How we collect, use, store, and protect your personal data.
Last updated: January 2025
Your privacy matters to us. This policy explains what personal data we collect, why we collect it, and how we keep it safe. We will never sell your personal data to third parties.
1. Who We Are
The Palm Reading ("we", "us", "our") is the data fiduciary responsible for the personal data processed through our website and AI palmistry service. This policy applies to all visitors and registered users of the Service.
This policy is drafted in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable global privacy standards.
2. Data We Collect
We collect only the data necessary to deliver and improve the Service. The categories of personal data we collect are:
Category
Examples
How Collected
Identity
Name, email address
Registration form, contact form
Palm Images
Photograph(s) of your palm
Uploaded by you
Payment
Transaction ID, amount, currency
Razorpay payment gateway
Usage Data
Pages visited, device type, browser, IP address
Cookies and analytics tools
Communication
Messages, support enquiries
Contact form, email
We do not knowingly collect special-category personal data such as biometric identifiers, health data, financial account numbers, or government-issued IDs.
3. How We Use Your Data
We use the personal data we collect for the following purposes:
To deliver the Service — generate palm readings, store your reading history (if you have an account), and personalise your experience
To process payments — verify, complete, and reconcile transactions
To communicate with you — send transactional emails, respond to support enquiries, notify you of important updates
To improve the Service — analyse aggregate usage patterns, debug issues, develop new features
To comply with legal obligations — tax, accounting, fraud prevention, response to lawful requests
We process your data on the legal bases of consent (when you create an account or upload an image), contract (to deliver a paid reading), and legitimate interest (for security, fraud prevention, and aggregate analytics).
4. Palm Images & AI Processing
Palm images are the most sensitive piece of data we handle. Here is exactly what happens:
When you upload a palm image, it is transmitted over an encrypted (HTTPS) connection.
The image is sent to Anthropic's Claude Vision API for the sole purpose of generating your reading. Anthropic processes the image as a sub-processor under their data-handling terms.
According to Anthropic's policies, images submitted to the Claude API are not used to train their models.
We retain your palm image only for as long as necessary to deliver and let you re-view your reading. See Section 8 — Data Retention.
Palm images are never sold, shared with advertisers, or used for any purpose other than producing your reading.
All payments are processed by Razorpay, a PCI DSS Level 1 certified payment gateway. We do not see, store, or have access to your full card number, CVV, or banking credentials.
We retain only the transaction ID, amount, currency, status, and timestamp — the minimum necessary to reconcile your purchase, deliver your reading, and meet our tax-record obligations.
For details on how Razorpay handles your payment data, please review the Razorpay Privacy Policy.
6. Cookies & Tracking
We use cookies and similar technologies to keep the Service running smoothly and to understand how visitors use it. The cookies we set fall into two categories:
Essential cookies — required for the site to function (session, authentication, security). These cannot be disabled.
Analytics cookies — set by tools such as Google Analytics to help us understand aggregate usage patterns. These are anonymised where possible.
We do not use cookies for cross-site advertising or behavioural tracking. You can disable cookies in your browser settings, although doing so may break parts of the Service.
7. Data Sharing
We do not sell or rent your personal data. We share data only with trusted service providers who help us run the Service, and only to the extent necessary:
Each of these processors is contractually bound to use your data only for the purpose for which it was shared, and to apply appropriate security safeguards.
We may disclose data when required by law, court order, or to protect the rights, property, or safety of The Palm Reading, our users, or the public.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected. Specifically:
Account data — kept for the lifetime of your account, then deleted within 2 years of account closure
Palm images — automatically deleted within 30 days of upload, unless you have an account and have explicitly chosen to save the reading
Payment records — retained for 7 years to meet tax and accounting obligations
Support messages — retained for 1 year after the issue is resolved
You may request earlier deletion of any data category by writing to us — see Your Rights.
9. Security
We take the security of your data seriously and apply industry-standard safeguards:
Encryption in transit — all traffic to and from the Service is encrypted via HTTPS / TLS
Encryption at rest — sensitive data stored in our database is encrypted at the storage layer
Secret management — API keys and credentials are kept in environment variables, never committed to source code
Row-Level Security (RLS) — Supabase RLS policies ensure each user can only access their own records
Access controls — only authorised personnel may access production systems, with logged audit trails
Regular updates — dependencies and infrastructure are patched against known vulnerabilities
No system is perfectly secure, but we work continuously to minimise risk. If we ever experience a data breach that affects you, we will notify you in accordance with applicable law.
10. Your Rights
Under the DPDP Act, 2023 and other applicable laws, you have the following rights regarding your personal data:
Right to access — request a copy of the personal data we hold about you
Right to correction — ask us to correct inaccurate or incomplete data
Right to erasure — ask us to delete your personal data, subject to lawful retention obligations
Right to withdraw consent — withdraw consent at any time, where processing is based on consent
Right to grievance redressal — raise concerns directly with our grievance contact
Right to nominate — nominate another individual to exercise your rights in case of death or incapacity
To exercise any of these rights, email us at info@thepalmreadingwebsite.com with the subject "Privacy Request — [Your Right]". We will respond within the time limits set by applicable law.
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India.
11. Children's Privacy
The Service is intended for users 18 years of age and older. We do not knowingly collect personal data from anyone under 18.
If you believe a child has provided us with personal data, please contact us immediately at info@thepalmreadingwebsite.com and we will take steps to delete the information and close the associated account.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:
We will update the "Last updated" date at the top of this page
For significant changes, we will notify registered users by email or with a prominent in-product notice
We encourage you to review this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy, or wish to exercise any of your rights, please reach out: