Tarovia logo
Order ReadingOfferReviewsMy readingsCard Of The DayAboutFAQGuide
OrderPL

Privacy Policy

Tarovia processes personal data only as needed to deliver readings, communicate with customers, and handle payments. Every question and reading file is treated as private.

Updated: May 9, 2026.

Data controller

The data controller is Tarovia. Privacy contact: kontakt@tarovia.pl.

What data is collected

  • Email address and optional preferred name.
  • Question content, context, and support details submitted in forms.
  • Transactional data and payment status.
  • Reading files such as spread photo and optional voice note.
  • Receipt details when the customer requests a sales document.

Why data is processed

  • Preparing and delivering your reading.
  • Handling order status and add-ons.
  • Operational contact and support communication.
  • Issuing sales documents on request.
  • Security and abuse prevention.

GDPR legal bases

  • Art. 6(1)(b) GDPR: performance of a contract (delivery of the reading and order handling).
  • Art. 6(1)(c) GDPR: legal obligations (e.g. accounting and sales records).
  • Art. 6(1)(f) GDPR: legitimate interests (security, claims defense, operational communication).

Technology providers

The service uses technical providers: Supabase (database and storage), Stripe (payments), Brevo (email), and Vercel (hosting). Data is shared only to the extent required to operate the service.

Retention period

  • Customer reading access: up to 180 days from order date.
  • Transactional and billing records: as required by accounting and tax laws.
  • Contact data: as long as needed to handle your request and potential claims.

Your rights

  • Right of access and copy of personal data.
  • Right to rectification.
  • Right to erasure (where legally applicable).
  • Right to restriction of processing.
  • Right to object to processing based on legitimate interests.
  • Right to data portability (where contract-based).

For privacy requests, contact kontakt@tarovia.pl.

Supervisory authority complaint

If you believe your data is processed unlawfully, you may lodge a complaint with your supervisory authority.

Transfers outside EEA

Because global providers are used (e.g. payments, hosting, email), data may be transferred outside the EEA. In such cases, GDPR transfer safeguards are applied (e.g. Standard Contractual Clauses).

Voluntary data provision

Providing data is voluntary, but required to place and deliver an order. Missing required data may prevent service delivery.

Profiling and automated decisions

Data is not used for automated decision-making producing legal effects, nor profiling within the meaning of GDPR.