Privacy.

Last updated · 2026-06-04

Noumi reads your birth pattern back to you. To do that I need a small, specific set of facts from you. This page is the honest list: what I take, who sees it, how long I keep it, and how to make me forget all of it.

What I collect

· The name you tell me to call you by.
· Your gender (male or female) — needed for the 10-year life-phase windows.
· Your birth date (year, month, day) and birth time (if you know it).
· Your birthplace — city, country, and the latitude/longitude/timezone that the city autocomplete gave us.
· The email address tied to your Apple or Google sign-in.
· The reading I produce for you (the Stage 2 saju analysis and the Stage 3 Noumi-voice version).
· Lightweight product events (which onboarding step you saw, when you started or finished a reading, whether you tapped Share or Delete). These never carry your name, birth date, email, or location.
· Standard error and performance telemetry. Request bodies and form inputs are not auto-captured.

Why each field

· Name — so I can talk to you by name in the reading.
· Gender + birth date/time/place — the saju engine needs these to compute your chart. Without them the reading can't be generated.
· Email — to sign you in and to make sure only you see your reading.
· Reading text — saved so you can come back to your reading and so the share page works.
· Product events — to understand where people drop off in onboarding so I can fix it. Aggregated, never sold.

Who sees it

I keep your data with these companies, who act as processors on my behalf:

· Supabase — Postgres database and authentication. Your row of birth data and your reading live here. [REVIEW REQUIRED: region (e.g., Seoul, eu-west) — cross-border transfer disclosure depends on this.]
· OpenAI — Stage 2 and Stage 3 of the reading are generated by OpenAI's API. The prompt contains your computed chart (pillars, element distribution, daewun timeline) and your first name. Per OpenAI's API policy, API inputs and outputs are not used to train their models.
· Geoapify — birthplace autocomplete. Your typed query string (e.g., "Seo") is sent to look up city + timezone. No account identifier is sent.
· Sentry — error and performance monitoring. Request bodies and headers are not auto-captured. Errors are tagged with sanitized context only.
· Vercel — hosting and CDN. Standard server logs (IP, user agent, URL) for operational purposes.

I do not sell your data. I do not run ad networks. I do not share your reading or birth data with anyone outside this list.

How long I keep it

Until you delete it. Your account, birth data, chart, reading, and product events all live in your row in my database and stay there until you tell me to delete them. There is no automatic expiry.

How to delete everything

Open Settings (gear icon, top-right on your reading page), tap Delete everything I've shared with you, type the confirmation phrase, and confirm. This wipes your auth identity, your chart row, your reading, and every product event — instantly and permanently. There is no backup. If for any reason the in-app delete fails, email me (see Contact below) and I will run the delete manually.

Cookies

I use one kind of cookie: the Supabase authentication session cookie that keeps you signed in. There are no marketing cookies, no third-party advertising cookies, no cross-site trackers.

Children

Noumi is not intended for children under [REVIEW REQUIRED: minimum age — 13 (COPPA) or 16 (GDPR-K) depending on launch region]. If you believe a child has signed up, tell me at the contact address below and I will delete the account.

Your rights

Depending on where you live (EU/EEA, UK, California, Korea, others) you may have specific rights — to access, correct, port, or delete your data; to object to certain processing; to file a complaint with your local data-protection authority. The in-app delete satisfies the access-and-erasure rights immediately. For anything else, email me. [REVIEW REQUIRED: specific GDPR/CCPA/PIPA disclosures by counsel.]

Security

Transport is TLS end-to-end. Database access is row-level-scoped: my own server code can only read your row when you are the one signed in. Service-role keys are kept on the server, never shipped to the browser.

Changes to this policy

If I change this policy materially, I'll update the date at the top and, when the change affects how I treat your data, notify signed-in users at next sign-in.

Contact

Privacy questions, deletion requests that can't go through Settings, or data-rights requests:

[REVIEW REQUIRED: contact email — placeholder jhhan@xcroll.ai]
[REVIEW REQUIRED: legal entity name + address]

Terms · Home