Privacy Policy

Last updated: June 2025

1. Introduction

The IChingWisdom (“we,” “us,” or “our”) operates the website www.theichingwisdom.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site and use our services, including our I Ching divination tool, Feng Shui calculators, and newsletter.

This policy is written in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal information is:

The IChingWisdom

Email: privacy@theichingwisdom.com

For GDPR-related inquiries, contact our Data Protection Officer at: dpo@theichingwisdom.com

3. Information We Collect

3.1 Information You Provide

  • Newsletter subscription: Email address when you subscribe to our newsletter.
  • Contact form: Name, email address, and message content when you contact us.
  • I Ching divination: No personal data is stored. Divination inputs are processed in real-time and not retained on our servers.
  • Feng Shui Calculator: Birth year and gender inputs are processed locally in your browser and never transmitted to or stored on our servers.

3.2 Information Collected Automatically

  • Usage data: Pages visited, time spent, referring URLs, browser type, device type, IP address (anonymized).
  • Cookies: Essential cookies for site functionality, analytics cookies (see Section 8).

3.3 Information from Third Parties

  • Amazon Associates: When you click an affiliate link, Amazon may set cookies according to their own privacy policy. We do not receive your Amazon purchase data.

4. Lawful Basis for Processing

We process your personal data only when we have a lawful basis under GDPR Article 6:

Data TypeLawful BasisLegal Ground
Newsletter emailConsentArt. 6(1)(a)
Contact form dataLegitimate interestArt. 6(1)(f)
Usage/analytics dataLegitimate interestArt. 6(1)(f)
Essential cookiesLegitimate interestArt. 6(1)(f)

5. How We Use Your Information

  • Send newsletter updates you opted into
  • Respond to contact form inquiries
  • Analyze site usage to improve content and user experience
  • Operate and maintain the Site securely
  • Comply with legal obligations

We do not use your data for automated decision-making, profiling, or sell personal information to third parties.

6. Data Retention

Data TypeRetention Period
Newsletter subscriber emailUntil unsubscribed + 30 days
Contact form submissions12 months after resolution
Anonymized analytics data26 months
Server logs30 days

7. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA) or United Kingdom, you have the following rights:

Right of Access (Art. 15)

You can request a copy of the personal data we hold about you.

Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17)

You can request deletion of your personal data. We will comply unless retention is required by law.

Right to Restriction (Art. 18)

You can request that we restrict processing of your data in certain circumstances.

Right to Data Portability (Art. 20)

You can request your data in a structured, machine-readable format.

Right to Object (Art. 21)

You can object to processing based on legitimate interest. We will stop unless we have compelling grounds.

Right to Withdraw Consent (Art. 7)

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint (Art. 77)

You have the right to lodge a complaint with a supervisory authority. The lead authority for The IChingWisdom is the Irish Data Protection Commission (DPC).

To exercise any of these rights, contact us at dpo@theichingwisdom.com. We will respond within 30 days. We do not charge for these requests unless they are manifestly unfounded or excessive.

8. Cookie Policy

8.1 Essential Cookies

These cookies are necessary for the Site to function. They do not require consent under GDPR.

CookiePurposeDuration
sessionAdmin authenticationSession

8.2 Analytics Cookies

We use analytics to understand how visitors use our Site. These cookies are set only with your consent. You can opt out at any time.

8.3 Third-Party Cookies

When you click Amazon affiliate links, Amazon may set cookies on your device. These are governed by Amazon's Privacy Policy, not ours. We encourage you to review their policy.

8.4 Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling cookies may affect Site functionality.

9. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase (supabase.com): Database and backend hosting. Data processed under their DPA with servers in the EU (Ireland). See Supabase Privacy Policy.
  • Amazon Associates: Affiliate program. Click-through data governed by Amazon's privacy practices.

10. International Data Transfers

Our primary database (Supabase) is hosted in the EU (Ireland). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission
  • Data Processing Agreements with all third-party processors
  • Encryption in transit (TLS 1.2+) and at rest (AES-256)

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Row-Level Security (RLS) on all database tables
  • Service-role keys stored as environment variables, never in source code
  • Regular access reviews and principle of least privilege

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected data subjects without undue delay, in accordance with GDPR Articles 33 and 34.

12. Children's Privacy

Our Site is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will delete it promptly.

13. California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: Request disclosure of what personal information we collect, use, and disclose.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt Out: We do not sell personal information, so there is no opt-out of sale required.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

In the past 12 months, we have collected the categories of personal information listed in Section 3. We have not sold any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. For newsletter subscribers, we will also send an email notification for material changes.

15. Contact Us

For any questions about this Privacy Policy or to exercise your data subject rights:

General inquiries: privacy@theichingwisdom.com

Data Protection Officer: dpo@theichingwisdom.com

Supervisory Authority: Irish Data Protection Commission (dataprotection.ie)