FateNow is intended for entertainment and self-reflection only. Readings are not professional medical, financial, or legal advice.

FateNow Privacy Policy

Effective date: April 24, 2026
Last updated: April 24, 2026

This Privacy Policy describes how FateNow ("FateNow," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use the FateNow iOS application, the fatenow.app website, and any related services (collectively, the "Service").

FateNow is offered for entertainment, cultural education, and self‑reflection only. Readings generated by the Service are not medical, psychological, financial, or legal advice. Please see our Terms of Service and Disclaimer.

If you do not agree with this Policy, do not install, access, or use the Service.

1. Quick summary

We are built privacy‑first. Your name, birthdate, birth time, and birth location are processed on your device. We do not upload them to our servers unless you voluntarily sign in to sync across devices.
We do not sell your personal information. We do not run third‑party advertising. We do not use you for cross‑app tracking.
We do not knowingly collect personal information from children under 13.
You can export or delete your data at any time from Settings.
Questions or requests: privacy@fatenow.app.

2. Who we are (the "controller")

FateNow is operated by Xirang Corp, the developer listed on the App Store as the seller of the FateNow application. The best way to reach us is by email at privacy@fatenow.app; the correspondence address is published on the fatenow.app footer.

For EU/UK/EEA users, Xirang Corp acts as the data controller under the General Data Protection Regulation (GDPR) and the UK GDPR.

For California residents, Xirang Corp is the business under the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA").

3. Personal information we collect

We only collect what we need to make fortune‑telling features work.

3.1 Information you provide directly

Category	Example	Where stored	Why we need it
Profile information	Display name, birthdate, birth time, birth location (city / lat–long), gender (optional)	On your device (iOS SwiftData / browser IndexedDB). Synced to our encrypted cloud only if you sign in.	Compute the astrology chart, Bazi pillars, and Zodiac reading. Required for the app to work.
Wish‑lamp text	Free‑form messages you type into the Wish Lamp ceremony	On your device; synced only if you sign in.	Render the ceremony back to you; present your history.
Support correspondence	Your email address and any content you send us	Our email inbox	Answer your question.

3.2 Information collected automatically

Category	Example	Source	Why we need it
Apple ID email	Your Apple email (or Apple's private‑relay alias)	Sign in with Apple, only if you choose to sign in	Create your account; sync readings across devices.
Purchase records	Transaction IDs and product identifiers for in‑app purchases	Apple StoreKit	Unlock premium features you paid for; restore purchases. We do not see your payment card.
Push notification token	An opaque device identifier issued by Apple	Apple Push Notification Service, only if you allow notifications	Send daily fortune or ceremony reminders you opted in to.
Device & diagnostic info	Crash logs, app version, iOS version, device model	Apple (only if you opt in to sharing with developers in iOS Settings)	Diagnose bugs.
Basic server logs	IP address, request timestamps, request path	Cloudflare when you use sign‑in / sync endpoints	Network operation and abuse prevention. Retained for up to 30 days.

3.3 Information we do not collect

Precise GPS location.
Contacts, calendar, photos, microphone, camera, health data.
Fingerprints, face scans, or other biometrics beyond what Apple uses internally for Sign in with Apple or device unlock.
Advertising identifiers (IDFA). We do not request App Tracking Transparency authorization.
Data about you from third‑party data brokers.

4. How we use personal information

We use personal information only for the purposes for which it was collected, and for compatible operational purposes:

Provide the Service — compute your chart, display readings, remember your profiles, run your ceremonies.
Personalize your experience — greet you by name, apply your language preference, highlight the fortune‑reading modules you use most.
Process purchases — verify receipts via Apple; grant or restore entitlements; keep a record of what you bought.
Communicate with you — send transactional messages (e.g., purchase confirmations), daily or ceremony reminders you opted in to, and responses to support requests.
Improve the Service — fix bugs and crashes, detect abuse, measure aggregated performance. We do not build behavioral profiles for advertising.
Protect the Service and comply with law — investigate fraud, prevent abuse, enforce our Terms, respond to lawful requests, and defend legal claims.
Future personalized product recommendations — if, in the future, we offer physical merchandise (such as crystals, talismans, or ceremonial items), we may use profile information you have already provided to recommend items that match your chart. We will not share your data with merchandise vendors or fulfilment partners unless you place an order, and we will update this Policy and (where required) ask for your consent before any new use.

5. How we share personal information

We do not sell personal information. We do not share personal information with third parties for their own marketing.

We share personal information only as follows:

Apple, Inc. — operator of the App Store, StoreKit, Sign in with Apple, and Apple Push Notification Service. Apple's handling is governed by Apple's own privacy policy.
Cloudflare, Inc. — our cloud infrastructure provider. Cloudflare hosts our Workers + D1 database in the United States and acts as our processor under a signed Data Processing Addendum.
Professional advisers — lawyers, accountants, and auditors bound by duties of confidentiality, when reasonably necessary.
Business transfers — if we merge, are acquired, or sell assets, your information may be transferred; we will notify you in‑app and by email (if we have it) before a change in controller.
Legal obligations — when we are required to comply with a lawful subpoena, court order, or similar legal process, or when we believe in good faith that disclosure is necessary to protect rights, property, or safety.
With your consent — for any other purpose disclosed to you at the time we collect the information.

Future physical products. If you buy a physical product from us (e.g., a crystal, incense kit, or charm), we will share only what is necessary to fulfil the order (your name and shipping address) with our shipping/fulfilment partner. We will disclose the partner and the information shared on the checkout screen at the time of purchase.

We have not disclosed, sold, rented, released, transferred, made available, or otherwise communicated orally, in writing, or by electronic means, any personal information to any third party for cross‑context behavioral advertising.

6. Where your data lives; international transfers

On‑device data never leaves your device.
Cloud‑synced data (only if you sign in) is stored on Cloudflare's D1 database at edge locations in the United States. By signing in, you acknowledge that your information may be transferred to, stored in, and processed in the United States, which may not provide the same data protection as your country of residence.
For EU/EEA/UK users, we rely on the Standard Contractual Clauses (SCCs) published by the European Commission (2021) and, where relevant, the UK International Data Transfer Addendum, as our transfer mechanism.

7. How long we keep your data

On‑device data remains on your device until you delete it (in the app or by uninstalling).
Cloud‑synced profiles and wishes are kept until you delete your account or 24 months after your last active use, whichever comes first.
Purchase records are kept for 7 years to meet tax and accounting obligations.
Server logs are kept for up to 30 days.
Support emails are kept for up to 3 years.

8. Your rights

You have the following rights, subject to applicable law:

Access — ask us what personal information we hold about you.
Correction — ask us to fix inaccurate information.
Deletion — ask us to delete your personal information.
Portability — get a copy of your information in a machine‑readable format (JSON).
Withdraw consent / object — where we rely on consent or legitimate interest.
Non‑discrimination — we will not deny you service or charge a different price because you exercised a privacy right.
Complaint — lodge a complaint with your local data‑protection authority (e.g., your EU country's DPA, the UK ICO, or the California Privacy Protection Agency).

8.1 California residents (CCPA/CPRA)

You have the right to:

Know the categories and specific pieces of personal information collected, the sources, the purposes, and the categories of third parties with whom the information is shared.
Request deletion of personal information.
Request correction of inaccurate personal information.
Opt out of sale or sharing — we do not sell or share personal information within the meaning of CCPA/CPRA.
Limit use of Sensitive Personal Information — we use sensitive information (birthdate, birth time, precise birth location) only to provide the Service you asked for. We do not use it to infer characteristics for advertising.
Be free from retaliation for exercising these rights.

You may exercise rights by emailing privacy@fatenow.app or from the in‑app Settings → Privacy screen. We may ask you to verify your identity (for example, by confirming the email address you signed in with). You may authorize an agent; we may require written authorization.

8.2 EU / EEA / UK residents (GDPR / UK GDPR)

Our legal bases for processing:

Contract (Art. 6(1)(b)) — to provide the Service you asked for.
Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, and communicate with you.
Consent (Art. 6(1)(a)) — for optional uses such as push notifications.
Legal obligation (Art. 6(1)(c)) — tax, accounting.

Special‑category data: dates of birth and birth locations can reveal "beliefs" (astrology) in certain interpretations. To the extent such information is considered sensitive, we process it on the basis of your explicit consent (Art. 9(2)(a)) and only to provide the Service.

You may contact us at privacy@fatenow.app to exercise any right.

8.3 How to exercise your rights

Settings → Privacy → Export all my data (JSON download).
Settings → Privacy → Delete my account (server‑side deletion).
Email privacy@fatenow.app with the subject "Privacy request."

We will respond within 30 days, extendable by another 30 days where permitted by law.

9. Children's privacy (13+)

FateNow is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child has provided us with personal information, please contact privacy@fatenow.app and we will promptly delete it. See the full statement in CHILDREN_PRIVACY.md.

10. Cookies, analytics, and tracking

The iOS app does not use cookies, does not set third‑party trackers, and does not use advertising SDKs.
The fatenow.app website uses only first‑party, strictly necessary cookies for language preference and session. We do not use Google Analytics, Meta Pixel, or any third‑party advertising tag.
We do not respond to "Do Not Track" (DNT) signals because there is no tracking to disable. We honor the Global Privacy Control (GPC) as an opt‑out of "sale" or "sharing" signal, even though we do not sell or share.

11. Security

We use industry‑standard technical and organizational measures, including TLS in transit, AES‑256 at rest (where supported by Cloudflare D1), least‑privilege access to our production systems, and short‑lived server‑issued JWTs that verify Apple's JWKS. No system is perfect. You are responsible for keeping your device and Apple ID credentials secure.

If we discover a data breach that affects you, we will notify you and the appropriate regulators within the time required by applicable law.

12. Third‑party links

The Service may link to third‑party sites (Apple App Store, weather services used for ceremony timing, etc.). Those sites have their own privacy practices; we are not responsible for them.

13. Changes to this Policy

We may update this Policy. When we make a material change, we will:

Update the "Last updated" date at the top;
Post a notice in the app and at fatenow.app/privacy at least 30 days before the change takes effect (except for changes required by law, which may take effect sooner);
If the change materially expands how we use your data, ask you to opt in before that new use begins.

Historical versions are kept in the docs/legal/ archive at our repository for audit.

14. How to contact us

Email: privacy@fatenow.app
Mail: the legal notice address published on fatenow.app/contact (to be added before launch).
In‑app: Settings → Feedback.

For GDPR inquiries, you may also contact our EU representative (to be appointed before EU launch) and address the data protection authority in your country.

FateNow is operated from the United States. By using the Service, you agree to the collection, transfer, storage, and processing of your information as described in this Policy.