팔자Palja

Privacy Policy

App: Palja — Korean Saju Reading (com.modoo.palja)

Last updated: May 30, 2026

1. Overview

Palja (“we”, “the app”) is a Korean Four Pillars (Saju) reading application. This policy explains what data we collect, why we collect it, who we share it with, and how to delete it. We process the minimum data required to deliver readings and support the app. We do not sell personal data.

2. Data we collect

  • Account — email address (via Google Sign-In), used to authenticate your account.
  • Saju input — birth date, birth time (optional), gender. Required to compute your reading.
  • Display name (optional) — shown only inside your library; never sent to AI providers.
  • Compatibility input — partner birth date, birth time, gender. Required only when you order a compatibility reading.
  • Purchase — Google Play purchase token, order ID, product ID. Used to verify purchase, deliver the reading, and process refunds. We never see your payment card details — Google Play Billing handles payment and global tax compliance on our behalf.
  • Push token — Firebase Cloud Messaging (FCM) token, to deliver report-ready and daily fortune notifications.
  • Advertising ID— used by Google AdMob for the optional reward ad in “Today’s Fortune”.
  • Diagnostics — crash logs and performance metrics via Firebase Crashlytics and Firebase Analytics, used to keep the app stable.

We do not collect: phone number, contacts, location, photos, calendar, microphone, files, or messages.

3. How your reading is generated

When you confirm a purchase, the following non-identifying inputs are sent to Anthropicto generate the reading text: birth date, birth time (or “unknown”), gender, and — for compatibility — partner birth date, birth time, gender; for yearly — target year. Your display name, email, FCM token, payment information, and advertising ID are neversent to Anthropic. Generated readings are cached on our servers (Supabase) keyed by a hash of the above inputs. If another user provides the exact same inputs, the cached AI output may be reused — this never exposes one user’s identity to another.

4. Third parties we share with

  • Anthropic — AI reading generation. Receives birth date, birth time, gender, partner inputs (compatibility), target year (yearly).
  • Google (Firebase) — push notifications, crash reporting, analytics. Receives FCM token, crash logs, analytics events.
  • Google AdMob — optional reward video ads. Receives advertising ID and ad interaction events.
  • Google Play Billing — purchase processing. Receives purchase token, order ID, product ID.
  • Supabase — database and authentication. Stores all account data, saju profiles, reports, transactions, FCM tokens.
  • Cloudflare — hosting, CDN, and edge security. Receives request metadata (IP, User-Agent) and API request / response bodies in transit.

We do not share your data with advertisers, data brokers, or marketing partners.

5. Data retention

Account data and reports are retained while your account is active. Cached AI output is retained indefinitely keyed by input hash; it is not personally identifiable on its own. Push tokens are removed automatically when the token becomes invalid (UNREGISTERED) or when you log out. Crash logs and analytics follow Firebase’s default retention. When you delete your account, all data tied to your user ID is removed via cascading database deletes within minutes.

6. Deleting your data

You may request deletion of all your data at any time. The fastest way is in-app: Settings → Delete account. If you no longer have access to the app, see our Account & Data Deletion page or email us at jubjub0395@gmail.com. We process external deletion requests within 30 days.

7. Children

Palja is rated for general audiences. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us and we will remove it.

8. Security

All network traffic uses HTTPS (TLS 1.2+). Backend data stored on Supabase is encrypted at rest. Authentication uses Google ID tokens; we never see your Google password. Server-side API access uses short-lived bearer tokens with automatic refresh.

9. GDPR / CCPA Rights

If you are in the EEA, UK, Switzerland, California, or another jurisdiction granting privacy rights, you may request access, correction, deletion, restriction, portability of your data, withdraw consent at any time, or lodge a complaint with your local supervisory authority. To exercise these rights, contact us at jubjub0395@gmail.com. We do not sell your personal information.

10. International transfers

Our servers are hosted in regions including the United States, Asia (Seoul — Supabase), and globally via Cloudflare’s edge network. By using the app you consent to the transfer of your data to these locations under appropriate safeguards (Standard Contractual Clauses where applicable).

11. Changes

We will post any material change to this policy here and update the “Last updated” date. Continued use of the app after a change indicates acceptance.

12. Contact

Email: jubjub0395@gmail.com