Privacy Policy

Last updated: April 1, 2026

1. Data Controller

Solorah
Email: contact@solorah.com

2. Data Collected

a) Contact form

  • Data: name, email, message
  • Purpose: respond to your inquiry
  • Legal basis: consent (GDPR Art. 6.1.a)
  • Retention: 12 months after processing

b) User account

  • Data: email address (via magic link)
  • Purpose: access to reading save features
  • Legal basis: contract performance (GDPR Art. 6.1.b)
  • Retention: until account deletion by user

c) Saved readings

  • Data: reading type, cards drawn, question asked, date
  • Purpose: allow consultation of your personal history
  • Legal basis: contract performance (GDPR Art. 6.1.b)
  • Retention: until account deletion

Note: questions asked during readings may contain sensitive personal information (relationships, health, etc.). By saving a reading, you consent to the processing of this information.

d) User profile

  • Data: display name (optional), preferred language
  • Purpose: experience personalization
  • Legal basis: contract performance (GDPR Art. 6.1.b)
  • Retention: until account deletion

e) Technical data

  • Data: IP address, session tokens
  • Purpose: security and site operation
  • Legal basis: legitimate interest (GDPR Art. 6.1.f)
  • Retention: session duration

3. Cookies and Local Storage

This site uses:

  • Session cookies (Firebase Auth): strictly necessary, exempt from consent under the ePrivacy Directive.
  • Local storage (localStorage): display preferences (theme, audio volume, analytics consent choice). This is not personal data.
  • Google Analytics (GA4): audience measurement with IP anonymization, no sharing with Google Ads and no ad personalization. Loaded only after explicit consent via the banner. You can decline or withdraw your consent at any time using the "Manage cookies" button in the footer.

No advertising cookies are used on this site.

4. Sub-processors

Your data is processed by the following sub-processors:

Sub-processorRoleLocation
Google LLC (Firebase)Database, authenticationUSA
Google LLC (Analytics)Audience measurement (after consent)USA
Resend Inc.Transactional emailsUSA
Vercel Inc.Web hostingUSA

Data transfers outside the EU are made to the United States. These sub-processors are covered by the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) compliant with GDPR.

5. Your Rights (GDPR Art. 15-21)

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to object
  • Right to restriction of processing

To exercise these rights: contact@solorah.com
Response time: 30 days maximum.

6. Account Deletion

You may request the deletion of your account and all associated data by emailing contact@solorah.com. Deletion will be completed within 30 days.

7. Complaints

If you believe your data is not being processed in accordance with applicable regulations, you may file a complaint with the CNIL: www.cnil.fr

Readings are offered for entertainment and personal development purposes only. They are purely cultural, recreational and playful in nature. Divination and card readings are not an exact science. Interpretations are automatically generated for informational purposes only and should never be used as a substitute for medical, psychological, legal or financial advice. This service is intended for adults (18+) only.