隐私政策
最近更新: May 30, 2026 · 适用于 UseONE, LLC 出品的 HexAstral、Kindred、Fēng、Cycle 以及所有卫星应用
1. Overview
We take your privacy seriously. This Privacy Policy describes how UseONE, LLC ("we", "us") collects, uses, stores, and protects your personal information across our family of apps: HexAstral, Kindred, Fēng, and related satellite apps.
This Policy complies with applicable data protection laws, including Apple App Store and Google Play privacy requirements and relevant international regulations.
2. Information We Collect
2.1 Information you provide • Birth information: solar date, time index, gender, optional city and coordinates (used for astrology calculations — Ba Zi, Zi Wei, fate timeline, compatibility, Feng Shui). • Personal name / nickname (optional). • Username (when you opt in to a public profile — see §15). • Display name and optional avatar image (if you upload one). • Apple ID identifier (when signing in with Apple) or Google account identifier (when signing in with Google). • Email address (optional, provided either automatically by Apple/Google on first sign-in or by you via the OTP binding flow). • Recipient email addresses you supply when initiating an invite, gift, or compatibility pairing. • Partner / third-party birth information you submit on behalf of someone else (e.g. compatibility readings). • Photographs of your face or palm (only when you use the Face/Palm reading features in HexAstral; see §7). • Site coordinates and an optional site photo (only when you use Feng Shui site analysis). • Free-text inputs: dream descriptions (Dream Oracle), I-Ching questions (Coin-Cast), numerology source names/dates (Numerology), birth-info correction history. • Biometric consent records: when you opt in to face/palm processing, we store a timestamped consent record (BIPA/GDPR Art. 9). • Public profile visibility flags: which fields (signature, ba zi, zi wei, basic identity, plain-language intro excerpt) you choose to make publicly visible. • Subscription receipts and entitlement state (via RevenueCat) when you purchase a paid product.
2.2 Automatically collected information • Device identifiers (IDFV only — not IDFA; no advertising tracking). • Device locale and time zone. • App usage logs: feature usage statistics, chapter unlock state, daily activity / streak markers, reading view marks. We do not log the textual content of your readings here. • Push notification tokens (when you grant push permission): used to send timeline / almanac / fortune alerts. Push tokens are revoked when you turn off push permission. • Phone-number hashes (only if you opt in to contact-matching for the "friends already joined" notification feature): we compute SHA-256 of normalized E.164 numbers from your address book locally on your device, then send only the hashes to our server. The raw numbers never leave your device. • Crash reports (via Cloudflare, used for bug fixes). • IP address (for regional detection, abuse prevention, and rate limiting; not stored long-term). • Daily / monthly quota counters keyed off user account (and IP for anonymous use).
2.3 Cross-app identifiers • Apple ID / Google account identifier (shared across all UseONE apps when you sign in with the same provider account). • Internal user ID (links your account across HexAstral, Kindred, Fēng, Cycle, Coin-Cast, Dream Oracle, Numerology, Face Oracle, Feng Shui app, and related satellites). • These identifiers enable account recovery and cross-app data continuity (see Sections 13–14).
2.4 Public profile data If you opt in to a public profile, the following may be exposed at hexastral.com/u/[username] without authentication: your username, optional display name, optional avatar, the year you joined, archetype label (e.g. "Tilled Soil"), and any chart fields you have explicitly marked public via the in-app visibility panel. Public profile is OFF by default. See §15 for full mechanics.
2.5 What we do NOT collect • We do not request access to your photo library or contacts unless you actively use a feature that needs them (Face/Palm reading or contact-matching), and even then we only process what is needed for that feature. • We do not collect precise GPS location (city-level only for timezone correction; Feng Shui site coordinates are entered by you). • We do not perform cross-app advertising tracking. We have no advertising business. • We do not sell or rent your personal data.
3. How We Use Your Information
Your birth information and related data are used for:
• Core features: Destiny Chart readings, Star Palace calculations, fate cycle analysis, compatibility readings • AI reading generation: your birth data is sent to AI model APIs (Cloudflare Workers AI and partner LLM providers) to generate personalized readings • Service improvement: aggregated, anonymized analytics to improve calculation accuracy • Security: necessary verification to prevent abuse
We do not sell, rent, or share your personal birth information with third parties for commercial purposes.
4. AI Models & Third-Party Services
To provide AI-powered readings, your birth information (not identity information) is transmitted to the following third-party AI providers:
• Cloudflare Workers AI (United States) — inference tasks • Anthropic / Google Gemini (depending on feature) — advanced reading generation
These providers process data under their own privacy policies. We have signed Data Processing Agreements (DPAs) prohibiting use of your data for model training or other unauthorized purposes.
Analytics: PostHog (EU data residency configurable), collecting only anonymous behavioral data.
5. Data Storage & Security
• Storage: Cloudflare global edge network (data stored in nearest region, default APAC) • Transmission: all data transmitted via TLS 1.3 encryption • At rest: database-level encryption (AES-256) • Access controls: strict employee permission tiers, principle of least privilege • Retention: account data permanently deleted within 30 days of account deletion; anonymized analytics retained up to 24 months
6. Your Rights
Under applicable law, you have the right to:
• Access: view the personal data we hold about you • Correction: fix inaccurate personal information • Deletion ("right to be forgotten"): request deletion of all account data • Data portability: export your chart data in machine-readable format • Withdraw consent: revoke consent to data processing at any time
To exercise these rights, email: privacy@hexastral.com We will respond within 15 business days.
7. Face / Palm Reading — Special Notice
The Face and Palm reading features require you to upload a photo. Regarding this feature:
• Photos are transmitted temporarily to an AI vision model (VLM) only during analysis • Photos are immediately deleted from our servers after analysis; we do not store them • Text descriptions of analysis results may be saved to your history (deletable at any time) • Photos are not used for model training
If you do not accept these terms, please do not use the Face/Palm reading features.
8. Email & invite communications
How we obtain your email • Sign in with Apple: Apple may share your email address (real or relay) ONLY on the very first authorization. If we do not capture it then, Apple will not send it again on subsequent sign-ins. We store this email on first capture and never overwrite it on later auths. • Sign in with Google: Google passes your email on every successful sign-in. We store it on first capture and keep it stable until you unbind or change it. • Manual OTP binding: in apps that support invite-based unlocks (e.g. HexAstral fate-app), you may explicitly bind any email via a 6-digit one-time code we mail to you. Sent only on your action.
How we use email • Account recovery: re-link your account on a new device. • Sign-in verification: the OTP itself (6-digit code, single use, 10-minute expiry). • Invite-by-email feature: when YOU send a friend an invitation (chapter-unlock invite, reading-gift share, compatibility resonance request), we deliver ONE email to the address you supply. Your friend's address is used only to deliver that invitation and is not retained for any other purpose. If they do not respond, the invitation expires (typically 7 days) and we stop using their address. • Transactional notices: significant account events (e.g. password-recovery flow, account-deletion confirmation).
Frequency commitment We do not send marketing emails. Each email we deliver is triggered by either (a) your direct action (sign-in, invite send, OTP request), or (b) a security/account-management event. We do not maintain mailing lists, and we will not add you to one without explicit, separate opt-in.
Unbinding your email At any time you may remove your bound email without deleting your account (Me → Unbind email in the app, or email privacy@hexastral.com). The server sets `users.email = NULL`; you may rebind a different email later via OTP. This is your right under GDPR Art. 7 (withdraw consent for email processing).
Third-party email delivery Transactional email is sent via Amazon SES (US data residency). SES processes the address solely to deliver the message; we have signed a DPA with AWS prohibiting any other use.
9. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from minors. If you believe a minor has used the Service, contact us and we will immediately delete any related data.
10. Policy Changes
For material changes to this Policy, we will notify you via in-app modal or push notification, and update the "Last updated" date on this page. Continued use of the Service constitutes acceptance of the updated Policy.
11. Contact Us
For privacy-related questions, contact:
Email: privacy@hexastral.com
We are committed to responding to all privacy inquiries within 15 business days.
12. Product family
UseONE, LLC publishes the following apps under a unified data architecture:
Flagship apps: • HexAstral — personal destiny readings (Ba Zi, Zi Wei, I-Ching, daily fate) • Kindred — relationship synastry and compatibility analysis • Fēng — feng-shui site analysis and flying-star reports
Satellite apps: • Face Oracle, Star Palace, Soul Match, Feng Shui AI, Dream Oracle, Eight Pillars, Coin Cast, Compass
All apps listed above share the same backend infrastructure, user account system, and privacy fundamentals described in this Policy. Each satellite app may surface different inputs (camera, dreams, compatibility pairs, compass bearings, etc.). Review the appendix that matches the app you installed for concrete collection examples.
13. Cross-app identity linking
All apps published by UseONE, LLC share a single user account system. When you sign in with Apple in any of our apps, your Apple ID is used to identify you across all apps from the same developer.
How it works: • On first launch, each app creates an anonymous local account. • When you sign in with Apple in any app, your Apple ID is linked to that account. • If you later install another app from us and sign in with the same Apple ID, we recognize you as the same user and restore your data (readings, bonds, sites) from the original account.
This means: • Your birth information entered in HexAstral may be available in Kindred and Fēng if you sign in with the same Apple ID. • Your bond/compatibility data from Kindred and feng-shui reports from Fēng may be accessible from HexAstral. • You can opt out of cross-app data access by using different Apple IDs or remaining anonymous (not signing in with Apple) in separate apps.
14. Cross-app data sharing & portfolio memory
Reading results generated in satellite apps (Coin Cast, Face Oracle, Dream Oracle, etc.) may be stored in a shared reading history ("portfolio"). When you are signed in, this portfolio is accessible across our flagship apps to provide a richer, more personalized experience.
Specifically: • Satellite reading results (e.g., an I-Ching hexagram from Coin Cast) are stored with your user ID and can be recalled by HexAstral's AI chat feature to provide contextual advice. • Kindred compatibility readings and Fēng feng-shui reports may also contribute to this shared portfolio in the future. • The AI chat feature in HexAstral may reference past readings from any app to generate more personalized responses.
You can control this: • Portfolio memory is off by default. You must explicitly opt in via app settings to enable cross-app reading recall. • You can delete individual reading history entries at any time. • Deleting your account removes all portfolio data across all apps within 30 days.
15. Public profile & opt-in sharing
OFF by default. Public profile sharing is disabled until you explicitly turn it on inside the app. You may turn it off again at any time.
What is exposed when enabled. At hexastral.com/u/[your-username] anyone with the URL can view: your username, optional display name, optional avatar image, the year you joined, an archetype label derived from your chart (e.g. "Tilled Soil"), and the chart fields you have specifically marked public via the in-app visibility panel. Visibility is field-granular: you can independently choose to expose (or hide) your fate signature, Ba Zi pillars, Zi Wei palace grid, basic identity (display name/avatar/join year), and plain-language intro excerpt.
What is never exposed publicly. We never expose your raw birth date / time / city, email address, Apple/Google ID, phone hash, internal user ID, push tokens, biometric consent records, billing receipts, the precise content of private chat messages, or any data from your contacts or photo library.
Search engines & link previews. Public profile pages may be indexed by search engines and cached by social-media link-preview services (Twitter, Slack, WhatsApp, etc.). When you disable public profile, our server returns 404 for the URL immediately, but external caches are outside our control. Allow normal cache TTLs (24 hours to a few days) for previews to clear.
Revoking. To disable public profile, toggle the "Make chart public" switch in the app. To delete the username entirely (so the URL slot becomes available to someone else), use Delete account (§6) or email privacy@hexastral.com.
16. International data transfers
We process data on Cloudflare's global edge network. Depending on your region, your data may be stored or processed in one or more of the following locations: the United States, the European Union (Ireland/Germany), the United Kingdom, Singapore, Japan, or Australia.
For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the relevant authority, we rely on the European Commission's Standard Contractual Clauses (SCCs) or the UK Addendum, as applicable. We have signed SCCs with our sub-processors, including:
• Cloudflare, Inc. (United States) — edge compute, storage, and AI inference; • Anthropic and partner LLM providers (United States) — model inference for premium readings; • Google LLC (United States) — Gemini multimodal models for vision features (face / palm / Feng Shui); • Amazon Web Services (United States) — Amazon SES for transactional email delivery; • RevenueCat (United States) — subscription receipt validation and entitlement grants.
Technical and organizational safeguards include TLS 1.3 in transit, AES-256 encryption at rest, strict role-based access controls, and least-privilege defaults. We periodically review our sub-processors and their privacy posture.
A copy of the SCCs we use is available on request to privacy@hexastral.com.
17. Data breach notification
In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will:
• Notify the appropriate supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach (GDPR Art. 33); • Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms (GDPR Art. 34), via in-app notification and to your bound email address; • Provide a description of the nature of the breach, the categories and approximate number of affected users, the likely consequences, and the measures we have taken or propose to take to address it.
We maintain incident-response procedures and conduct annual tabletop exercises. We have a documented chain of escalation from the engineer on call → privacy lead → CEO, and we log every confirmed incident in an internal register that is preserved for at least three years.
You may contact us at security@hexastral.com to report a suspected vulnerability or compromise. We acknowledge bona-fide security reports within 48 hours.