Privacy.

The shortest version: I collect the minimum data needed to deliver your reading and let you return to it. No tracking pixels, no marketing trackers, no third-party advertisers.

When you book a reading or write to me, you provide an email address, your first name (if you share it), the question you're bringing, and any context you choose to add.

When you pay, Stripe collects your payment information directly. I never see your full card number. I receive only a transaction reference and the email you used to pay.

• ◆Standard server logs — IP address, browser, the page you visited, the time. Kept for 30 days, used to keep the site working.
• ◆Authentication state — when you log into your portal, a cookie identifies your session. It expires when you sign out.
• ◆No analytics cookies. No third-party trackers. No behavioral profiling.

• ◆Deliver the reading you asked for and respond to your messages.
• ◆Maintain your private archive so you can return to past readings.
• ◆Send transactional emails — order confirmation, delivery notification, refund record.
• ◆Comply with legal obligations (tax records, fraud prevention).

I do not send marketing emails to past clients. If you opted into the circle newsletter, you can leave it any time with the link at the bottom of every email.

I use a small set of vendors to run this practice. Each handles a specific slice of your data and is bound by their own privacy commitments:

• ◆Stripe — payment processing. Their privacy policy.
• ◆Supabase — database + authentication. Their privacy policy.
• ◆Cloudflare — content delivery and the tunnel that exposes the self-hosted reader. Their privacy policy.
• ◆Email — Michelle's personal email provider for transactional and reply email.

That's the whole list. No data brokers, no ad networks, no fourth parties.

You can, at any time:

• ◆Request an export of every record I have about you.
• ◆Ask me to correct anything inaccurate.
• ◆Ask me to delete your account and reading history. I'll keep transaction records required by tax law (the dollar amount and date — not the question).
• ◆Opt out of any future communication beyond what's required to deliver a reading you paid for.

Email me at [email protected] for any of the above. I respond within a day. There's no form to fill out.

Your account and reading history live on Supabase servers in the United States. Payment records live with Stripe in the United States. Server logs live on the host running this site. Backups are retained for 30 days.

If you close your account, I delete your readings and your private archive within 30 days. Anonymized transaction records (date and amount, no question or identity) are retained for seven years for tax purposes.

This service is not intended for people under 18. I do not knowingly collect information from anyone under 18. If you are a parent and believe your child has used the service, email me and I'll delete the account immediately.

Passwords are not stored — authentication is by emailed magic link. Database connections are encrypted. Payment data never touches my servers.

That said, no service on the internet is perfectly secure. If anything ever did happen, I would notify affected users within 72 hours and tell you what I know in plain language.

If I change this policy in a way that affects what I collect or who sees it, I'll update the "last updated" date at the top and email anyone with an active account. The previous version stays available on request.

Email me at [email protected]. Or use the contact page.