Home

Privacy Policy

Last updated: April 23, 2026

AttoDreams Ltd., Part. ("we") takes your personal data seriously. This policy explains how we collect, use, disclose, and protect personal data in accordance with the Thai Personal Data Protection Act B.E. 2562 (PDPA).

1. Data We Collect

We collect only the data necessary to operate the reading service: email, password (bcrypt-hashed), name, date of birth, time of birth, birth province, gender, phone number (AES-256-GCM encrypted), usage data (such as reading history), and IP address + user agent (for abuse prevention).

2. Purpose of Use

We use data to compute horoscopes, authenticate logins, send verification and password-reset emails, prevent spam and bots, improve the Service, and comply with the law. We do not sell your data to third parties.

3. Consent

By registering or submitting your birth data, you consent to the collection, processing, and use of your data per this policy. You may withdraw consent at any time by requesting account deletion.

4. Third-Party Disclosure

We use: Google Gemini AI (AI summaries — no personally identifying fields such as email are sent), Resend (email delivery), Google reCAPTCHA v3 (bot protection), Cloudflare (CDN/security). Each provider has its own privacy policy.

5. Retention

We retain personal data for as long as your account is active or as required to provide the Service and comply with law (up to 10 years for transactional records). Audit logs are kept for 90 days.

6. Your Rights

You have the right to: (1) access and obtain a copy of your data, (2) request corrections, (3) request deletion or account removal, (4) withdraw consent, (5) file a complaint with Thailand's Personal Data Protection Committee. Contact the administrator email to exercise these rights.

7. Security

We use HTTPS/TLS for all traffic, bcrypt for passwords, AES-256-GCM for phone numbers, httpOnly session cookies, rate limiting, and audit logging. However, no system is 100% secure.

8. Changes to This Policy

We may update this policy from time to time without prior notice. Continued use after any change constitutes acceptance of the revised policy.