Privacy Policy
Last updated: June 2025
1. Introduction
The IChingWisdom (“we,” “us,” or “our”) operates the website www.theichingwisdom.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site and use our services, including our I Ching divination tool, Feng Shui calculators, and newsletter.
This policy is written in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal information is:
The IChingWisdom
Email: privacy@theichingwisdom.com
For GDPR-related inquiries, contact our Data Protection Officer at: dpo@theichingwisdom.com
3. Information We Collect
3.1 Information You Provide
- Newsletter subscription: Email address when you subscribe to our newsletter.
- Contact form: Name, email address, and message content when you contact us.
- I Ching divination: No personal data is stored. Divination inputs are processed in real-time and not retained on our servers.
- Feng Shui Calculator: Birth year and gender inputs are processed locally in your browser and never transmitted to or stored on our servers.
3.2 Information Collected Automatically
- Usage data: Pages visited, time spent, referring URLs, browser type, device type, IP address (anonymized).
- Cookies: Essential cookies for site functionality, analytics cookies (see Section 8).
3.3 Information from Third Parties
- Amazon Associates: When you click an affiliate link, Amazon may set cookies according to their own privacy policy. We do not receive your Amazon purchase data.
4. Lawful Basis for Processing
We process your personal data only when we have a lawful basis under GDPR Article 6:
| Data Type | Lawful Basis | Legal Ground |
|---|---|---|
| Newsletter email | Consent | Art. 6(1)(a) |
| Contact form data | Legitimate interest | Art. 6(1)(f) |
| Usage/analytics data | Legitimate interest | Art. 6(1)(f) |
| Essential cookies | Legitimate interest | Art. 6(1)(f) |
5. How We Use Your Information
- Send newsletter updates you opted into
- Respond to contact form inquiries
- Analyze site usage to improve content and user experience
- Operate and maintain the Site securely
- Comply with legal obligations
We do not use your data for automated decision-making, profiling, or sell personal information to third parties.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Newsletter subscriber email | Until unsubscribed + 30 days |
| Contact form submissions | 12 months after resolution |
| Anonymized analytics data | 26 months |
| Server logs | 30 days |
7. Your Rights Under GDPR
If you are a resident of the European Economic Area (EEA) or United Kingdom, you have the following rights:
Right of Access (Art. 15)
You can request a copy of the personal data we hold about you.
Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17)
You can request deletion of your personal data. We will comply unless retention is required by law.
Right to Restriction (Art. 18)
You can request that we restrict processing of your data in certain circumstances.
Right to Data Portability (Art. 20)
You can request your data in a structured, machine-readable format.
Right to Object (Art. 21)
You can object to processing based on legitimate interest. We will stop unless we have compelling grounds.
Right to Withdraw Consent (Art. 7)
Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint (Art. 77)
You have the right to lodge a complaint with a supervisory authority. The lead authority for The IChingWisdom is the Irish Data Protection Commission (DPC).
To exercise any of these rights, contact us at dpo@theichingwisdom.com. We will respond within 30 days. We do not charge for these requests unless they are manifestly unfounded or excessive.
8. Cookie Policy
8.1 Essential Cookies
These cookies are necessary for the Site to function. They do not require consent under GDPR.
| Cookie | Purpose | Duration |
|---|---|---|
| session | Admin authentication | Session |
8.2 Analytics Cookies
We use analytics to understand how visitors use our Site. These cookies are set only with your consent. You can opt out at any time.
8.3 Third-Party Cookies
When you click Amazon affiliate links, Amazon may set cookies on your device. These are governed by Amazon's Privacy Policy, not ours. We encourage you to review their policy.
8.4 Managing Cookies
You can control and delete cookies through your browser settings. Please note that disabling cookies may affect Site functionality.
9. Third-Party Services
We use the following third-party services that may process your data:
- Supabase (supabase.com): Database and backend hosting. Data processed under their DPA with servers in the EU (Ireland). See Supabase Privacy Policy.
- Amazon Associates: Affiliate program. Click-through data governed by Amazon's privacy practices.
10. International Data Transfers
Our primary database (Supabase) is hosted in the EU (Ireland). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) adopted by the European Commission
- Data Processing Agreements with all third-party processors
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
11. Data Security
We implement appropriate technical and organizational measures to protect your data:
- HTTPS/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Row-Level Security (RLS) on all database tables
- Service-role keys stored as environment variables, never in source code
- Regular access reviews and principle of least privilege
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected data subjects without undue delay, in accordance with GDPR Articles 33 and 34.
12. Children's Privacy
Our Site is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will delete it promptly.
13. California Consumer Privacy Act (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- Right to Know: Request disclosure of what personal information we collect, use, and disclose.
- Right to Delete: Request deletion of your personal information.
- Right to Opt Out: We do not sell personal information, so there is no opt-out of sale required.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
In the past 12 months, we have collected the categories of personal information listed in Section 3. We have not sold any personal information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. For newsletter subscribers, we will also send an email notification for material changes.
15. Contact Us
For any questions about this Privacy Policy or to exercise your data subject rights:
General inquiries: privacy@theichingwisdom.com
Data Protection Officer: dpo@theichingwisdom.com
Supervisory Authority: Irish Data Protection Commission (dataprotection.ie)