Deploy Tarot
☽ ✦ ☾

Privacy Policy

The cards know only what you tell them.
We know even less.

The Short Version

Deploy Tarot stores session state in your browser using cookies and local storage. No reading history is stored on the server. If you submit your email on the Physical Deck page, or volunteer as a translator on the Contribute page, that information is forwarded to Telegram — that is the only personal data we transmit.

What We Store (Cookies)

The following cookies may be set in your browser:

tarot_context

Contains your current reading session: the intent you selected, your role, a random seed for card selection, your draw count for the current intent/role, and the previous role you used (if any). Optionally also stores your zodiac calibration data — birth day, month, and (if provided) year, plus the derived sun and moon signs. This is how the page knows what cards to show on refresh. It expires after one year or when you click “Clear Preferences.”

tarot_history

Contains today’s date and how many times you have drawn for each role/intent combination today. This is what triggers the punishment system when you draw the same combination repeatedly. It also tracks which role you last used, to detect role switching. Counts reset automatically at midnight. It expires after one year or when you click “Clear Preferences.”

lang

Stores your language preference (EN or RU). Set when you click the language toggle. Readable by the page's own JavaScript. Expires after one year or when you click "Clear Preferences."

deck_waitlist

Set after you submit your email on the Physical Deck page. Prevents the form from being shown again in the same browser. Expires after one year or when you click "Clear Preferences."

tarot_patience

Set by the page's JavaScript when you trigger the shuffle-speed oracle easter egg. Value: "none". Expires after one year or when you click "Clear Preferences."

Most cookies are HttpOnly and SameSite=Lax. The `lang` cookie is readable by the page's own JavaScript (needed for language restoration). In production, all server-set cookies carry the Secure flag.

Browser Local Storage

In addition to cookies, the site uses browser localStorage and sessionStorage for a few short-lived UI states: your explicit language choice (so it survives a cookie clear), the timestamp of your last draw (for the Tower punishment), and deal animation flags. None of this data leaves your browser.

What We Do Not Store

  • Your name or any identifying information (unless you voluntarily submit your email on the Physical Deck page — see Telegram below)
  • Your IP address (beyond what any web server transiently handles)
  • Your reading history on the server side — it lives only in your browser
  • Your birth date — if entered, it stays in your browser cookie only and is never transmitted to or stored on the server
  • Analytics, telemetry, or event tracking of any kind
  • Advertising identifiers
  • Anything that could be described as a “user profile”

Third Parties

Google Fonts — Deploy Tarot loads typefaces from fonts.googleapis.com and fonts.gstatic.com. This is subject to Google’s privacy policy.

Google Analytics — Analytics may be active on this site. If enabled, Google Analytics collects standard anonymous web analytics data: pages visited, session duration, browser type, and approximate location derived from IP address. No personally identifying information is collected. IP addresses are anonymised. You can opt out using the Google Analytics Opt-out Browser Add-on. Analytics is subject to Google’s privacy policy.

Buy Me a Coffee — The footer links to buymeacoffee.com. Clicking it takes you to a third-party payment platform governed by their own terms and privacy policy. No data is shared with them unless you click the link.

Telegram — If you submit your email on the Physical Deck waitlist page, or your name, email, and language preference on the Contribute a Translation page, that information is sent to a Telegram bot owned by the site operator. Telegram processes these messages according to their privacy policy. Your data is not stored in any database on our side; it arrives as a Telegram message and that is it. If you want it deleted, email the site operator.

There is no advertising network. There is no “we may share your data with partners” clause, because there are no undisclosed partners and nothing worth sharing.

Shareable Reading Links

When you copy a reading link, it encodes your intent, role, and a short random seed in the URL. Anyone with the link can see which cards you drew. Do not share your reading link if you are not comfortable with people knowing you drew The Tower reversed for your production hotfix.

Deleting Your Data

Click Clear Preferences to delete all cookies and local storage preferences immediately. Alternatively, clear your browser cookies in the usual way. There is nothing stored on the server to delete — unless you submitted your email on the Physical Deck page, in which case contact the site operator to have it removed from Telegram.

Changes to This Policy

If this policy changes in a material way, we will update it. Given the minimalist nature of what is collected, material changes are unlikely. The cards are not interested in your browsing habits.

The High Priestess keeps her own counsel. We keep yours.