Privacy Policy

Last updated: 26 May 2026

1. Who We Are

Chinese Culture Studio (“we”, “us”, “our”) operates the website at chinese-culture-app.onrender.com. We provide algorithmically generated Chinese cultural interpretations — naming, auspicious date selection, and I Ching divination.

For the purposes of the EU General Data Protection Regulation (GDPR), we act as the Data Controller. Our hosting infrastructure is located in the United States (Render, Oregon) with database services (Neon, US-East).

2. Data We Collect

We collect only the minimum data necessary to provide each service:

• Naming: Surname, gender, birth year/month/day/hour, style preference.
• Date Selection: Date range and event type (e.g. wedding, business).
• Divination: Optional question and casting method.
• Visit Analytics: Page path, country (derived from IP, not stored as IP), and referrer. Your IP address is never persisted.

No account registration, email address, phone number, or full name is collected. All input is voluntarily provided by you when submitting a service form.

3. Legal Basis for Processing (GDPR)

• Performance of a Contract (Art. 6(1)(b)): Processing your input data to generate the service result you requested.
• Legitimate Interest (Art. 6(1)(f)): Basic visit analytics (page path, country) to understand service usage and maintain security.
• Consent (Art. 6(1)(a)): Local storage for free-tier tracking. You may decline via the cookie banner without affecting core service functionality.

4. Payment Processing

All payments are processed by PayPal, a PCI-DSS compliant payment processor. We never receive, store, or transmit your credit card or PayPal account details. PayPal provides us only with a transaction ID and payment status to confirm completion. PayPal's privacy policy applies to all payment-related data: paypal.com/privacy.

5. Cookies & Local Storage

• Essential — Free Tier Tracking: One localStorage key (cc-free-tier) stores your remaining free readings count (a number, 0–2). No personal data.
• Essential — Consent Record: One localStorage key (cc-cookie-consent) records your cookie preference (“accepted” or “declined”).
• Session: Next.js sets a minimal server-side session cookie required for the payment redirect flow. This contains no personal data.

We do not use advertising cookies, tracking cookies, third-party analytics (Google Analytics, Facebook Pixel, etc.), fingerprinting, or cross-site trackers of any kind.

6. Data Retention

• Purchase records (input + result): Stored in our database. These records are kept to provide the service and support revenue reporting. They contain only the input you provided and the algorithmically generated result — no personal identifiers.
• Visit analytics: Stored in our database. Country-level data only. No IP addresses are retained.
• Local storage: Managed entirely in your browser. Clearing browser data removes free-tier count and consent preference immediately.

You may request deletion of your data at any time (see Section 7).

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:

• Right of Access (Art. 15): Request confirmation of whether we process your data and a copy of that data.
• Right to Rectification (Art. 16): Request correction of inaccurate personal data.
• Right to Erasure (Art. 17): Request deletion of your data (“right to be forgotten”).
• Right to Restriction (Art. 18): Request limitation of processing under certain conditions.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time. Clear your browser's localStorage or use the cookie banner to change your preference.

To exercise any of these rights, contact us at the email below. We will respond within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority (Supervisory Authority).

8. Data Sharing & Third Parties

We do not sell, rent, trade, or share your data with any third parties. The only external services involved are:

• PayPal — Payment processing. Receives only your payment instrument details (not your cultural input data).
• Render (Render Services, Inc.) — US-based cloud hosting. Our application code and database queries run on Render infrastructure.
• Neon, Inc. — US-based managed PostgreSQL database. All stored data resides in Neon's us-east-1 region.

Both Render and Neon are certified under the EU-US Data Privacy Framework (DPF) or have Standard Contractual Clauses (SCCs) in place for lawful international data transfers.

9. International Data Transfers

Our servers are located in the United States. If you access our service from outside the US (including the EEA), your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place, including reliance on DPF certifications and/or Standard Contractual Clauses, to protect your data in accordance with GDPR requirements.

10. Security

We implement appropriate technical and organizational measures to protect your data: HTTPS/TLS encryption in transit; database encryption at rest; access controls on all infrastructure; and principle of least privilege for database access.

11. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates when changes were made. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, to exercise your data rights, or to report concerns:

Email: privacy@easternwisdom.app
Response time: Within 30 days (as required by GDPR)

Chinese Culture Studio — Data Controller. Hosted on Render (Oregon, US) with Neon PostgreSQL (US-East).