Carm – Privacy Policy

Last updated: 25 July 2025

This Privacy Policy explains how the mobile application Carm (the “App,” “we,” “our,” or “us”) collects, uses, and protects information when you use it.

1. Quick Summary

No ads, no brokers: we do not sell or share your data with advertising networks.
Optional account: you can use Carm anonymously; if you skip sign-up we store only an internal device ID plus crash/usage stats.
US hosting: all data live on Google Firestore and Amplitude servers located in the United States.
AI with boundaries: de‑identified text goes to OpenAI for chat responses; model‑training is disabled.
Delete any time: Settings ▸ Privacy ▸ Delete Account wipes your profile and related records.

2. Data We Collect

Contact info – name and email (only if you create an account).
Device identifiers – IDFV / Android device ID; Apple IDFA or Google GAID only if you allow tracking.
Usage data – screens viewed, taps, session length.
Diagnostics – crash logs and performance metrics.
Chat content – tarot prompts and journal text you type.

3. How We Use Your Data

Operate core features (tarot chat, journal sync).
Analyse aggregated usage in Amplitude to decide which features to improve.
Generate AI responses via the OpenAI API.
Investigate crashes and fix bugs.

We never use your data for behavioural advertising or automated decisions that produce legal effects.

4. Tracking & Consent

On iOS we read the Apple advertising identifier (IDFA) only after you press Allow in the App Tracking Transparency prompt. We use it solely for aggregate attribution (e.g., which campaign led to an install). If you refuse, we revert to a non‑advertising device ID. Android offers a similar opt‑out under Settings ▸ Google ▸ Ads ▸ Delete advertising ID.

5. Data Retention

Account holders: profile, chat history, and analytics logs stay while the account exists and are permanently deleted within 24 months after you delete the account.
Anonymous users: device‑based analytics logs are purged automatically after 24 months.
Crash logs: stored no longer than 12 months.

6. Your Control

Delete Account & Data – Settings ▸ Privacy ▸ Delete Account. We fulfil verified deletion requests within 30 days.

7. Security

Data in Firestore and Amplitude is encrypted in transit (TLS 1.2+) and at rest (AES‑256). Access is limited to authorised staff using role‑based permissions and multi‑factor authentication.

8. International Users

The App is operated from the United States. If you access Carm from another region, you understand your information will be transferred to, stored, and processed in the United States.

9. Changes to This Policy

We may update this Policy from time to time. When we make material changes we will notify you in‑app and update the “Last updated” date. Continued use of the App after a change means you accept the revised Policy.

Carm – Privacy Policy

Last updated: 25 July 2025

This Privacy Policy explains how the mobile application Carm (the “App,” “we,” “our,” or “us”) collects, uses, and protects information when you use it.

1. Quick Summary

No ads, no brokers: we do not sell or share your data with advertising networks.

Optional account: you can use Carm anonymously; if you skip sign-up we store only an internal device ID plus crash/usage stats.

US hosting: all data live on Google Firestore and Amplitude servers located in the United States.

AI with boundaries: de‑identified text goes to OpenAI for chat responses; model‑training is disabled.

Delete any time: Settings ▸ Privacy ▸ Delete Account wipes your profile and related records.

2. Data We Collect

Contact info – name and email (only if you create an account).

Device identifiers – IDFV / Android device ID; Apple IDFA or Google GAID only if you allow tracking.

Usage data – screens viewed, taps, session length.

Diagnostics – crash logs and performance metrics.

Chat content – tarot prompts and journal text you type.

3. How We Use Your Data

Operate core features (tarot chat, journal sync).

Analyse aggregated usage in Amplitude to decide which features to improve.

Generate AI responses via the OpenAI API.

Investigate crashes and fix bugs.

We never use your data for behavioural advertising or automated decisions that produce legal effects.

4. Tracking & Consent

5. Data Retention

Account holders: profile, chat history, and analytics logs stay while the account exists and are permanently deleted within 24 months after you delete the account.

Anonymous users: device‑based analytics logs are purged automatically after 24 months.

Crash logs: stored no longer than 12 months.

6. Your Control

Delete Account & Data – Settings ▸ Privacy ▸ Delete Account. We fulfil verified deletion requests within 30 days.

7. Security

Data in Firestore and Amplitude is encrypted in transit (TLS 1.2+) and at rest (AES‑256). Access is limited to authorised staff using role‑based permissions and multi‑factor authentication.

8. International Users

The App is operated from the United States. If you access Carm from another region, you understand your information will be transferred to, stored, and processed in the United States.

9. Changes to This Policy

We may update this Policy from time to time. When we make material changes we will notify you in‑app and update the “Last updated” date. Continued use of the App after a change means you accept the revised Policy.

Carm – Privacy Policy

Last updated: 25 July 2025This Privacy Policy explains how the mobile application Carm (the “App,” “we,” “our,” or “us”) collects, uses, and protects information when you use it.

1. Quick Summary

No ads, no brokers: we do not sell or share your data with advertising networks.

Optional account: you can use Carm anonymously; if you skip sign-up we store only an internal device ID plus crash/usage stats.

US hosting: all data live on Google Firestore and Amplitude servers located in the United States.

AI with boundaries: de‑identified text goes to OpenAI for chat responses; model‑training is disabled.

Delete any time: Settings ▸ Privacy ▸ Delete Account wipes your profile and related records.

2. Data We Collect

Contact info – name and email (only if you create an account).

Device identifiers – IDFV / Android device ID; Apple IDFA or Google GAID only if you allow tracking.

Usage data – screens viewed, taps, session length.

Diagnostics – crash logs and performance metrics.

Chat content – tarot prompts and journal text you type.

3. How We Use Your Data

Operate core features (tarot chat, journal sync).

Analyse aggregated usage in Amplitude to decide which features to improve.

Generate AI responses via the OpenAI API.

Investigate crashes and fix bugs.

We never use your data for behavioural advertising or automated decisions that produce legal effects.

4. Tracking & Consent

5. Data Retention

Account holders: profile, chat history, and analytics logs stay while the account exists and are permanently deleted within 24 months after you delete the account.

Anonymous users: device‑based analytics logs are purged automatically after 24 months.

Crash logs: stored no longer than 12 months.

6. Your Control

Delete Account & Data – Settings ▸ Privacy ▸ Delete Account. We fulfil verified deletion requests within 30 days.

7. Security

Data in Firestore and Amplitude is encrypted in transit (TLS 1.2+) and at rest (AES‑256). Access is limited to authorised staff using role‑based permissions and multi‑factor authentication.

8. International Users

The App is operated from the United States. If you access Carm from another region, you understand your information will be transferred to, stored, and processed in the United States.

9. Changes to This Policy

We may update this Policy from time to time. When we make material changes we will notify you in‑app and update the “Last updated” date. Continued use of the App after a change means you accept the revised Policy.

Last updated: 25 July 2025

This Privacy Policy explains how the mobile application Carm (the “App,” “we,” “our,” or “us”) collects, uses, and protects information when you use it.