PRIVACY POLICY

Last Updated: 04/28/2026

This Privacy Policy ("Policy") explains how Eisberg Labs d.o.o. za proizvodnju i usluge ("we", "us", or "our") collects, uses, and protects information from users ("you") of the Hexagram Dreams mobile application and related services (collectively, the "App" or "Services").

We are the Data Controller under the EU General Data Protection Regulation (GDPR) for personal data processed through the Services.

1. WHO WE ARE​

Eisberg Labs d.o.o. za proizvodnju i usluge Celjska ulica 3 OIB: 44452565653 Website: https://www.eisberg-labs.com Email: support@hexagramdreams.com

2. INFORMATION WE COLLECT​

a. App - Anonymous Use​

You can use the Hexagram Dreams app without signing in. When you use the app without an account, we and our service providers may automatically collect certain technical and behavioral data, including:

• Device type and operating system
• Unique device identifiers (such as the Google Advertising ID on Android, or the IDFA on iOS, subject to App Tracking Transparency consent)
• IP address (used for approximate location and abuse prevention)
• App version, language, theme, and other in-app preferences
• Behavioral product analytics events about how you use the app - for example, when you cast a hexagram, view a reading, change a setting, use search, share a reading, or open the hexagram dictionary
• Performance and crash data

Search queries inside the app are recorded only by length, not by content. Reading questions you ask the I Ching are stored locally on your device by default.

b. App - Signed-In Use (Optional)​

If you choose to sign in with Apple or Google to sync your readings across devices, we additionally collect and process:

• Your email address and display name (provided by Apple or Google)
• A unique account identifier (Firebase UID)
• Your reading history, journal notes, and app settings (synced to our cloud database so you can restore them on a new device)
• The date of your first sign-in

c. App - AI Features​

When you request an AI-generated interpretation, ask a follow-up question, or use the question coach, the text of your question and the relevant hexagram context is sent to OpenAI for processing. The interpretation is returned to your device and stored in your reading history. We do not send your question text to any analytics provider.

d. Website​

The Hexagram Dreams website may use cookies, analytics, and third-party advertising services to support functionality and display relevant content or ads. These technologies may collect:

• Browser type and version
• IP address and approximate location
• Pages visited and time spent
• Cookies or similar identifiers

You can manage or disable cookies in your browser settings.

3. THIRD-PARTY SERVICES​

We rely on trusted third-party providers to operate, analyze, and improve the Services. Each processes your data as our service provider and under their own privacy policies.

4. APP TRACKING TRANSPARENCY (iOS)​

On iOS, we honor Apple's App Tracking Transparency (ATT) framework. When you first open the app, you will be asked whether to allow tracking.

• If you allow tracking, Firebase Analytics is enabled.
• If you decline (or have not yet responded), Firebase Analytics is disabled - no events are sent.
• Anonymized crash reports (Sentry), authentication, subscription management, AI features, and your synced data continue to function regardless of ATT, because they are necessary to provide the Services you have requested. Sentry receives no personally identifiable information.

You can change your ATT decision at any time in iOS Settings → Privacy & Security → Tracking.

On Android, the equivalent control is Settings → Google → Ads ("Opt out of Ads Personalization").

5. HOW WE USE INFORMATION​

We use collected information to:

• Provide the Services - sync your readings, deliver AI interpretations, manage subscriptions
• Operate and improve the App and website - analyze usage to understand which features are valuable and which are confusing
• Identify and fix technical problems - crash reports and performance metrics
• Display relevant ads - within the app via AdMob and on the website via third-party ad networks
• Communicate with you - respond to support requests
• Comply with legal obligations

Lawful basis under GDPR​

We do not sell your personal data.

6. SHARING INFORMATION​

We share information only in these cases:

• With Service Providers listed in Section 3, who process data on our behalf
• For Legal Compliance where disclosure is required by law, court order, or government request
• During Business Transfers if our business or assets are sold or merged

Some of these providers (e.g., Firebase, OpenAI, Meta) are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on adequacy decisions or Standard Contractual Clauses approved by the European Commission.

7. DATA RETENTION​

• Account data (email, display name, Firebase UID) - retained for as long as your account is active. Deleted on request (see Section 9).
• Synced reading history - retained until you delete a reading or your account.
• Product analytics events (Firebase Analytics) - retained for up to 24 months, then aggregated or deleted.
• Anonymized crash reports (Sentry) - retained for 90 days.
• AI question text (OpenAI) - handled per OpenAI's retention policy. We do not retain a separate copy on our analytics infrastructure.
• Logs - operational logs are retained for up to 30 days.

8. YOUR RIGHTS UNDER GDPR​

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of access - request a copy of the data we hold about you
• Right to rectification - correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") - request deletion of your data
• Right to restriction - limit how we process your data
• Right to data portability - receive your data in a machine-readable format
• Right to object - object to processing based on legitimate interests, including analytics and advertising
• Right to withdraw consent - at any time, where processing is based on consent (e.g., revoke ATT in iOS Settings)
• Right to lodge a complaint with your local data protection authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP).

To exercise any of these rights, email support@hexagramdreams.com. We will respond within 30 days.

9. ACCOUNT AND DATA DELETION​

You can delete your account and all associated personal data at any time by emailing support@hexagramdreams.com from the email address linked to your account. We will:

• Delete your account, synced reading history, and personal identifiers within 30 days
• Instruct our service providers (Firebase, RevenueCat, Meta) to delete or anonymize your data
• Retain only what is required by law (e.g., billing records for tax purposes)

If you have not signed in, no account exists to delete; uninstalling the app removes locally stored data.

10. DATA SECURITY​

We use appropriate technical and organizational measures to protect data, including encryption in transit (TLS), encryption at rest for synced data, access controls, and regular security review. However, no method of transmission or storage is completely secure.

11. CHILDREN'S PRIVACY​

Our Services are not directed to children under 13 (or 16 in the European Economic Area). We do not knowingly collect data from children. If we discover such data, we delete it immediately. If you believe a child has provided us with personal data, contact us at support@hexagramdreams.com.

12. CHANGES TO THIS POLICY​

We may update this Policy periodically. The "Last Updated" date at the top indicates the most recent version. For material changes, we will notify you within the app or by email if you have an account. Continued use of our Services after the effective date means you accept the updated Policy.

13. CONTACT US​

If you have any questions, concerns, or requests regarding this Policy or your personal data, contact us at:

📧 support@hexagramdreams.com