易 I Ching Realm
Privacy Terms Refund Cookies GDPR LGPD CCPA

Privacy Policy

Last updated: July 5, 2026

1. Overview

I Ching Realm ("we", "us", "our") operates the website ichingrealm.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. This policy complies with the General Data Protection Regulation (GDPR) for European users, the California Consumer Privacy Act (CCPA) for California residents, the Lei Geral de Proteção de Dados (LGPD) for Brazilian users, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

2.1 Information You Provide

  • Oracle Questions: When you use the I Ching oracle, you may type a personal question. This text is sent to our AI service provider solely to generate your reading. We do not store your questions on our servers after the reading is complete.
  • AI Deep Reading Content: When you request an AI Deep Reading, your question and hexagram result are transmitted to a third-party AI API (our cloud provider) to generate the response. The AI provider may temporarily process this data under their own privacy policy.

2.2 Information Collected Automatically

  • Device & Browser Data: We collect standard technical information including browser type, operating system, screen resolution, and device type. This is collected through local JavaScript and does not leave your device unless analytics is enabled.
  • Usage Patterns: We track which sections of the Service you visit (Gate, Path, Oracle, Reading) for the purpose of improving user experience. This data is aggregated and anonymized.

2.3 Information We Do NOT Collect

  • We do not require account registration or collect names, email addresses, or contact information.
  • We do not collect payment card information directly (payments are processed by our payment provider; see Section 5).
  • We do not use tracking pixels, social media trackers, or advertising identifiers.
  • We do not collect precise geolocation data.

3. How We Use Your Information

  • To provide, operate, and maintain the I Ching oracle Service
  • To generate AI-powered deep readings based on your questions
  • To improve and optimize the Service experience
  • To comply with legal obligations
  • To detect and prevent fraud or abuse

We do not use your personal data for automated decision-making that produces legal or similarly significant effects, beyond the oracle reading you explicitly request.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data on the following legal bases:

  • Contractual necessity: Processing your question to deliver the oracle reading you requested (Art. 6(1)(b) GDPR)
  • Legitimate interest: Improving the Service through anonymized usage analytics (Art. 6(1)(f) GDPR)
  • Consent: Where required, we obtain your consent before processing (Art. 6(1)(a) GDPR)

5. Third-Party Services

5.1 AI Service Provider

We use a cloud AI API to generate Deep Readings. When you request an AI Deep Reading, your question and hexagram data are transmitted to this provider. The provider processes data under their enterprise privacy agreement and does not use your data to train their models.

5.2 Payment Processor

If you make a purchase (e.g., premium readings), payment is processed by a PCI-DSS compliant payment provider. We do not see or store your full card number. The provider may collect billing name, address, and payment details as required by law.

5.3 Hosting Provider

Our Service is hosted on cloud infrastructure. The hosting provider may process server logs (IP addresses, request timestamps) for security and performance purposes, in accordance with their privacy policy.

6. Data Retention

  • Oracle questions: Not stored after the reading session ends. Questions exist only in your browser's memory during the active session.
  • AI reading results: Generated in real-time and displayed to you. Not stored on our servers.
  • Server logs: Automatically deleted after 30 days.
  • Payment records: Retained for 7 years as required by tax and financial regulations.

7. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and China (where our AI provider operates). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) with AI providers
  • Data processing agreements with all sub-processors
  • Encryption in transit (TLS 1.2+) and at rest

For EU users: Transfers to the US are made under the EU-US Data Privacy Framework where applicable.

For Brazilian users: International transfers comply with LGPD Article 33, ensuring the destination country provides an adequate level of protection or appropriate contractual clauses are in place.

8. Your Rights

8.1 GDPR Rights (EEA Users)

  • Right of access (Art. 15): Request a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate data
  • Right to erasure (Art. 17): Request deletion of your data
  • Right to restrict processing (Art. 18): Limit how we use your data
  • Right to data portability (Art. 20): Receive your data in a structured format
  • Right to object (Art. 21): Object to processing based on legitimate interest
  • Right to withdraw consent (Art. 7): Withdraw consent at any time

8.2 CCPA Rights (California Residents)

  • Right to know what personal information is collected
  • Right to request deletion of personal information
  • Right to opt out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

8.3 LGPD Rights (Brazilian Users)

  • Direito de confirmação e acesso (Art. 18, II): Confirm and access your data
  • Direito de correção (Art. 18, III): Correct incomplete or inaccurate data
  • Direito de anonimização ou eliminação (Art. 18, VI): Anonymize or delete unnecessary data
  • Direito de portabilidade (Art. 18, V): Transfer data to another service
  • Direito de eliminação de dados tratados com consentimento (Art. 18, IX): Delete data processed with consent
  • Direito de revogação do consentimento (Art. 18, IX): Revoke consent at any time

8.4 PIPEDA Rights (Canadian Users)

  • Right to access personal information held about you
  • Right to challenge the accuracy of personal information
  • Right to withdraw consent for data collection and use

9. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@ichingrealm.com.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS/TLS encryption for all data in transit
  • No persistent storage of oracle questions or reading results
  • API keys stored server-side only, never exposed to the browser
  • Regular security reviews and updates

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. For LGPD, we will notify the Autoridade Nacional de Proteção de Dados (ANPD) and affected data subjects within a reasonable timeframe.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: privacy@ichingrealm.com
  • Response time: We will respond to verified requests within 30 days (GDPR), 45 days (CCPA), or 15 days (LGPD), as applicable.

For LGPD-specific inquiries, you may also contact the ANPD at www.gov.br/anpd.

© 2026 I Ching Realm. All rights reserved.

Privacy Terms Refund Cookies GDPR LGPD CCPA