Privacy Policy

Last Updated: January 1, 2024

Welcome to PalmVision. We are committed to protecting your privacy and handling your personal data transparently and securely. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered palm reading services.

1. Overview

PalmVision ("we," "our," or "us") operates the website and mobile application (collectively, the "Service"). This Privacy Policy applies to all users of our Service, including visitors from the European Union, European Economic Area, United Kingdom, and the United States.

Key Points:

• We collect minimal personal data necessary to provide our Service
• We use your palm images solely to generate your personalized reading
• We do not sell your personal information to third parties
• You have rights regarding your data, including access, deletion, and portability
• We comply with GDPR, CCPA, and other applicable privacy regulations

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address (required for account creation and report delivery)
• First name (optional, for personalization)
• Date of birth (optional, for zodiac sign integration)
• Gender (optional, for personalized insights)

Palm Images:

• Photographs of your palm(s) that you upload for analysis
• Images are processed by our AI systems to identify palm lines and features

Payment Information:

• Billing details are processed by our payment provider (Stripe)
• We do not store your full credit card numbers or payment details
• We receive only transaction IDs and payment confirmation data

Communications:

• Messages you send us through contact forms or support requests
• Survey responses or feedback you provide

2.2 Information Collected Automatically

Technical Data:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent on our Service
• Referral source and exit pages
• Date and time of access

Cookies and Similar Technologies:

• Session cookies (to maintain your login state)
• Analytics cookies (to understand how you use our Service)
• Preference cookies (to remember your settings)

For more information, see our Cookie Policy section below.

2.3 Information from Third Parties

Authentication Providers:

• If you sign in using a third-party service (e.g., Google, Apple), we receive basic profile information as authorized by you

Payment Processors:

• Stripe provides us with transaction confirmation and payment status

Analytics Services:

• We use Vercel Analytics to understand aggregate usage patterns
• No personally identifiable information is shared with analytics providers

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 To Provide Our Service

• Process and analyze your palm images using AI technology
• Generate personalized palm reading reports
• Deliver your report via email
• Maintain your account and reading history
• Provide customer support

Legal Basis (GDPR): Performance of contract, legitimate interests

3.2 To Communicate with You

• Send you your purchased reading report
• Respond to your inquiries and support requests
• Send service-related announcements (security alerts, policy changes)
• Send optional email reminders (if you opt in)

Legal Basis (GDPR): Performance of contract, legitimate interests, consent (for marketing)

3.3 To Process Payments

• Process transactions through our payment provider
• Prevent fraud and ensure payment security
• Maintain transaction records

Legal Basis (GDPR): Performance of contract, legal obligation

3.4 To Improve Our Service

• Analyze usage patterns and trends (in aggregate)
• Improve our AI algorithms and reading accuracy
• Develop new features and services
• Monitor and improve Service performance

Legal Basis (GDPR): Legitimate interests

3.5 To Ensure Security and Compliance

• Detect and prevent fraud, spam, and abuse
• Enforce our Terms of Use
• Comply with legal obligations
• Protect our rights and property

Legal Basis (GDPR): Legal obligation, legitimate interests

4. How We Share Your Information

We do not sell your personal information. We share your data only in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who help us operate our Service:

OpenAI (AI Processing):

• We use OpenAI's API to process palm images and generate readings
• Palm images are sent to OpenAI for analysis
• OpenAI's data usage is governed by their API Terms
• Images are not used to train OpenAI's models (per their enterprise agreement)

Stripe (Payment Processing):

• Handles all payment transactions securely
• Processes billing information according to their Privacy Policy
• PCI DSS Level 1 compliant

Vercel (Hosting & Infrastructure):

• Hosts our website and stores your data
• Data stored in Vercel KV (key-value database)
• Servers located in the United States

Resend (Email Delivery):

• Sends your reading reports and service emails
• Processes your email address for delivery purposes

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Requests from law enforcement or government authorities
• Protection of our rights, property, or safety
• Investigation of fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. You will be notified via email and/or prominent notice on our Service.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:

Active Accounts:

• Account information: Retained while your account is active
• Palm images: Retained for 90 days after reading generation
• Reading reports: Retained for 2 years or until account deletion
• Payment records: Retained for 7 years (tax and legal requirements)

Inactive Accounts:

• Accounts inactive for 3 years are automatically deleted
• You will receive notice before deletion

Deleted Accounts:

• Upon account deletion, we permanently delete your data within 30 days
• Some information may be retained longer if required by law or for legitimate purposes (e.g., fraud prevention, legal disputes)

Backup Data:

• Deleted data is removed from backups within 90 days

6. Your Privacy Rights

6.1 Rights for All Users

Regardless of your location, you have the following rights:

Access:

• Request a copy of the personal data we hold about you
• Request information about how we process your data

Correction:

• Update or correct inaccurate personal information

Deletion:

• Request deletion of your personal data
• Note: Some data may be retained for legal compliance

Portability:

• Receive your data in a structured, machine-readable format
• Transfer your data to another service provider

Objection:

• Object to certain types of data processing
• Opt out of marketing communications

Restriction:

• Request that we limit how we use your data

6.2 Additional Rights for EU/EEA/UK Users (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under GDPR:

Right to Withdraw Consent:

• Withdraw consent for processing at any time (where consent is the legal basis)
• Does not affect the lawfulness of processing before withdrawal

Right to Lodge a Complaint:

• File a complaint with your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)
• EU: Your national Data Protection Authority

Right to Object to Automated Decision-Making:

• Our AI-generated readings are for entertainment purposes only
• No automated decisions with legal or significant effects are made

Data Protection Officer:

• For privacy inquiries: info@boardwalk.pl

6.3 Additional Rights for California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act:

Right to Know:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information collected

Right to Delete:

• Request deletion of personal information we've collected

Right to Opt-Out:

• We do not sell personal information as defined by CCPA
• We do not share personal information for cross-context behavioral advertising

Right to Correct:

• Request correction of inaccurate personal information

Right to Non-Discrimination:

• We will not discriminate against you for exercising your privacy rights

Shine the Light:

• Request information about disclosure of personal information to third parties for their marketing purposes (we do not do this)

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@boardwalk.pl

Subject Line: "Privacy Rights Request - [Your Request Type]"

Include:

• Your name and email address
• Description of your request
• Proof of identity (if required for security)

We will respond to your request within:

• GDPR: 30 days (may be extended by 2 months for complex requests)
• CCPA: 45 days (may be extended by 45 days with notice)

7. Data Security

We implement industry-standard security measures to protect your personal data:

Technical Measures:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Secure authentication with NextAuth.js
• Two-factor authentication for admin access
• Regular security audits and updates

Organizational Measures:

• Access controls and least-privilege principles
• Employee training on data protection
• Confidentiality agreements with staff and vendors
• Incident response procedures

Payment Security:

• All payment processing handled by PCI DSS Level 1 compliant Stripe
• We never store full credit card numbers

Limitations:

• No method of transmission or storage is 100% secure
• We cannot guarantee absolute security
• You are responsible for keeping your password secure

Data Breach Notification:

• In the event of a data breach, we will notify affected users within 72 hours (GDPR requirement)
• Notifications will be sent via email to your registered address

8. International Data Transfers

8.1 Data Transfer Mechanisms

PalmVision is based in Poland (EU), but we use service providers located in various countries, including the United States.

For EU/EEA/UK Users:

• Data may be transferred to countries outside the EU/EEA/UK
• We ensure appropriate safeguards are in place:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with service providers
  • Adherence to EU-U.S. Data Privacy Framework (where applicable)

Primary Data Locations:

• Application hosting: United States (Vercel)
• Database: United States (Vercel KV)
• AI processing: United States (OpenAI)
• Email delivery: United States (Resend)

8.2 Your Rights Regarding International Transfers

If you are in the EU/EEA/UK, you have the right to:

• Request information about data transfer safeguards
• Object to transfers to countries without adequate protection
• Obtain copies of relevant transfer agreements

9. Children's Privacy

Our Service is not intended for children under the age of 18.

Age Requirements:

• You must be at least 18 years old to use our Service
• We do not knowingly collect information from children under 18
• If we learn we have collected data from a child under 18, we will delete it promptly

Parental Notice:

• If you believe your child has provided us with personal information, please contact us immediately at info@boardwalk.pl

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Essential Cookies:

• Session management and authentication
• Security features
• Load balancing
• These cookies are necessary for the Service to function and cannot be disabled

Analytics Cookies:

• Vercel Analytics (privacy-friendly, no personal data)
• Aggregated usage statistics
• Performance monitoring

Preference Cookies:

• Language preferences
• Display settings
• User interface customization

10.2 Third-Party Cookies

We do not use third-party advertising cookies or tracking pixels.

10.3 Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Cookies and website data

Note: Disabling essential cookies may prevent you from using certain features of our Service.

10.4 Do Not Track

We respect Do Not Track (DNT) browser signals. When DNT is enabled, we do not use analytics cookies.

11. Email Communications

11.1 Types of Emails

Transactional Emails (Cannot Opt Out):

• Reading reports you purchased
• Order confirmations and receipts
• Account security alerts
• Legal notices and policy changes
• Customer support responses

Promotional Emails (Can Opt Out):

• Product updates and new features
• Special offers and promotions
• Tips and content related to palmistry

11.2 Unsubscribe Options

You can unsubscribe from promotional emails at any time:

• Click "Unsubscribe" at the bottom of any promotional email
• Update your email preferences in your account settings
• Contact us at info@boardwalk.pl

You will continue to receive transactional emails necessary for the Service.

12. Links to Other Websites

Our Service may contain links to third-party websites, services, or resources.

We Are Not Responsible For:

• Privacy practices of third-party websites
• Content or security of external sites
• Data collection by linked services

Your Responsibility:

• Review the privacy policies of any third-party sites you visit
• Be cautious when sharing personal information on external sites

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

• Material changes: Email notification to registered users
• All changes: Posted on this page with updated "Last Updated" date
• Significant changes: Prominent notice on our website for 30 days

Your Continued Use:

• Continued use of the Service after changes constitutes acceptance
• If you do not agree with changes, discontinue use and delete your account

Version History:

• Previous versions available upon request

14. Legal Bases for Processing (GDPR)

For EU/EEA/UK users, we process your personal data based on the following legal grounds:

Processing Activity	Legal Basis
Providing palm reading service	Performance of contract
Processing payments	Performance of contract
Sending reading reports	Performance of contract
Customer support	Legitimate interests
Service improvement	Legitimate interests
Fraud prevention	Legitimate interests, legal obligation
Marketing communications	Consent (opt-in required)
Legal compliance	Legal obligation

You have the right to object to processing based on legitimate interests.

15. California Privacy Rights Summary

For California residents, here's a summary of your CCPA/CPRA rights:

Personal Information We Collect:

• Identifiers (email, name)
• Commercial information (purchase history)
• Biometric information (palm images)
• Internet activity (usage data)
• Inferences (palm reading results)

Do We Sell Personal Information?

• No, we do not sell personal information

Do We Share for Cross-Context Behavioral Advertising?

• No, we do not share for advertising purposes

Retention Periods:

• Account data: While account is active + 3 years
• Palm images: 90 days after reading
• Reading reports: 2 years
• Payment records: 7 years

How to Submit Requests:

• Email: info@boardwalk.pl
• Response time: 45 days (may extend 45 days)

Authorized Agents:

• You may designate an authorized agent to submit requests on your behalf
• We may require proof of authorization

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: Email: info@boardwalk.pl

General Support: Email: info@boardwalk.pl

Mailing Address: PalmVision BOARDWALK Konopnickiej 6/235 03-828 Warsaw, Poland

Data Protection Officer (EU/EEA/UK): Email: info@boardwalk.pl

Response Time: We aim to respond to all inquiries within 5 business days.

17. Supervisory Authorities

17.1 EU/EEA/UK Users

If you are located in the EU, EEA, or UK and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local supervisory authority:

Poland (Our Location): Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl Email: kancelaria@uodo.gov.pl

UK: Information Commissioner's Office (ICO) Website: https://ico.org.uk Phone: 0303 123 1113

Find Your EU Authority: https://edpb.europa.eu/about-edpb/board/members_en

17.2 California Users

California Attorney General: Website: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company Phone: 1-800-952-5225

17.3 Other US Users

Contact your state's Attorney General office for privacy-related complaints.

---

Glossary

Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).

Controller: The entity that determines the purposes and means of processing personal data (PalmVision).

Processor: An entity that processes personal data on behalf of the controller (our service providers).

GDPR: General Data Protection Regulation (EU regulation 2016/679).

CCPA: California Consumer Privacy Act.

CPRA: California Privacy Rights Act (amendment to CCPA).

---

By using PalmVision, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

Last Updated: January 1, 2024 Version: 1.0