Home About Products Works Support Contact
Home · Legal · Privacy Policy

Privacy Policy

Fuyu Culture Co., Ltd. (Tax ID 90121032)

Last updated: May 2, 2026

Fuyu Culture Co., Ltd. (hereinafter "the Company", "we"; Tax ID 90121032) takes your personal data protection seriously. This policy describes how we collect, use, store, and share your personal data through Misstarot, LifeGrid, and our website (fuyuculture.com, misstarot.app, and subdomains). It is drafted in compliance with Taiwan's Personal Data Protection Act and the EU General Data Protection Regulation (GDPR).

1. Data Controller

Item Detail
Company name Fuyu Culture Co., Ltd.
Tax ID 90121032
Registered address No. 3, Sec. 2, Zhongshan Rd., Sanzhi Dist., New Taipei City, Taiwan
Representative Yi-Lung Chung
Contact email [email protected]

2. Data We Collect

2.1 Misstarot App / Website

  • Account data: email, nickname, third-party login ID (Google)
  • Personal data (optional): birth date, birth time, birth place, gender, occupation (for astrology computation and personalized interpretation)
  • Service usage: reading history, draw history, saved interpretations, AI conversation content
  • Subscription / billing: subscription status, subscription date, platform order ID (no credit card data — handled by Apple/Google)
  • Device data: device model, OS version, language, IP address (retained max 30 days for fraud prevention)

2.2 LifeGrid App

  • No personal data collected. All data stored on your device, never sent to any server.

2.3 fuyuculture.com Website

  • Essential cookies: login session
  • Analytics: collected via Plausible Analytics (privacy-friendly, no cookies, no cross-site tracking)
  • Contact form: sent to our inbox, used solely to reply to you

3. Purposes of Use

Purpose Legal basis
Account management & authentication Contractual necessity
Personalized content generation (astrology / tarot) Contractual necessity / consent
Customer service & support Contractual necessity
Subscription billing Contractual necessity
Service improvement & analytics Legitimate interest
Security & fraud prevention Legitimate interest / legal obligation
Marketing notifications (only with consent) Consent

4. Third-party Services & Data Sharing

We do not sell your personal data to any third party. To deliver our service, we use the following processors:

Service Purpose Data type
Firebase Authentication (Google) Authentication Email, Google ID Token
Google Gemini API AI interpretation generation Query content without PII
Cloudflare (Workers / D1 / R2) Infrastructure & data storage All backend data
Apple / Google Pay Subscription billing Handled by platforms, not by us
Plausible Analytics Website traffic analytics Anonymized aggregated data

5. Data Storage & Retention

  • Storage location: Cloudflare global edge, prioritizing Asia-Pacific nodes
  • Retention:
  • Account data: until account deletion
  • 30 days after deletion (legal grace period, then permanent deletion)
  • Transaction records: 7 years per tax law
  • System logs: 30 days
  • Marketing consent withdrawal: stop using immediately, retain proof of withdrawal for 3 years

6. Your Rights

Under Taiwan's PDPA and GDPR, you have the following rights:

  1. Access: know what data we hold about you
  2. Rectification: correct inaccurate or outdated data
  3. Erasure (right to be forgotten): request permanent deletion
  4. Data portability: obtain a portable copy of your data
  5. Withdraw consent: for consent-based processing, withdraw at any time
  6. Object: object to specific data processing
  7. Reject automated decision-making: request human intervention

To exercise: - In-app: Profile → Settings → Privacy Management - Email: [email protected] - We will respond within 30 days

7. Children's Protection

Our services are not designed for children under 13, nor do we knowingly collect data from children under 13. If you discover an underage child has used our service without guardian consent, please contact us — we will delete their data immediately.

8. Cookies & Similar Technologies

See Cookie Policy.

9. Data Security

We implement industry-standard measures:

  • HTTPS site-wide (TLS 1.3)
  • One-way password hashing (irreversible)
  • Encrypted API token storage
  • Regular security reviews
  • Minimum-access principle for employee data access

No system can guarantee 100% security. In the event of a data breach, we will notify the relevant authorities and affected users within 72 hours.

10. Cross-border Data Transfers

Some processors (Firebase, Gemini, Cloudflare) are headquartered overseas. We only select processors that meet GDPR Standard Contractual Clauses (SCCs) or equivalent protection levels.

11. Policy Changes

When this policy changes, we will:

  1. Update "Last updated" on this page
  2. Notify users via in-app popup or notification
  3. For significant changes (affecting data collection scope): 30 days' notice via registered email

12. Contact

For questions about this policy or to exercise your rights:

  • Email: [email protected]
  • Address: No. 3, Sec. 2, Zhongshan Rd., Sanzhi Dist., New Taipei City, Taiwan
  • Representative: Yi-Lung Chung

If you believe our data processing violates regulations, you may file a complaint with:

  • Taiwan: National Development Council / Personal Data Protection Office
  • EU: your local Data Protection Authority (DPA)

This is an AI-assisted draft. The final version will be reviewed by legal counsel before publication.

This site uses essential local storage for basic functionality. No tracking cookies, no data sale. See Cookie Policy and Privacy Policy.