Rebel Spirit Tarot logo

Privacy Policy

for Rebel Spirit Tarot
Last updated: December 07, 2025
Important: Rebel Spirit Tarot is a personal reflection tool. Saved entries may contain sensitive information that you choose to write. You are always in control of what you record.

Rebel Spirit Tarot is a tarot reading and journaling application operated by Rebel Spirit LLC (“we”, “us”, or “our”). This Privacy Policy explains how we collect, use, and protect your information when you use our mobile applications (the “App”).

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

1. Who we are & how to contact us

Controller: Rebel Spirit LLC

Email: rachael@rebelspirit.app

If you have questions about this Privacy Policy or our data practices, you can contact us at rachael@rebelspirit.app.

2. Who can use the App

Rebel Spirit Tarot is intended for adults and is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

You may explore the App and perform readings without an account. However, to save any journal entry or reading/spread, you must create an account.

3. Information we collect

3.1 Account & identity information

When you create an account or sign in, we collect:

  • Email address (for email/password sign-in)
  • Authentication identifiers from Apple or Google sign-in (opaque IDs provided by those services)
  • Internal user ID (e.g., a Firebase Auth UID) used to associate your account with your saved data and purchases

We do not collect or store your passwords for Apple or Google sign-in.

3.2 Content you create in the App

When you save readings in the App, the App processes and stores:

  • Saved readings / journal entries
  • Spread layout used
  • Cards drawn and their positions (including card IDs and orientation)
  • Timestamp of the reading
  • Optional tags/intent fields (e.g., “career”, “health”)
  • Optional personal notes you choose to attach

Saving a “journal entry” is functionally the same as saving a reading/spread: each saved entry always includes spread data and may or may not include any personal notes.

Where this content is stored depends on your account type:

Registered users without a subscription:

Reading content is stored only on your device (local storage) and is not uploaded to our servers. We do not have access to content that remains stored only on your device and is not synced to our servers.

Please note that content stored on your device is protected primarily by your device’s own security features (such as your passcode, biometric lock, or OS-level encryption). If someone gains access to your unlocked device or your device backup, they may be able to access content stored in the App. You are responsible for maintaining the security of your device and login credentials.

Subscribers (both tiers):

This content is stored on your device and is also synced to our backend (for example, Firebase/Firestore) to provide backup and multi-device access. For subscribers, cloud sync is part of the service and is not optional.

3.3 Settings & preferences (stored locally)

We store many settings only on your device, including:

  • Theme and appearance settings (e.g., dark/light mode, high contrast)
  • Deck styling and display preferences
  • Language and other usability preferences
  • Certain onboarding completion flags

These are generally not synced to our servers and remain on your device unless or until you delete the App.

3.4 Purchases, subscriptions, credits & unlocks

We use RevenueCat together with the Apple App Store and Google Play Store to manage in-app purchases and subscriptions.

From these services, we receive and/or store:

  • Product identifiers (e.g., subscription tier IDs, credit pack IDs)
  • Subscription status (active, in grace period, cancelled, expired)
  • Purchase timestamps and renewal dates
  • Transaction identifiers and purchase receipts (as required for validation and fraud prevention)

In our own backend (e.g., Firebase/Firestore), we maintain:

  • Your subscription tier (e.g., basic sync tier, premium tier)
  • Credits balance
  • History of credits usage (e.g., which content pack or card back was unlocked)
  • Lists of unlocked items, such as unlocked card back IDs and other unlockable content identifiers

We do not collect or store your full payment card number, security code, or bank account details. Payments are processed by Apple or Google, and we receive only the information needed to recognize and validate your purchases.

3.5 App diagnostics & analytics

We may collect certain technical and usage information, such as:

  • Device type and operating system version
  • App version
  • Crash logs and error reports
  • Basic, anonymized usage statistics (e.g., which decks or store items are popular, which spreads are used or shared most often)

We use this information to:

  • Keep the App secure and functioning properly
  • Understand how features are used so we can improve the App
  • Analyze purchases and unlock patterns in an aggregated way

We do not use your private journal text or individual reading details to train AI models or to sell to advertisers.

4. How your information is stored

4.1 Local-only storage

If you are a registered user without a subscription, you may choose to keep your saved readings/journal entries only on your device (local storage). In that case, these items are not uploaded to our servers and will be deleted if you uninstall the App.

Some limited information (such as purchase/subscription records needed to honor purchases or restore them) may still be stored in the cloud, even if your readings/journals are kept local.

Local-only data stored on your device (for example, saved readings/journal entries that are not synced to the cloud) is removed from that device when you delete the App or clear its data through your device settings. This does not affect any data that may be stored in the cloud under your account.

4.2 Cloud storage for subscribers

If you subscribe to one of our tiers:

  • Your saved readings/journal entries are synced to our backend (e.g., Firebase/Firestore) to enable backup and recovery and access to the same content across devices.

5. How we use your information

We use the information we collect to:

  1. Provide and maintain the App
    • Create and manage your account
    • Save and display your readings/journal entries
    • Sync content across devices for subscribers
  2. Operate subscriptions, credits, and unlocks
    • Validate purchases with Apple/Google through RevenueCat
    • Determine your subscription tier and entitlements
    • Track credits and unlocked content so you retain access to purchases
  3. Improve and customize the App
    • Fix bugs and troubleshoot issues
    • Understand which features and content are most used
    • Adjust design, content, and offerings based on aggregated and anonymized usage
  4. Communicate with you
    • Send important service-related messages (e.g., changes to this Privacy Policy or our Terms, account-related notifications)
    • Respond to support inquiries

We do not sell your personal information to third parties or share it with advertisers for their own marketing purposes.

6. Legal bases for processing (EEA/UK users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

  • Contract: To provide the App and its features, including your account, saved readings, subscriptions, credits, and cloud sync.
  • Legitimate interests: To improve the App, prevent fraud and abuse, maintain security, and analyze aggregated usage.
  • Consent: Where required for optional features (such as marketing communications or certain analytics, if and when offered). You may withdraw consent at any time.

7. How we share information

We may share information with:

  1. Service providers / processors
    • Firebase / Google Cloud – hosting our backend, storing account data, sync’d content, and logs
    • RevenueCat – managing in-app purchases and subscriptions
    • App distribution platforms – Apple App Store and Google Play Store for payments and app updates
    • Analytics and crash reporting tools

    These providers act on our behalf and are bound by contracts to protect your information and use it only for the services we request.

  2. Legal and safety purposes
    • To comply with laws or legal processes
    • To respond to lawful requests from authorities
    • To protect our rights, property, or safety, or that of our users or others
  3. Aggregated or de-identified information
    • We may share aggregated or de-identified statistics (e.g., total number of users, popular spreads or card backs) that do not identify you personally.

We do not sell your personal data.

8. Data retention

We keep your personal information only as long as necessary for the purposes described in this policy, including to:

  • Provide you with the App and its features
  • Maintain your subscriptions, credits, and unlocked content
  • Comply with legal, accounting, and tax obligations
  • Resolve disputes and enforce our agreements

8.1 Account & content

  • Your account and any content stored in the cloud (e.g., sync’d readings and journal entries for subscribers) are retained for as long as your account is active.
  • You may delete your saved journal entries from within the App at any time.

8.2 Account deletion

You may request deletion of your account at any time (either via in-app controls, if available, or by contacting us at rachael@rebelspirit.app).

When you delete your account:

  • We will delete or anonymize your account profile and identifiers stored in our backend.
  • We will delete your sync’d readings and journal entries in Firestore.
  • We will delete or reset credits and unlocked content records linked to your user ID.
  • We may retain certain purchase and transaction records as required by law for bookkeeping and tax purposes. These records will be de-identified or pseudonymized so they are no longer reasonably linked to you as an individual.

Local-only data stored on your device (for example, saved readings/journal entries that are not synced to the cloud) is removed from that device when you delete the App or clear its data through your device settings. This does not affect any data that may be stored in the cloud under your account.

9. International data transfers

Our service providers (such as Firebase, RevenueCat, Apple, and Google) may process your information in countries other than your own, including the United States. Where required by law, we take steps to ensure that such transfers are subject to appropriate safeguards to protect your personal data.

10. Security

We take reasonable measures to protect your information, including:

  • Using encryption in transit (HTTPS) when data is sent between your device and our servers
  • Relying on reputable infrastructure providers with encryption at rest and access controls
  • Limiting access to production data to authorized personnel

No method of transmission or storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

We also encourage you to use a strong passcode or biometric lock on your device, keep your operating system up to date, and avoid sharing your device with others to help protect the content you store in the App.

11. Your rights & choices

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access – to know what information we hold about you
  • Correction – to request that we correct inaccurate information
  • Deletion – to request deletion of your personal information (subject to legal obligations)
  • Restriction / objection – to restrict or object to certain processing
  • Data portability – to receive a copy of certain information in a structured, machine-readable format

Within the App, you can:

  • Edit or delete individual entries and spreads (where supported)
  • Manage some preferences and settings
  • Manage subscriptions via the Apple App Store or Google Play Store

To exercise your rights, you can contact us at rachael@rebelspirit.app. We may need to verify your identity before fulfilling certain requests.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

12. Children’s privacy

As noted above, the App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that a child has provided us with personal information, we will take steps to delete such information promptly.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top of this page
  • Provide additional notice within the App if a change is material

Your continued use of the App after the revised policy becomes effective means you accept the updated terms.

14. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

Rebel Spirit LLC

Email: rachael@rebelspirit.app

This Privacy Policy is provided for informational purposes and does not constitute legal advice.