tAIrot.ai Privacy Policy (US Baseline)

Last updated: January 2026

This Privacy Policy explains how tAIrot.ai ("tAIrot," "we," "our," or "us") collects, uses, discloses, and protects information when you use our website, mobile applications, and related services (collectively, the "Service"). tAIrot.ai is operated by LunchWithAI, LLC.

AI-Generated Responses: Readings and chat responses in the Service are generated by artificial intelligence. They may be inaccurate or incomplete, are not professional advice, and are not intended for emergency use.

1. Who We Are

• Controller: LunchWithAI, LLC
• Address: 5242 Port Royal Rd, Unit 1031, Springfield, VA 22151
• Contact: Support@tAIrot.ai

2. Scope and Eligibility

2.1 Who This Policy Applies To

This Policy applies to individuals who use tAIrot.ai in the United States. We design and position the Service as adult-oriented.

• You must be 18 years or older to create an account and use tAIrot.ai.
• By using the Service, you represent that you meet this age requirement.
• We do not knowingly collect information from children under 13 and do not direct the Service to children.
• If we learn that we have collected personal information from a child under 13, we will delete it promptly.

2.2 Scope

This Policy applies to the tAIrot.ai website, apps, and services that link to it. It does not apply to third-party websites, services, or applications that we do not control, even if they are linked from our Service.

3. Information We Collect

3.1 Account and Profile Information

When you create an account or update your profile, we may collect:

• Email address
• Display name or username (if used)
• Authentication identifiers (such as account IDs or tokens)
• Basic settings and preferences (e.g., language, TTS on/off, reader voice preferences)

3.2 Tarot Sessions and Chat Content

When you use the Service, we process and store your tarot readings and conversation history, including:

• Your questions, prompts, and other messages you send
• The AI tarot reader's responses
• Session metadata (e.g., session ID, timestamps, type of reading)

Sensitive Personal Information: Tarot conversations often touch on relationships, health, beliefs, emotions, and other personal matters. This means chat content may contain sensitive personal information that you choose to share. We only use this content to provide and display your readings and chat history, and for limited internal troubleshooting and incident response.

We do not:

• Use chat content for model training or fine-tuning
• Use it for external research or marketing
• Sell or share it with third parties for advertising
• Use sensitive personal information beyond what is reasonably necessary to provide the Service

3.3 Audio Output (Text-to-Speech)

We support text-to-speech (TTS) to read messages aloud. When you enable audio playback:

• We convert text into synthetic speech using our text-to-speech provider.
• We may temporarily store generated audio in our systems as a cache to improve performance.

We do not:

• Record or process your voice input (no speech-to-text)
• Use audio output as biometric data or to build voiceprints

Biometric Information: We do not collect biometric identifiers or biometric information as defined under Illinois BIPA, Texas CUBI, Washington state law, or similar statutes. We do not use voice recognition, facial geometry, fingerprints, or other biometric data to identify you.

3.4 Device and Usage Information

When you use the Service, we automatically collect certain technical information, such as:

• IP address
• Browser type and settings
• Device type and operating system
• Dates and times of access
• Basic logs (e.g., request paths, error logs, response codes)
• High-level usage metrics (e.g., number of sessions, feature usage)

3.5 Payment and Purchase Information

If you make purchases (e.g., in-app readings, subscriptions), we process limited payment information:

• We may receive information about transactions (e.g., product purchased, amount, date/time, status) from app stores or payment processors.
• We do not store full payment card numbers or CVV codes.
• Payment processing is handled by third-party providers (such as Apple, Google, or other payment processors) under their own terms and privacy policies.

3.6 Health Information Disclaimer

While tarot conversations may include health-related information you choose to share, we are not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act (HIPAA). The Service is an entertainment product, not a healthcare service, and HIPAA does not apply to us.

4. How We Use Information

4.1 To Provide the Service

• Create and manage your account
• Deliver tarot readings and maintain chat history
• Provide text-to-speech playback if you enable it

4.2 To Maintain and Improve the Service

• Monitor performance and reliability
• Diagnose and fix errors or outages
• Evaluate and improve user experience using aggregated or de-identified data

4.3 To Secure the Service

• Detect, investigate, and prevent fraud, abuse, and security incidents
• Protect our rights, property, and users

4.4 To Communicate with You

• Send service-related messages (e.g., account, security, billing)
• Send optional product updates or marketing messages where permitted; you can opt out of marketing messages at any time

4.5 To Comply with Law

• Respond to legal requests (e.g., subpoenas, court orders) where required
• Meet accounting, tax, and other regulatory obligations

5. How We Share Information

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

We share information only in these limited ways:

5.1 Service Providers

We use third-party providers to help operate the Service, including providers of:

• Infrastructure and hosting
• Text-to-speech services
• AI orchestration (e.g., LunchWith.ai)
• Authentication and email services
• Payment processing (such as app stores or other payment providers)
• Analytics (Google Analytics 4), to measure first app use and account creation for operational and acquisition diagnostics (see §6)

These providers process personal information on our behalf and only under our instructions.

5.2 Legal and Safety Reasons

We may disclose information:

• To comply with laws or lawful requests by public authorities
• To protect the rights, safety, or property of tAIrot, our users, or others

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, we may transfer information as part of that transaction, subject to appropriate confidentiality protections.

5.4 California "Shine the Light"

Under California Civil Code § 1798.83, California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

6. Cookies and Tracking Technologies

We use a limited number of first-party cookies and similar technologies to operate the Service:

• UI preferences: We may set cookies to remember interface preferences (e.g., sidebar state) for a consistent experience.
• Authentication: We do not use cookies to store login tokens in third-party analytics tools. Session cookies used to operate sign-in are first-party and necessary to provide the Service.
• Analytics and conversion measurement (Google Analytics 4 and Google Ads): We use Google Analytics on `app.tairot.ai` to measure whether users open the app after installing it and whether they create an account. We may import aggregate conversion metrics into Google Ads to measure off-platform install campaigns. We do not display third-party ads inside the tAIrot app or use these technologies to show you targeted ads inside the Service or to sell your data to ad networks.
• Local storage: We may use local browser storage (such as localStorage) to persist settings and authentication state. This is limited to what is reasonably necessary to provide and secure the Service.

You can configure your browser to refuse cookies or alert you when cookies are set. Disabling cookies may affect some features. Google provides additional analytics opt-out tools.

7. Data Retention

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Our baseline retention periods are:

| Data Type | Retention Period |

| --- | --- |

| Account data | Life of account plus up to 30 days after deletion |

| Chat logs and sessions | Active while account exists; removed within 30 days of session or account deletion |

| Logs and metrics | Up to 30 days, then deleted or anonymized |

Chat logs are not used for model training, external research, or marketing.

8. Your Privacy Rights

8.1 In-App Controls

Where available in the app, you can:

• View and manage your profile and settings
• Delete your saved readings and conversation history in bulk (via Settings or `/delete-my-data-or-account`; this removes all reading data for your account—it does not delete individual sessions or readings selectively)
• Delete your account
• Export your data (where this feature is available)

8.2 Marketing Communications

You can opt out of marketing communications by:

• Using in-app settings to disable marketing emails and push notifications
• Using unsubscribe links in emails (when email marketing is sent)

We may still send you service-related communications (e.g., security alerts, billing notices).

8.3 State Privacy Rights

Depending on your state of residence, you may have additional rights under state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and similar laws. These rights may include:

• Right to Know: Request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Access: Request a copy of the personal information we hold about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Portability: Request your data in a portable, readily usable format.
• Right to Opt Out of Sale/Sharing: We do not sell personal information or share it for cross-context behavioral advertising, so there is no need to opt out. However, you may still submit such a request, and we will honor it.
• Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (such as information revealed in chat content) for purposes permitted under applicable law—specifically, to provide the Service you requested. You may request that we limit our use, though our use is already limited to these permitted purposes.

8.4 How to Exercise Your Rights

You can exercise many of these rights directly through in-app controls. For requests that cannot be completed in the app, contact us at Support@tAIrot.ai.

Verification: To protect your privacy, we will verify your identity before fulfilling requests. For account holders, we typically verify by confirming access to the email address associated with your account. For non-account holders, we may request additional information to verify your identity.

Response Time: We will respond to verifiable requests within 45 days. If we need additional time (up to an additional 45 days), we will notify you of the reason and extension period in writing.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written permission signed by you, and we may require you to verify your identity directly with us or confirm that you authorized the agent.

8.5 Right to Appeal

If we decline to take action on your privacy request, you have the right to appeal. To appeal, contact us at Support@tAIrot.ai with the subject line "Privacy Appeal" and include a description of your original request and the reason you believe our decision was incorrect. We will respond to appeals within 60 days. If your appeal is denied, we will provide information about how to contact your state attorney general, if applicable.

8.6 Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny you goods or services, charge different prices, provide a different quality of service, or retaliate against you for exercising your rights.

8.7 Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined under Nevada Revised Statutes Chapter 603A. If you are a Nevada resident and wish to submit an opt-out request, you may contact us at Support@tAIrot.ai.

9. California Privacy Disclosures

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

9.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

| Category | Examples | Collected? |

| --- | --- | --- |

| Identifiers | Email address, username, account ID, IP address | Yes |

| Commercial information | Purchase history, transaction records | Yes (if purchases made) |

| Internet/network activity | Browsing history, interaction with Service, device info | Yes |

| Inferences | Preferences derived from usage | Yes (limited) |

| Sensitive PI | Information revealed in chat content (health, beliefs, relationships) | Yes (user-provided) |

9.2 Sources of Personal Information

• Directly from you: Account registration, chat content, preferences
• Automatically: Device and usage information collected when you use the Service
• From third parties: Payment transaction information from app stores and payment processors

9.3 Purposes for Collection and Use

We collect personal information for the purposes described in Section 4 of this Policy: to provide, maintain, improve, and secure the Service; to communicate with you; and to comply with legal obligations.

9.4 Disclosure of Personal Information

In the preceding 12 months, we have disclosed personal information to the following categories of recipients for business purposes:

• Service providers: Infrastructure, hosting, TTS, AI orchestration, authentication, email, payment processing, and analytics providers (see §5.1 and §6)
• Government/legal: When required by law or legal process

9.5 Sale and Sharing

We have not sold personal information in the preceding 12 months. We have not shared personal information for cross-context behavioral advertising in the preceding 12 months.

9.6 Retention

We retain personal information as described in Section 7 of this Policy. Retention periods are based on the nature of the data and the purposes for which it was collected.

10. Security

We use technical and organizational measures designed to protect personal information, including:

• Encryption in transit for client-to-server communication
• Access controls and role-based permissions for internal staff
• Logging and monitoring for suspicious activity

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will investigate and, where required by law, notify you and relevant authorities.

11. International Transfers

If you are located outside the United States and choose to use the Service, your information will be processed and stored in countries where our infrastructure and service providers are located, including the United States.

By using tAIrot.ai, you understand that your information may be transferred to and processed in countries with different data protection laws than your home country.

12. Subscription Auto-Renewal Disclosures

If you purchase a subscription through the Apple App Store or Google Play Store:

• Automatic renewal: Subscriptions automatically renew at the end of each billing period unless you cancel before the renewal date.
• Billing: Your app store account will be charged for the renewal within 24 hours prior to the end of the current billing period at the subscription price displayed at the time of purchase.
• Cancellation: You may cancel your subscription at any time through your app store account settings. Cancellation will take effect at the end of the current billing period. No refunds are provided for partial billing periods unless required by law.
• Managing subscriptions: For Apple: Settings > [Your Name] > Subscriptions. For Google Play: Play Store > Menu > Subscriptions.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last updated" date at the top of this Policy
• Provide additional notice (e.g., by email or in-app notification) if changes are material

Your continued use of the Service after we publish changes means you accept the updated Policy.

14. Accessibility

We are committed to making this Privacy Policy accessible to individuals with disabilities. If you have difficulty accessing this Policy, please contact us at Support@tAIrot.ai and we will provide it in an alternative format.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, you can contact us at:

• Email: Support@tAIrot.ai
• Address: LunchWithAI, LLC, 5242 Port Royal Rd, Unit 1031, Springfield, VA 22151