tAIrot.ai Privacy Policy

tAIrot.ai Privacy Policy (US Baseline – Draft)

Last updated: Jan 2026

Draft for internal review – not final.
This document is a US‑focused draft Privacy Policy for tAIrot.ai, grounded in the requirements and assumptions in aws/documentation/regulations/required_notices_us.md. It must be reviewed and approved by legal counsel before being published to users.

1. Who we are

tAIrot.ai (“tAIrot”, “we”, “our”, or “us”) provides an AI‑powered tarot reading experience for entertainment purposes.

  • Controller: LunchWithAI, LLC
  • Address: 5242 Port Royal Rd, Unit 1031, Springfield, VA 22151
  • Contact: Support@tAIrot.ai

This Policy explains how we collect, use, and share information when you use our website, apps, and related services (collectively, the “Service”).

2. Who this Policy applies to

This Policy applies to individuals who use tAIrot.ai in the United States. We design and position the Service as adult‑oriented:

  • You must be 18 years or older to create an account and use tAIrot.ai.
  • By using the Service, you represent that you meet this age requirement.
  • We do not knowingly collect information from children under 13 and do not direct the Service to children.

If we learn that we have collected personal information from a child under 13, we will delete it.

Scope of this Policy

This Policy applies to the tAIrot.ai website, apps, and services that link to it. It does not apply to third‑party websites, services, or applications that we do not control, even if they are linked from our Service.

3. Information we collect

We collect the following types of information:

3.1 Account and profile information

When you create an account or update your profile, we may collect:

  • Email address
  • Display name or username (if used)
  • Authentication identifiers (such as account IDs or tokens)
  • Basic settings and preferences (e.g., language, TTS on/off, reader voice preferences)

3.2 Tarot sessions and chat content

When you use the Service, we process and store your tarot readings and conversation history, including:

  • Your questions, prompts, and other messages you send
  • The AI tarot reader’s responses
  • Session metadata (e.g., session ID, timestamps, type of reading)

Tarot conversations often touch on relationships, health, beliefs, emotions, and other personal matters. This means chat content may contain sensitive personal information that you choose to share. We only use this content:

  • To provide and display your readings and chat history, and
  • For limited internal troubleshooting and incident response.

We do not:

  • Use chat content for model training or fine‑tuning,
  • Use it for external research or marketing, or
  • Sell or share it with third parties for advertising.

We do not use sensitive personal information beyond what is reasonably necessary to provide the Service.

3.3 Audio output (text‑to‑speech)

We currently support text‑to‑speech (TTS) to read messages aloud. When you enable audio playback:

  • We convert text into synthetic speech using our text‑to‑speech provider.
  • We may temporarily store generated audio in our systems as a cache, keyed by internal identifiers (such as {voiceId}/{digest}) to improve performance.

We do not:

  • Record or process your voice input (no speech‑to‑text), or
  • Use audio output as biometric data or to build voiceprints.

3.4 Device and usage information

When you use the Service, we automatically collect certain technical information, such as:

  • IP address
  • Browser type and settings
  • Device type and operating system
  • Dates and times of access
  • Basic logs (e.g., request paths, error logs, response codes)
  • High‑level usage metrics (e.g., number of sessions, feature usage)

We use this information to:

  • Provide and secure the Service
  • Monitor performance and reliability
  • Detect and prevent abuse or fraud

3.5 Payment and purchase information

If you make purchases (e.g., in‑app readings, subscriptions), we process limited payment information:

  • We may receive information about transactions (e.g., product purchased, amount, date/time, status) from app stores or payment processors.
  • We do not store full payment card numbers or CVV codes.

Payment processing is handled by third‑party providers (such as Apple, Google, or other payment processors) under their own terms and privacy policies.

4. How we use information

We use information for the following purposes:

  1. To provide the Service
    • Create and manage your account
    • Deliver tarot readings and maintain chat history
    • Provide text‑to‑speech playback if you enable it
  2. To maintain and improve the Service
    • Monitor performance and reliability
    • Diagnose and fix errors or outages
    • Evaluate and improve user experience (e.g., which flows are confusing) using aggregated or de‑identified data
  3. To secure the Service
    • Detect, investigate, and prevent fraud, abuse, and security incidents
    • Protect our rights, property, and users
  4. To communicate with you
    • Send service‑related messages (e.g., account, security, billing)
    • Send optional product updates or marketing messages where permitted; you can opt out of marketing messages at any time.
  5. To comply with law
    • Respond to legal requests (e.g., subpoenas, court orders) where we are required to do so
    • Meet accounting, tax, and other regulatory obligations

5. How we share information

We do not sell personal information or share it with third parties for cross‑context behavioral advertising.

We share information in these limited ways:

  1. Service providers (processors)
    We use third‑party providers to help operate the Service, including:
    • Infrastructure and hosting
    • Text‑to‑speech
    • AI orchestration (e.g., LunchWith.ai)
    • Authentication and email
    • Payment processing (such as app stores or other payment providers)
    These providers may process personal information on our behalf and only under our instructions, for the purposes described above.
  2. Legal and safety reasons
    • To comply with laws or lawful requests by public authorities.
    • To protect the rights, safety, or property of tAIrot, our users, or others.
  3. Business transfers
    • If we are involved in a merger, acquisition, financing, or sale of assets, we may transfer information as part of that transaction, subject to appropriate confidentiality protections.

We do not grant third parties independent rights to use your chat content or personal information for their own advertising or data‑broker purposes.

6. Cookies and tracking

We use a small number of first‑party cookies and similar technologies to operate the Service. As of now:

  • UI preferences: We may set simple cookies to remember your interface preferences, such as whether the sidebar is expanded or collapsed, so that the layout feels consistent when you return.
  • No authentication or advertising cookies: We do not use cookies to store login tokens, and we do not use cookies for cross‑site tracking, targeted advertising, or sharing data with ad networks.
  • Browser and platform controls: You can usually configure your browser to refuse cookies or alert you when cookies are being set. If you disable cookies, some preference features (like remembering sidebar state) may not work as intended.

We may also use local browser storage (such as localStorage) to persist certain settings and authentication state, which operates in a similar way to cookies but is stored differently in your browser. Our use of local browser storage is limited to what is reasonably necessary to provide and secure the Service.

7. Retention

We keep information for as long as reasonably necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. As a baseline, we apply the following retention rules:

  • Account data
    • Kept for the life of the account and typically for up to 30 days after account deletion to address support, fraud, and chargeback issues.
  • Chat logs and tarot sessions
    • Kept to power your in‑app history while your account is active.
    • If you delete specific sessions, we aim to remove those sessions from our active systems within a short period (for example, within 30 days).
    • If you delete your account, we aim to remove associated chat logs from our active systems within 30 days, subject to limited retention for legal and security purposes.
    • Chat logs are not used for model training, external research, or marketing.
  • TTS audio cache
    • Stored in a cache under internal keys (e.g., {voiceId}/{digest}) for up to 30 days to improve performance and avoid regenerating identical audio.
    • Not directly linked to user identities in the cache layer.
  • Logs and metrics
    • Kept for operational and security purposes for up to 12 months, depending on log type, after which they are deleted or aggregated/anonymized.

We strive to ensure that retention periods are consistent with what we tell users and with technical feasibility (for example, backup and archival cycles).

8. Your choices and rights

We provide controls that let you manage your information:

7.1 In‑app controls

Where available in the app, you can:

  • View and manage your profile and settings
  • Delete individual sessions or readings
  • Delete your account, which will remove associated personal information from active systems within a reasonable period (subject to limited retention for legal and security purposes)

We plan to provide self‑serve export tools that allow you to download a copy of your data (for example, your profile and session history) in a structured format.

7.2 Marketing messages and notifications

You can manage your preferences for non‑essential communications by:

  • Using in‑app settings to turn off marketing emails and push notifications, and
  • Using unsubscribe links in emails.

We may still send you important service‑related communications (for example, about security, account changes, or billing).

7.3 Additional rights under state law

Depending on where you live in the United States, you may have additional privacy rights under state laws (for example, CCPA/CPRA in California, Colorado Privacy Act, and others), such as rights to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Obtain information about how we process and share personal information

We aim to make these rights available through self‑serve tools where possible, and we also provide a contact method for requests that cannot be handled in the app. In particular:

  • You can typically exercise many of these rights using in‑app settings and controls, where available (for example, viewing your profile, deleting sessions, or deleting your account).
  • For requests that cannot be completed in the app, you can contact us at Support@tAIrot.ai.
  • We may need to take reasonable steps to verify your identity before fulfilling certain requests and will respond within a reasonable period, consistent with applicable law.

To exercise your rights or ask questions, you can contact us at: Support@tAIrot.ai. We may need to verify your identity before fulfilling certain requests.

8. Security

We use technical and organizational measures designed to protect personal information, including:

  • Encryption in transit for client‑to‑server communication
  • Access controls and role‑based permissions for internal staff
  • Logging and monitoring for suspicious activity

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will investigate and, where required by law, notify you and relevant authorities.

9. International transfers

If you are located outside the United States and choose to use the Service, your information will be processed and stored in countries where our infrastructure and service providers are located, including the United States.

By using tAIrot.ai, you understand that your information may be transferred to and processed in countries with different data protection laws than your home country.

If and when we support specific regions with additional legal requirements (such as EU/UK or Brazil), we will supplement this Policy with region‑specific disclosures and safeguards, as described in our internal regulatory documentation.

10. Changes to this Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the “Last updated” date at the top, and
  • Where appropriate, provide additional notice (for example, by email or in‑app) if changes are material.

Your continued use of the Service after we publish changes means you accept the updated Policy.

11. Contact us

If you have questions about this Privacy Policy or our data practices, you can contact us at:

  • Email: Support@tAIrot.ai
  • Address: LunchWithAI, LLC, 5242 Port Royal Rd, Unit 1031, Springfield, VA 22151