Privacy Policy

Last updated: December 9, 2025

1. Introduction

MysticEast, operated by SZLK LTD (Company Number: 16843016), a company registered in England and Wales ("we," "our," or "us"), respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our Service.

Important: Our Service is provided for entertainment and self-reflection purposes only. It should not be used as a substitute for professional advice.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Birth Date: Required for generating your Eastern Energy Persona and horoscope readings
• Payment Information: Processed securely by Stripe; we do not store credit card details
• Communications: When you contact us for support or submit data rights requests

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: Browser type, operating system, device type
• Log Data: IP address (hashed for privacy), access times, referring URLs
• Cookies: See our for details Cookie Policy
• Cookie Consent Records: We log your cookie preferences (timestamp, version, region, choices) for compliance purposes

3. How We Use Your Information

We use your information to:

• Provide personalized readings and insights based on your birth date
• Process payments and manage subscriptions
• Send you service-related communications
• Improve and optimize our Service
• Respond to your inquiries and provide support
• Process and respond to data rights requests
• Comply with legal obligations

4. Legal Basis for Processing

We process your data based on:

• Contract: To provide the Service you requested (account, readings, subscriptions)
• Consent: For marketing communications and optional analytics/cookies (you can opt out anytime)
• Legitimate Interest: To improve our Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and respond to lawful requests

5. Data Sharing & Third-Party Processors

We share your information with the following service providers:

DPA = Data Processing Agreement; SCCs = Standard Contractual Clauses (EU-approved transfer mechanism)

We do not sell or share your personal data for cross-context behavioral advertising. See our Do Not Sell/Share page for more information. Do Not Sell/Share

6. AI Data Processing

When generating readings, we send minimal data (such as birth date) to AI models via Cloudapi. We do not store AI prompts or responses longer than necessary to deliver the feature. AI-generated content is for entertainment only and should not be relied upon for decisions.

7. Data Retention

• Account Data: Retained while your account is active; deleted within 30 days of account deletion
• System Logs: Retained up to 90 days for security and abuse prevention
• Cookie Consent Logs: Retained for 3 years for compliance audit purposes
• AI Prompts/Responses: Not retained beyond session delivery
• Backups: Roll off within 30 days
• Legal Retention: Some data may be retained longer if required by law

8. Your Rights

Depending on your location, you may have the following rights:

• Access / Portability: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Restriction / Objection: Limit or object to certain processing
• Withdraw Consent: Withdraw consent for marketing or optional processing
• Do Not Sell/Share: Opt out of sale/sharing (we don't sell data, but you can confirm via ) Do Not Sell/Share

To exercise your rights: Visit or email [email protected]. We verify your identity via your account email and aim to respond within 30 days (or sooner where required by law). /privacy-request

9. Cookies

We use cookies categorized as:

• Necessary: Authentication, security, session management (always on)
• Analytics: Usage statistics via Vercel Analytics (only after consent)
• Marketing: Personalization (only after consent; currently not used)

Manage your preferences via the cookie banner or at Cookie Preferences. See our full Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures including encryption (TLS), secure servers, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

11. International Transfers

Your data may be processed outside your country (primarily in the US). We use Standard Contractual Clauses (SCCs), UK International Data Transfer Agreement addendums, or equivalent safeguards for cross-border transfers with our providers.

12. Children's Privacy

Our Service is intended for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. If we discover we have collected data from someone under 18, we will delete it promptly. Please contact us if you believe this has occurred.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related inquiries:

SZLK LTD
Company Number: 16843016
Email: [email protected]
Address: 128 City Road, London, EC1V 2NX, United Kingdom

Submit data rights requests at /privacy-request.

15. Regional Supplements

15.1 European Economic Area & United Kingdom (GDPR/UK GDPR)

If you are in the EEA or UK, you have rights under GDPR/UK GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal bases for processing are contract, consent, legitimate interest, and legal obligation (see Section 4). For cross-border transfers, we rely on Standard Contractual Clauses and UK International Data Transfer Agreement addendums.

You have the right to lodge a complaint with your local supervisory authority (e.g., the UK Information Commissioner's Office at ico.org.uk).

15.2 United States (CCPA/CPRA & State Laws)

If you are a California resident, you have rights under CCPA/CPRA including the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. We do not sell personal information or share it for cross-context behavioral advertising.

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with privacy laws may have similar rights. Contact us at [email protected] or visit /privacy-request to exercise your rights.

15.3 Taiwan (PDPA)

If you are in Taiwan, you have rights under the Personal Data Protection Act including access, correction, deletion, and cessation of processing. Data is transferred to the US for processing with appropriate safeguards.

15.4 Hong Kong (PDPO)

If you are in Hong Kong, you have rights under the Personal Data (Privacy) Ordinance including access and correction. We collect data for specified purposes and retain it no longer than necessary.

15.5 Singapore, Malaysia, Thailand (PDPA)

If you are in Singapore, Malaysia, or Thailand, you have rights under your respective PDPA laws including access, correction, and withdrawal of consent. We process data with your consent or for contractual necessity.

15.6 Indonesia (PDP Law), Philippines (DPA), Vietnam

If you are in Indonesia, the Philippines, or Vietnam, you have rights under your local data protection laws. Contact us to exercise your rights regarding access, correction, deletion, or consent withdrawal.