Privacy Policy for Vesikaa
1. Overview and Contact
Vesikaa ("Vesikaa," "we," "our," or "us") is a tarot reading, journaling, and small-group reflection application. Vesikaa is local-first: your readings, journals, and preferences live primarily on your device, and cloud services are used for the features you choose, such as account sign-in, backup, purchases, push notifications, and Soul House sharing.
This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have.
You can reach us at:
- Privacy questions: privacy@vesikaa.com
- General support: support@vesikaa.com
- In app: Settings > Help & Support > Send Feedback
If you do not agree with this Privacy Policy, please do not use Vesikaa.
2. Scope
This Privacy Policy applies to the Vesikaa mobile app, Vesikaa websites and legal pages, account-deletion and support workflows, and related cloud services we operate.
This policy does not cover the independent privacy practices of Apple, Google, RevenueCat, Sentry, Cloudflare, Firebase/Google Cloud, or other services that process data under their own privacy policies when you use their platforms.
3. Information We Collect
We collect information needed to provide the app, keep it reliable, deliver features you choose, and meet legal and platform obligations.
3.1 Account and Identity Data
Vesikaa requires an account for release builds. You can sign in with Sign in with Apple, Google Sign-In, or email and password. We collect:
- Firebase user ID, which is a stable account identifier we use to associate your readings, journals, purchases, entitlements, diagnostics, and support requests with you
- Email address, or Apple's private relay address if you choose that option
- Display name and public handle, if you set them
- Authentication provider metadata needed to keep you signed in and secure
3.2 Reading, Reflection, and Progress Data
When you use Vesikaa, we store app data locally and, for signed-in users, may back up compact records to owner-only cloud storage:
- Daily draws, yearly draws, and spread readings, including card identifiers, deck identifiers, positions, reversal state, timestamps, reveal state, and provenance needed to restore the same reading
- Daily and spread personal reflections and yearly intentions, when backed up, encrypted before upload
- Journal entries, when journal backup is enabled, encrypted before upload
- Card mastery, soul-points, streaks, progression snapshots, and similar product state
- Optional birthday or yearly-cycle anchor used to compute your yearly draw cycle
- Soul Sign archetype and personalization seed metadata used to keep personalized draws deterministic across your devices
3.3 Preferences and Settings
We store preferences such as active deck, deck mode, animation settings, notification settings, privacy choices, onboarding state, gyroscope setting, local reminder times, and cloud-backup state.
3.4 Device, Install, and Diagnostic Data
For app stability and support, we may collect:
- Device model, operating system, app version, build number, platform, locale, timezone, and SDK install identifiers
- Crash logs, stack traces, performance traces, app lifecycle breadcrumbs, and feature breadcrumbs
- Firebase Crashlytics and Sentry events associated with your stable Firebase user ID when you are signed in
- Error metadata needed to debug sync, backup, purchase, push, and Soul House issues
Diagnostics should not include journal body text, private reflection text, or private questions. If you send feedback, the message you write is included in the support event.
3.5 Usage Analytics
We use Firebase Analytics and internal event logging to understand feature usage and reliability. Events may include actions such as daily draw completed, deck switched, notification permission changed, purchase or restore started, backup state changed, feedback sent, or export/import started. Analytics events may include non-sensitive parameters such as deck IDs, card IDs, feature names, durations, and settings values, but should not include journal body text or private reflection text.
3.6 Purchase and Entitlement Data
If you view offerings, buy a deck, start or manage a subscription, restore purchases, or receive an entitlement, we process purchase-related data through Apple, Google Play, RevenueCat, Firebase, and our entitlement mirror. This can include Firebase UID/app user ID, offerings and packages shown, product IDs, entitlement IDs, purchase and restore events, store transaction IDs and original transaction IDs, subscription expiry, cancellation, billing issue, refund, transfer, and renewal status. We do not receive your full payment card number.
3.7 Notification and Push Messaging Data
If you allow notifications or use features that need push routing, Vesikaa may store Firebase Cloud Messaging/APNs tokens and token-refresh metadata, permission status, device platform, locale language, timezone, and install diagnostics. We may also record delivery receipts, display receipts, open receipts, message IDs, campaign or broadcast IDs, quiet-hours skips, frequency-cap ledger entries, and related counters.
3.8 Soul House and Shared Content
Soul House and shared readings are optional social features. If you create, join, or use them, we process members-only social content such as:
- House membership, invite-code metadata, host/admin state, display names, public handles, Soul Sign, snooze/resting state, and reveal schedule
- Shared daily cards, shared spreads, communal reading state, shared intentions, notes you choose to share, comments, chat messages, replies, reactions, mentions, and timestamps
- GIF attachment metadata, such as provider IDs, URLs, dimensions, and preview metadata, when GIFs are enabled
- Reports, report reasons, moderation snapshots, message or comment snapshots, and redacted or anonymized records needed for safety, abuse prevention, audit, and group integrity
Soul House content is not encrypted like private journal backups. It is stored as members-only plaintext social content so the people in the house can see it.
3.9 Feedback and Support Data
If you send feedback or report an issue, we collect the message you write, optional name and email for follow-up, app version, build number, device details, and a shortened account identifier used for support correlation. Feedback is sent to Sentry when enabled for the build.
3.10 Website Waitlist and Email Updates
If you join the waitlist on vesikaa.com, we collect the email address you submit, the website signup source, the date the contact was created, and subscription or unsubscribe status. We use this information to hold your place, send a one-time signup confirmation, and send the launch and product updates described beside the form.
Waitlist contacts are stored in a Vesikaa segment in Resend. Cloudflare Pages handles the website request, and Cloudflare Turnstile processes a short-lived verification token and standard request metadata to help prevent automated abuse. The website does not place the Resend API key in your browser, and Vesikaa does not store the Turnstile token as part of your waitlist contact.
4. Optional Permissions and Local-Only Processing
Some features ask for optional device permissions:
- Motion sensors: If you enable motion-based reveal gestures, Vesikaa reads accelerometer/gyroscope signals live to detect the gesture. Motion readings are processed on device and are not stored or sent to our servers.
- Microphone: The Yearly Vibe ritual can optionally use the microphone to estimate live blow strength when you blow out the candle. Audio is used only as a live signal for that interaction. Vesikaa does not record, save, transcribe, or share microphone audio for this feature.
- Bluetooth: In-person shared readings can use Bluetooth to discover nearby Vesikaa sessions and exchange local session metadata. On Android, Bluetooth scan permission is requested with a no-location-use posture (
neverForLocation). We do not use Bluetooth to infer, store, or sell your location.
Vesikaa does not use your camera, photos, contacts, precise location, Advertising Identifier (IDFA), or cross-app tracking identifiers for the release behavior described here. Vesikaa may copy invite codes or share links to your clipboard when you tap a copy action, but it does not read clipboard contents.
5. Journal Encryption and Cloud Backup Modes
Journals are local-first. They live on your device unless you enable encrypted cloud backup. Journal cloud backup is a paid/private-backup feature, and journal plaintext must be encrypted on your device before any backup write.
For cloud-backed journals, daily/spread private reflections, and yearly intentions:
- The readable text is encrypted before upload.
- Cloud documents store encrypted payloads and limited metadata needed for sync, restore, conflict handling, and deletion.
- Already-backed-up encrypted data may remain in cloud storage until you delete it, request deletion, or delete your account.
Vesikaa supports two journal backup modes:
- Account-recoverable mode. This mode is designed to help you restore journals after signing in on a new device. A journal key is protected through server-managed metadata and Google Cloud KMS wrapping. Recovery requires your authenticated account and security checks, but because our infrastructure can help recover the key for your account, this mode is not zero-knowledge.
- Advanced recovery-key-only mode. This mode is designed for users who want zero-knowledge recovery. You keep the recovery key. Vesikaa does not keep an account-recoverable copy of the journal key for this mode, so we cannot recover readable journal text if you lose both your device and recovery key.
Turning backup off stops new journal backup activity but does not automatically delete encrypted documents that were already backed up. You can request deletion or delete your account to remove cloud-backed data, subject to limited retention described below.
6. Soul House and Shared Content
Soul House is a members-only social space. Content you share there is meant for other members of that house. This includes shared draws, shared spreads, communal reading material, intentions, comments, chat messages, reactions, GIF metadata, reports, and report snapshots.
We use server-side rules and Cloud Functions to limit access to current members and authorized workflows. However, shared social content is not private journal content and is not zero-knowledge encrypted. Other members may see it while they have access, and they may remember, copy, or screenshot it.
When a message, comment, member, or account is deleted, Vesikaa may remove the visible content, replace author details with a deleted-account marker, keep redacted/anonymized counters, or retain limited group-integrity records so conversations, reports, safety actions, and house history do not break for remaining members.
7. Notifications and Push Messaging
Vesikaa supports local notifications and server-sent push notifications. Push notifications may include:
- Daily draw, journal, reflection, or reveal reminders you choose
- Soul House and shared-reading notifications, such as mentions, shared draws, chat activity, selection openings, and communal reveals
- Campaign or admin-authored notifications, such as deck launches, product updates, or account-relevant messages, when notifications are enabled for your device and the message is enabled for your account
To deliver and govern push notifications, we process FCM/APNs tokens, install and token diagnostics, platform, locale, timezone, permission status, delivery receipts, display/open receipts, campaign/broadcast IDs, message IDs, quiet-hours policy results, and frequency-cap ledger entries. Timezone, locale, and platform are used for local-time delivery, audience matching, quiet hours, and frequency caps.
You can control notifications through your device settings and current in-app reminder settings. We do not put journal body text, private reflection text, or private questions in push payloads.
8. Purchases and Subscriptions
Purchases and subscriptions are processed by Apple App Store, Google Play, and RevenueCat. Those providers process payment and store-account data under their own policies. Vesikaa receives purchase status and entitlement information needed to unlock content and restore access.
RevenueCat and Vesikaa may process Firebase UID/app user ID, offerings, packages, purchases, restores, product IDs, entitlement IDs, store transaction IDs, original transaction IDs, subscription expiry, cancellation, billing issue, refund, renewal, and transfer events. Vesikaa stores a server-owned entitlement mirror in Firebase so the app can unlock decks, subscriptions, private backup access, and other paid features across devices.
We do not receive your full payment card number. Refunds, billing disputes, and subscription cancellation are handled through the relevant app store unless the app directs you otherwise.
9. Analytics, Diagnostics, and Feedback
We use analytics and diagnostics to understand whether Vesikaa works, find bugs, prevent abuse, and improve core flows. This includes Firebase Analytics, Firebase Crashlytics, Sentry, and limited internal logs.
When you are signed in, Crashlytics and Sentry may receive your stable Firebase user ID so we can connect crashes and support events to the right account. Sentry breadcrumbs and contexts may include app screens, feature states, device/app details, notification state, sync state, and non-sensitive identifiers. Feedback reports may include the message you write, optional contact name and email, device details, app version/build, tags, and a shortened account identifier.
We do not intentionally include journal body text, private reflection text, private questions, or full social message bodies in analytics events. Support feedback and issue reports include whatever you choose to type into the feedback form.
10. AI and Personalization
Vesikaa includes personalization and on-device AI-style features. Depending on what you enable, on-device processing may use card history, deck choices, birthday/yearly-cycle data, personalization seed material, journal excerpts, local embeddings, retrieved passages, or prompt text to generate reflections, detect themes, or compose readings.
Mobile journal personalization is designed to run on device or through local app logic, and private journal text is not sent to third-party model providers for training. Shared-reading AI artifacts, when used, are generated on device and may save the generated reading text plus model and prompt-version metadata to the shared session so participants can view it.
Vesikaa websites or admin tools may include separate generation APIs for deck or image-production workflows. If those tools are deployed publicly and you submit a prompt there, the prompt may be sent to the configured generation provider for that tool. Do not submit private journal text to web/admin generation tools unless that surface explicitly says it is intended for that use.
11. How We Use Information
We use the information described above to:
- Provide tarot readings, journals, reflections, personalization, and progression features
- Keep your data local-first while supporting backup, restore, and cross-device continuity
- Operate Soul House, shared readings, comments, chat, reports, and safety workflows
- Deliver local notifications and push notifications you allow or opt into
- Process purchases, subscriptions, restores, entitlements, and deck delivery
- Diagnose crashes, reliability issues, purchase issues, backup issues, and abuse
- Respond to support and privacy requests
- Operate the website waitlist and send email confirmations, launch news, and product updates you request
- Maintain security, prevent fraud, enforce limits, and comply with legal obligations
We do not use your personal information for third-party advertising, cross-context behavioral advertising, or automated decisions that produce legal or similarly significant effects.
12. How We Share Information
We share information only as needed to provide Vesikaa, operate chosen features, comply with law, and protect users. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or targeted advertising.
Key service providers include:
| Service | Operator | Purpose | Data Processed |
|---|---|---|---|
| Firebase Authentication | Google LLC | Account sign-in | Email, name, provider tokens, Firebase UID |
| Cloud Firestore | Google LLC | User backup, entitlements, settings, Soul House, messaging receipts | Reading metadata, encrypted private payloads, preferences, social content, push metadata |
| Firebase Cloud Functions | Google LLC | Server workflows | Soul House mutations, journal-key recovery workflows, purchase/entitlement workflows, messaging workflows |
| Google Cloud KMS | Google LLC | Account-recoverable journal-key wrapping | Wrapped journal key material, not journal plaintext |
| Firebase Cloud Messaging and APNs | Google LLC / Apple Inc. | Push delivery | Device tokens, message IDs, delivery metadata, push payloads |
| Firebase Analytics | Google LLC | Usage analytics | Event names and parameters, app/device metadata |
| Firebase Crashlytics | Google LLC | Crash reporting | Crash logs, stack traces, stable Firebase UID when signed in, device/app data |
| Sentry | Functional Software, Inc. | Error tracking and feedback | Exceptions, breadcrumbs, stable Firebase UID when signed in, optional feedback name/email/message, device/app data |
| Apple App Store | Apple Inc. | Purchases and app distribution | Store account, payment, transaction, refund, and subscription data handled by Apple |
| Google Play | Google LLC | Purchases and app distribution | Store account, payment, transaction, refund, and subscription data handled by Google |
| RevenueCat | RevenueCat, Inc. | Purchase validation and entitlement status | App user ID/Firebase UID, offerings, product IDs, entitlement IDs, purchases/restores, transaction and subscription events |
| Cloudflare R2 | Cloudflare, Inc. | Deck asset delivery | Deck object requests and standard request metadata |
| Cloudflare Pages and Turnstile | Cloudflare, Inc. | Website hosting and automated-abuse prevention | Standard request metadata and short-lived verification tokens |
| Resend | Resend, Inc. | Waitlist contact management and requested email delivery | Email address, signup source, subscription status, and email delivery metadata |
| Tenor | Google LLC | GIF search and preview, if GIF search is enabled | GIF search query text, selected GIF IDs/URLs, preview metadata, and standard request metadata |
| Google Fonts | Google LLC | Font delivery in app/web surfaces | Standard request metadata |
Soul House members receive the shared content you choose to post or generate in that house. We may disclose information if required by law, to protect rights and safety, or in connection with a business transfer, subject to appropriate safeguards.
Provider privacy policies:
- Google / Firebase: https://policies.google.com/privacy
- Tenor: https://policies.google.com/privacy
- Apple: https://www.apple.com/legal/privacy/
- Google Play: https://policies.google.com/privacy
- RevenueCat: https://www.revenuecat.com/privacy/
- Sentry: https://sentry.io/privacy/
- Cloudflare: https://www.cloudflare.com/privacypolicy/
- Resend: https://resend.com/legal/privacy-policy
13. Retention and Deletion
- Local data: Readings, journals, preferences, and local personalization data remain on your device until you delete them, clear local data, uninstall the app, or use an app flow that removes them.
- Cloud-backed personal history and settings: Retained while your account is active and deleted after account deletion or a verified deletion request, except for limited records we must retain for legal, security, fraud-prevention, or accounting reasons.
- Encrypted journal backups and encrypted private reflections/intentions: Retained until you delete them, request deletion, or delete your account. Turning backup off stops new backup activity but does not automatically remove prior encrypted backups.
- Account-recoverable journal-key metadata: Retained while account-recoverable backup is enabled or needed for recovery, and removed when you switch to recovery-key-only mode where the product flow deletes it, or when your account is deleted.
- Soul House social content: Retained while the house, thread, channel, report, or shared reading exists. Visible content may be deleted, redacted, anonymized, or tombstoned, while limited group-integrity and safety records may remain.
- Push tokens and notification metadata: Tokens are updated, rotated, or removed when permissions, sign-in state, or app state changes. Receipts, ledgers, and rollups are retained as needed for delivery, quiet hours, frequency caps, reporting, and abuse prevention.
- Purchase records: Store and RevenueCat records are retained according to Apple, Google, RevenueCat, tax, accounting, fraud-prevention, and entitlement-restoration requirements.
- Analytics and diagnostics: Analytics, crash, and error records are retained according to the settings in Firebase, Sentry, and our internal retention policies.
- Website waitlist: Your email address and waitlist subscription status are retained until you unsubscribe, ask us to delete them, or the waitlist is retired and the information is no longer needed, subject to limited suppression records used to honor an unsubscribe request.
Account deletion is available in the app where supported and at https://vesikaa.com/account-deletion.
14. Your Privacy Choices and Rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information, and to withdraw consent where processing is based on consent.
Your choices include:
- Use device settings to allow or block notifications, microphone, Bluetooth, and motion permissions.
- Use current in-app reminder settings for reminder preferences; use device settings to stop push notifications. If Vesikaa launches separate marketing or analytics consent controls in your region, those controls will govern the related processing.
- Use in-app export tools for supported local and backup data.
- Unsubscribe from waitlist or product-update emails using the unsubscribe link in those messages, or contact privacy@vesikaa.com to withdraw your request or delete your waitlist contact.
- Use in-app account deletion or https://vesikaa.com/account-deletion to request account deletion.
- Contact privacy@vesikaa.com for a complete access, export, correction, deletion, or objection request.
The in-app export is a product export for supported Vesikaa data. It may not include every vendor log, diagnostic event, purchase processor record, moderation snapshot, or internal security record that could be relevant to a formal privacy access request. Email privacy@vesikaa.com for a complete request.
California residents: we do not "sell" personal information or "share" personal information for cross-context behavioral advertising as those terms are used in the CCPA/CPRA.
15. Children and Age Restrictions
Vesikaa is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to Vesikaa, contact privacy@vesikaa.com so we can review and delete it where appropriate.
Soul House and shared social features should not be used by anyone under 13.
16. International Transfers
Vesikaa is operated from the United States, and our service providers may process information in the United States and other countries. These countries may have data-protection laws different from those where you live.
Where required, we rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses or other approved mechanisms.
17. Security
We use technical and organizational measures designed to protect Vesikaa data, including HTTPS/TLS in transit, Firebase security rules, owner-only data paths, App Check and authentication checks where applicable, Cloudflare Turnstile for waitlist abuse prevention, limited admin access, client-side encryption for private backup payloads, and KMS wrapping for account-recoverable journal-key workflows.
No system is perfectly secure. If we discover a security incident involving personal information, we will evaluate notification obligations under applicable law.
18. Changes
We may update this Privacy Policy as Vesikaa changes or as legal, platform, or vendor requirements change. When we make material changes, we will update the "Last Updated" date and provide additional notice where required or appropriate.
19. Contact
For privacy questions, requests, or complaints:
- Email: privacy@vesikaa.com
- General support: support@vesikaa.com
- Account deletion: https://vesikaa.com/account-deletion
If you are in a region with a data protection authority and believe we have not addressed your concern, you may have the right to contact your local authority.