend | Email delivery | resend.com/legal/privacy-policy |
8. Data Retention
We retain your data for as long as your account is active or as necessary to provide our services.
Specifically:
- Account data — retained until you delete your account
- Payment and transaction records — retained for 7 years for financial and legal compliance
- Shipping information — retained for 1 year after order fulfillment
- Feedback and support messages — retained for 2 years
- Conversation data — not retained (see Section 3)
- Oracle reading data — retained until you delete your account (see Section 4)
- Newsletter subscription — retained until you unsubscribe
Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
9. Cookies
We use essential cookies only — cookies that are strictly necessary for the platform to function, such as maintaining your login session. We do not use tracking, advertising, or analytics cookies. We do not display a cookie consent banner as we only use cookies that are strictly necessary for the platform to function.
You can disable cookies in your browser settings, but doing so may affect your ability to use certain features of the platform.
10. Data Security
We take reasonable measures to protect your personal data, including:
- Encrypted data storage via Supabase
- HTTPS encryption for all data transmission
- Secure payment processing via Stripe (PCI DSS compliant)
- Access controls limiting who can access your data
11. Your Rights
Depending on where you are located, you may have certain rights regarding your personal data:
For California residents (CCPA/CPRA):
- Right to Know — request information about the personal data we collect, use, and share
- Right to Delete — request deletion of your personal data
- Right to Correct — request correction of inaccurate personal data
- Right to Opt-Out — we do not sell your personal data, so this right does not apply
- Right to Non-Discrimination — we will not discriminate against you for exercising your rights
For EU/EEA residents (GDPR):
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data
- Data Portability — request your data in a machine-readable format
- Objection — object to certain uses of your personal data
- Withdraw Consent — withdraw consent at any time without affecting prior processing
For all users:
You may request access to, correction of, or deletion of your personal data at any time.
To exercise any of these rights, contact us at support@taocompass.com. We will respond within 45 days.
12. Children's Privacy
Tao Compass is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. International Data Transfers
Our platform is hosted and operated primarily in the United States. By using Tao Compass, you consent to your data being processed in the United States. We use Cloudflare for security and performance — as a global CDN, your requests may be routed through servers in your region. All transfers are subject to appropriate security measures.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.
15. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:
support@taocompass.com
www.taocompass.com