Privacy Policy

Last updated: January 17, 2026

Card Ritual ("we," "our," or "us") respects your privacy. This policy explains how we collect, use, and protect your information.

1. Information We Collect

1.1 Account Information

  • Email address (required for login)
  • Password (if applicable) or authentication tokens

1.2 User Content

  • Journal entries and card interpretations
  • Mentor feedback requests and responses

1.3 Usage Data

  • Cards viewed and pulled
  • Dates and times of app usage
  • Streak and practice statistics
  • Feature interactions

1.4 Payment Information

  • Subscription status and plan type
  • Token purchase history
  • Payment processing is handled by Stripe; we do not store credit card numbers

1.5 Device and Technical Data

  • Browser type and version
  • Device type
  • IP address
  • Timezone

2. How We Use Your Information

We use your information to:

  • Provide and operate the Service
  • Process payments and manage subscriptions
  • Deliver mentor feedback (with your consent)
  • Send transactional emails (login links, receipts)
  • Send marketing emails (only with your consent)
  • Improve and personalize the Service
  • Analyze usage patterns and trends
  • Prevent fraud and abuse
  • Comply with legal obligations

3. Information Sharing

3.1 Mentors

If you request mentor feedback, your journal entry for that card will be shared with a Card Ritual mentor. Mentors see:

  • The card you pulled
  • Your interpretation/journal entry
  • No other personal information

Mentors are bound by confidentiality agreements and may not share or use your content outside of providing feedback.

3.2 Service Providers

We share information with third-party services that help us operate:

  • Supabase (database and authentication)
  • Stripe (payment processing)
  • Resend (transactional email)
  • ConvertKit (marketing email, only if you opt in)
  • Vercel (hosting)

These providers are contractually obligated to protect your information.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or property of Card Ritual or others.

3.4 Business Transfers

If Card Ritual is acquired or merged, your information may be transferred to the new owner. We will notify you before your information becomes subject to a different privacy policy.

3.5 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

  • Account data: Retained until you delete your account
  • Journal entries: Retained until you delete them or your account
  • Payment records: Retained as required for legal/tax purposes
  • Usage analytics: Retained in anonymized form

5. Your Rights

5.1 Access and Export

You can view your journal entries and account information within the app.

5.2 Correction

You can edit your journal entries and account information at any time.

5.3 Deletion

You can delete individual journal entries or request full account deletion. To delete your account, contact hello@cardritual.com or use the account settings.

5.4 Marketing Opt-Out

You can unsubscribe from marketing emails at any time via the link in any email or in your account settings. Transactional emails (login links, receipts) cannot be opted out of.

5.5 Data Portability

You may request an export of your data by contacting hello@cardritual.com.

6. Cookies and Tracking

We use essential cookies to:

  • Keep you logged in
  • Remember your preferences (theme, etc.)

We do not use third-party advertising cookies or sell data to advertisers.

7. Security

We protect your information using:

  • Encrypted connections (HTTPS/TLS)
  • Secure password hashing
  • Row-level security on database
  • Limited access to personal data

No system is 100% secure. If you believe your account has been compromised, contact us immediately.

8. Children's Privacy

Card Ritual is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected data from a child under 18, we will delete it promptly.

9. International Users

Card Ritual is operated in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. By using the Service, you consent to this transfer.

10. California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact hello@cardritual.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice. Your continued use of the Service after changes constitutes acceptance.

12. Contact Us

Questions or concerns about your privacy? Contact us at:

hello@cardritual.com

Card Ritual is operated by Savelle LLC
Scottsdale, Arizona, United States

By using Card Ritual, you acknowledge that you have read and understood this Privacy Policy.