Effective date: 2026-04-17 Last updated: 2026-04-17
1. Who we are
This Privacy Policy describes how [[COMPANY_NAME]] ("we", "us", "our") collects, uses and shares your personal data when you use the Meridy mobile application (the "App").
Data controller:
- Legal entity: [[COMPANY_NAME]]
- Registered office: [[COMPANY_ADDRESS]]
- Companies House number: [[COMPANY_NUMBER]]
- ICO registration number: [[ICO_NUMBER]]
- Contact: [[SUPPORT_EMAIL]]
We are registered in the United Kingdom and we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Personal data we collect
Information you provide to us
- Account information: email address and password (if you register an account)
- Profile data: name (optional), date of birth, time of birth, place of birth (city and coordinates)
- People you add: names, dates and places of birth of family members or friends you add for synastry calculations
- Saved places: locations you add to your saved places lists
- Support correspondence: the content of messages you send to us when contacting support
Information collected automatically
- Device information: device model, operating system version, locale, timezone
- Anonymous identifiers: IDFV, analytics anonymous IDs generated by third-party SDKs
- Advertising identifier (IDFA): only if you grant permission via Apple's App Tracking Transparency prompt
- Usage data: screens viewed, features used, interaction events within the App
- Subscription status and purchase history: synced from Apple's App Store via Adapty
Information generated by the App
- Astrological calculations: natal chart, astro-cartography lines, numerology numbers (derived from your birth data)
- AI-generated tarot and prediction content: stored against your account
3. How we use your data
We use your personal data for the following purposes:
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Providing the App's core features (natal chart, tarot, predictions) | Performance of a contract |
| Managing your account and authentication | Performance of a contract |
| Processing subscription purchases and managing entitlements | Performance of a contract |
| Measuring analytics, attribution, and app performance | Legitimate interest |
| Personalising AI-generated content based on your birth data | Performance of a contract |
| Sending service updates and security notices | Legal obligation |
| Preventing fraud, abuse, and security incidents | Legitimate interest |
| Advertising measurement (when IDFA consent granted) | Consent |
| Marketing communications | Consent |
4. Third parties we share data with
We share personal data with the following categories of service providers who act as data processors on our behalf:
Core infrastructure
- Convex — backend database and authentication infrastructure
- Expo — mobile app build and distribution platform
Subscription and billing
- Apple In-App Purchase — payment processing (we do not receive your payment card details)
- Adapty — subscription management and entitlement sync
Analytics and attribution
- Google Firebase Analytics — product analytics
- Meta (Facebook SDK) — advertising measurement and attribution
- AppsFlyer — install attribution and ad measurement
- PostHog — product analytics
AI content generation
- OpenRouter — routes requests to large language model providers (such as OpenAI, Anthropic) to generate personalised tarot interpretations and astrological predictions
Geocoding
- Photon by Komoot — converts city names you type into coordinates. We send only the text you enter; no personal identifiers are transmitted.
We may also disclose personal data where required by law, to respond to lawful requests from public authorities, to protect the rights, safety, and property of [[COMPANY_NAME]] or our users, or in connection with a merger, acquisition, or sale of assets.
We do not sell your personal data.
5. AI-generated content
The App uses artificial intelligence to generate personalised tarot card interpretations, year-ahead predictions, and astrological readings.
- When you open a card or prediction, your astrological data (such as natal chart summary, date, and context) is sent via OpenRouter to a large language model provider (for example, OpenAI or Anthropic).
- The AI provider returns generated text which we display to you and store against your account for future reference.
- Your data is not used by us to train AI models. AI providers' own data-handling practices are governed by their respective privacy policies linked above.
- We do not use AI to make automated decisions that produce legal or similarly significant effects on you (UK GDPR Article 22).
6. Your rights under UK GDPR
If you are located in the United Kingdom or the European Economic Area, you have the following rights regarding your personal data:
- Right of access — obtain a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your account and associated data. You can do this directly in the App via Profile → Delete Account, or by emailing [[SUPPORT_EMAIL]]
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request a copy of your data in a machine-readable format
- Right to object — object to processing based on legitimate interests, and to direct marketing
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
- Right to lodge a complaint — with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority
To exercise any of these rights, please contact us at [[SUPPORT_EMAIL]]. We will respond within one month.
7. Data retention
- Active accounts: we retain your personal data for as long as your account is active.
- Account deletion: when you delete your account using the in-app Delete Account feature, your personal data is permanently removed from our systems, including your profile, saved people, tarot cards, year-ahead readings, places lists, and natal chart data.
- Inactive accounts: accounts that have been inactive for 3 years may be automatically deleted.
- Third-party analytics: anonymised analytics data already transmitted to third-party providers (such as Firebase or AppsFlyer) is retained by those providers according to their own retention policies.
- Legal obligations: we may retain certain information for longer where required by law, to resolve disputes, or to enforce our agreements.
8. Security
We implement reasonable administrative, technical and physical safeguards to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit, access controls limiting who can view personal data, and biometric authentication required for account deletion actions.
No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
9. Children's privacy
The App is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us at [[SUPPORT_EMAIL]] and we will promptly delete it.
10. International data transfers
Some of the third-party service providers we work with (such as Firebase, Meta, AppsFlyer, PostHog, OpenRouter) are located outside the United Kingdom and European Economic Area, including in the United States. Where we transfer personal data outside the UK/EEA, we rely on appropriate safeguards including:
- UK and EU Standard Contractual Clauses
- Adequacy decisions recognised by the UK government
- Data Privacy Framework certification (where applicable)
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post any changes to this page and update the "Last updated" date above. Material changes will be communicated through in-app notices or by email where reasonable. Your continued use of the App after a change takes effect constitutes acceptance of the updated policy.
12. Contact us
For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:
[[COMPANY_NAME]] Email: [[SUPPORT_EMAIL]] Postal address: [[COMPANY_ADDRESS]]
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.