Privacy Policy

Esotherik Apps

Last updated: June 3, 2026

This privacy policy applies to all spiritual and entertainment applications published under the Esotherik brand by Eduard Bruch, including: Aurum Tarot, SpellBook, Witch's Herbal, Tarot Reader, Aura Reader, Daily Horoscope, Dream Dictionary, Human Design, Manifestation Timer, Moon Calendar, Palm Reader, Witch's Calendar, Zodiac Compatibility, Affirmation Cards, Astrology Memes, Biorhythm, Birth Chart, Chakra Scanner, Chinese Zodiac, Coffee Cup Reading, Face Reading, I Ching, Lucid Dreaming, Mercury Retrograde, Numerology, Oracle Cards, Past Life, Pendulum, Reiki Timer, Rune Reading, Sigil Generator, Smudging Guide, Soul Name, Sound Healing, Spirit Animal, and Vedic Astrology (collectively, "the Apps").

1. Data Controller

Eduard Bruch

Kleinfeld 28c, 21149 Hamburg, Germany

Email: support@eduardbruch.com

2. Data We Collect

2.1 App Preferences (All Apps)

We store your app preferences (theme, notification settings, feature selections) using on-device storage (UserDefaults). This data never leaves your device and is strictly necessary for the functioning of the Apps (§ 25(2) Nr. 2 TTDSG).

2.2 Subscription Data

If you purchase a subscription, the transaction is processed by Apple through the App Store. We use RevenueCat, Inc. (USA) as a data processor to verify your subscription status. RevenueCat receives anonymized transaction data (purchase tokens, transaction IDs, and a pseudonymous app user ID). We do not have access to your payment information. RevenueCat retains this data for the duration of your subscription and a reasonable period thereafter for legal obligations. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Data transfer to the USA is secured under the EU-U.S. Data Privacy Framework. See RevenueCat's Privacy Policy.

2.3 Camera Images (Aura Reader, Face Reading, Palm Reader, Coffee Cup Reading)

Certain apps request camera access to provide their entertainment experience (e.g., palm reading, aura reading). Images are processed entirely on your device. They are not transmitted to any external server, not stored beyond the current session (unless you explicitly save a result), and are not used for any purpose other than generating the in-app reading. Legal basis: Art. 6(1)(a) GDPR (your consent via the iOS permission dialog).

2.4 Birth Date and Name (Numerology, Soul Name, Birth Chart, Vedic Astrology, Human Design)

Some apps ask for your birth date, birth time, birth location, or name to generate entertainment-based readings. This data is stored on your device only and is not transmitted to any server.

2.5 Journal Entries (Dream Dictionary, Lucid Dreaming, Aurum Tarot)

Dream journal entries, tarot reading history, and personal notes are stored on your device only. They are not transmitted externally. This data is retained until you delete it via the app's "Delete All My Data" function or by uninstalling the app.

2.6 AI-Powered Interpretations (Aurum Tarot)

Aurum Tarot offers optional AI-powered tarot interpretations as a premium feature. When you request an AI interpretation, the following data is sent to our server for processing:

• Card names, positions, and orientation (upright/reversed)
• Your question or intention (if entered)
• Your selected mood (if entered)
• A pseudonymous device identifier for rate limiting

This data is processed by our Cloudflare Worker (EU/US infrastructure) which forwards it to DeepSeek, a third-party AI service operated by DeepSeek Inc. (People's Republic of China), to generate the interpretation. DeepSeek's servers are located in China and are subject to Chinese data protection laws (PIPL, Cybersecurity Law). There is no adequacy decision by the European Commission for China, meaning the level of data protection may not be equivalent to that in the EU/EEA. In particular, Chinese authorities may have access to data under local law.

No personal information (name, email, account data) is included in the data sent. We do not store your questions or AI responses on our servers. The AI response is returned directly to your device and saved locally. For DeepSeek's own data handling practices, please refer to DeepSeek's Privacy Policy.

Before your first AI interpretation, the app will ask for your explicit consent. You can use all other app features without any data leaving your device. You may withdraw your consent at any time by deleting your data in the app settings. Legal basis: Art. 6(1)(a) GDPR (your explicit consent); data transfer to China: Art. 49(1)(a) GDPR (explicit consent after being informed of the risks).

2.7 Analytics and Tracking

The Apps do not use any analytics, advertising, or tracking frameworks. No usage data is collected or transmitted.

3. Entertainment Purpose

All content provided by the Apps (tarot readings, horoscopes, numerology reports, aura analyses, etc.) is generated for entertainment and spiritual exploration purposes only. It does not constitute medical, psychological, legal, or financial advice.

4. Legal Basis for Processing

• Art. 6(1)(a) GDPR — Consent: Camera access, notification permissions, AI interpretation data transfer (Aurum Tarot).
• Art. 6(1)(b) GDPR — Contract: Subscription processing, core app functionality.
• § 25(2) Nr. 2 TTDSG: Storing app preferences on your device (strictly necessary for the service).

5. Data Sharing and International Transfers

We do not sell, rent, or share your personal data with third parties for marketing purposes. Third-party services that may receive data:

• RevenueCat, Inc. (USA) — subscription verification. Data transfer to the USA is secured under the EU-U.S. Data Privacy Framework (adequacy decision of July 10, 2023). See RevenueCat's Privacy Policy.
• Cloudflare, Inc. (USA) — request routing and rate limiting for AI interpretations. Data transfer secured under the EU-U.S. Data Privacy Framework.
• DeepSeek Inc. (People's Republic of China) — AI interpretation processing in Aurum Tarot only, when you explicitly request an AI reading. No adequacy decision exists for China. Data transfer is based on your explicit consent after being informed of the risks (Art. 49(1)(a) GDPR). See section 2.6 for details.

6. Data Retention

• On-device data (readings, journal, preferences): Retained until you delete it via "Delete All My Data" in Settings or by uninstalling the app.
• Subscription data (RevenueCat): Retained for the duration of your subscription and as required by applicable tax and accounting laws.
• AI interpretation requests: Not stored on our servers. Cloudflare rate-limiting data (pseudonymous device ID and IP address) expires automatically after 1 hour.

7. California Residents (CCPA)

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents may contact us at support@eduardbruch.com to exercise their rights under the CCPA.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

• Access (Art. 15) — request what data we hold about you
• Rectification (Art. 16) — correct inaccurate data
• Erasure (Art. 17) — request deletion of your data. Since all data is on-device, you can delete it via the app's settings ("Delete All My Data") or by uninstalling the app.
• Restriction (Art. 18) — restrict processing
• Data Portability (Art. 20) — receive your data in a portable format
• Object (Art. 21) — object to processing
• Withdraw Consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of prior processing. You can withdraw AI consent by deleting your data in the app settings.

9. Right to Lodge a Complaint

You may lodge a complaint with the supervisory authority:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str. 22, 7. OG

20459 Hamburg

https://datenschutz-hamburg.de

10. Children's Privacy

The Apps are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16 (GDPR Art. 8) or under 13 (COPPA). If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

11. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated to you through the app before they take effect. The updated policy will be reflected on this page with an updated date.

12. Contact

For questions about this privacy policy or your data, contact: support@eduardbruch.com