1. Introduction
Mystic ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
2. Information We Collect
We collect the following types of information:
- Account Information: Name, email address, and profile photo when you create an account.
- Payment Information: Payment details are processed securely through Stripe. We do not store your full credit card number.
- Booking Data: Details of sessions you book or provide, including dates, times, and service types.
- Messages: Communications exchanged between clients and readers through our platform.
- Usage Data: Information about how you interact with our platform, including pages visited and features used.
3. How We Use Your Information
We use the information we collect to:
- Provide and maintain our platform services
- Process bookings and payments
- Send transactional emails (booking confirmations, reminders)
- Improve our platform and user experience
- Ensure platform safety and prevent fraud
- Comply with legal obligations
4. Data Sharing
We do not sell your personal data. We share information only with:
- Stripe: For payment processing
- Service Providers: Hosting, email delivery, and analytics services that help us operate the platform
- Readers/Clients: Relevant booking information is shared between parties in a session
- Legal Requirements: When required by law or to protect our rights
5. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a machine-readable format
- Restriction: Restrict processing of your personal data
- Objection: Object to processing of your personal data
You can exercise your data rights through the Account Settings page. Use "Export My Data" to download a copy of your data, or "Delete My Account" to schedule account deletion with a 30-day grace period.
6. Data Retention
We retain your personal data for as long as your account is active. When you request account deletion, your data is retained for a 30-day grace period, after which it is permanently deleted. Some data may be retained longer where required by law (e.g., financial records).
7. Cookies
We use essential cookies required for the platform to function (authentication, session management). We will ask for your consent before setting any non-essential cookies.
8. Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews.
9. Contact
For any privacy-related questions or to exercise your rights, please contact us at [email protected].