Privacy Policy

Last Updated: Mar 17, 2024

This Privacy Policy is a contract entered into between You ("you," "your," "yours") and Lokiir Labs LLC ("we," "us," "our," "Lokiir Labs")

This policy applies to all information collected or submitted on the PocketTrarot application (the "App"). All defined terms have the meaning assigned to them in the Terms of Use.

We take personal privacy seriously. We limit the collection of personal information to cases where we truly need it or is required for the operation of our products. Personal information is never shared except to comply by the law, develop and improve our products, or protect our rights.

Information We Collect

The Pocket Tarot App collects very little user data as it does not require an account of any kind and all records are, by default, stored only on the user's mobile device.

Personal Information

PocketTarot by Lokiir Labs does NOT request or collect Personal Information that would allow someone to identify you or contact You. When PocketTarots connects to servers over the Internet, Firebase App Check is used on the api call to verify the connection is coming from a genuine app and not an malicious actor. Server logs of the API call are not persisted for longer than 30 days. JPEG images are submitted by PocketTarot for the purpose of divination and interpretation. These JPEG images do NOT contain metadata such as location or timestamp information as that information is stripped away in the conversion and compression process preparing an image to be transfer from the user's device to PocketTarot's servers. These JPEG images are NOT intended for long-term retention and only used for processing a single user request in order to return a divination response.

Payment Data and Purchase History

The App uses Apple as a payment provider for paid subscriptions. Apple's Privacy Policy can be found here.

Tarot Readings

The App uses OpenAI to handle generating the response for the tarot reading. OpenAI's Privacy Policy can be found here.

User and Device Identifiers

When you useAppCheck to verify API calls, the attestation object is included in the request. This allows the API to verify that the request is coming from a genuine instance of your app and not from a malicious actor.

However, it is important to note that AppCheck does not collect or store any personally identifiable information (PII) in the attestation object. The Device ID is not considered PII because it is not linked to any other information that could be used to identify a specific individual.

Therefore, you can disclose in your App Store privacy disclosure that your app collects Device IDs through AppCheck's app attestation, but you should also clarify that this information is not used to track or identify individual users.

Technical Basics

Our server software and any third-party services may store basic technical information, such as your IP address, in temporary memory or logs. This information is used for operation and maintenance purposes.


If you email us for support or other feedback, the emails and email addresses will be retained. The email addresses will only be used to reply to the concerns or suggestions raised and will never be used for any marketing purpose.

Information Usage

We use the information we collect ("Personal Data") to operate and improve the App, and customer support.

We may disclose your information in response to subpoenas, court orders, or other legal requirements; to exercise our legal rights or defend against legal claims; to investigate, prevent, or take action regarding illegal activities, suspected fraud or abuse, violations of our policies; or to protect our rights and property.

In the future, we may sell to, buy, merge with, or partner with other businesses. In such transactions, user information may be among the transferred assets.


While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so.

Children's Privacy

Our Site, App, and Services are not intended for anyone under the age of 13. If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us at hello@lokiir.comso we can delete the child’s information.

Information for European Union Users

Under applicable law, including the GDPR, you may have a number of rights, including:

  • the right not to provide your Personal Data to us; the right of access to your Personal Data;
  • the right to request rectification of inaccuracies;
  • the right to request the erasure, or restriction of Processing, of your Personal Data;
  • the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller;
  • the right to withdraw consent; and
  • the right to submit a Data Subject Access Request, a Data Subject Erasure Request, or to exercise other rights under the GDPR, please email us at

You can also contact us using the contact details below. Please note that:

  • we may require proof of your identity before we can give effect to these rights; and
  • where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate - your request reasonably promptly, before deciding what action to take.
  • Lawful basis for processing your personal information

In processing your personal data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:

  • Consent: We may process your personal data where we have obtained your prior, express consent to the processing, you can withdraw this consent by contacting us - at – this legal basis is only used in relation to processing that is entirely voluntary – it is not used for Processing that is necessary or - obligatory in any way
  • Contractual necessity: we process your personal data where the processing is necessary in connection with your subscription for our services (e.g. billing information);
  • Compliance with applicable law: we may process your personal data where the processing is required by applicable law;
  • Legitimate interests: We may process your personal data where we have a legitimate interest in carrying out the processing for the purpose of managing, operating or - promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.

Information for California Residents

In accordance with the California Consumer Privacy Act, if you are a consumer residing in California the following addition terms apply to you.

(1) Right to Know About Information Collected, Disclosed or Sold

You have the right to request that we disclose what personal information we collect, use, disclose, and sell. To submit a verifiable request, please email us at

If you have an account with us, we will verify the request by confirming the email address used to make the request is the same as the email address on file for the account. If you do not have an account with us, we will verify the request by sending an email to the email address used to make the request.

The categories of California consumers’ personal information we may collect are listed above in the section titled “What do we collect?” We collect this data from our customers, App, and Site visitors.

We confirm we have not sold any personal information to third parties for a business or commercial purpose in the preceding 12 months. We confirm we do not sell personal information of minors under 16 years of age without authorization. We may disclose the categories of Personal Information listed in the section “What do we collect?” to our vendors and service providers for a business purpose, as explained further in the section above titled “Third Parties.”

(2) Right to Request Deletion of Personal Information

You have the right to request deletion of Personal Information collected or maintained by us. To do so, please submit a request by emailing us at

If you are a current or former customer submitting a request by web form or email, please provide sufficient information to identify your account, including your email address on file with us. You may be asked to verify your identity by responding to us with the email address on file for the account.

If you are not a current or former customer, we may ask for proof of identity sufficient to show you are the same consumer about whom we have collected personal information that you are requesting to be deleted.

(3) Right to Opt-Out of the Sale of Personal Information

You have the right to opt-out of the sale of your personal information by a business. Pursuant to California law, because we do not and will not sell your personal information, we do not offer such an opt-out at this time.

(4) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

You have the right not to receive discriminatory treatment by the business for the exercise of the privacy rights conferred by the California Consumer Privacy Act.

(5) Authorized Agent

If you would like to make a request under the California Consumer Privacy Act on behalf of a California consumer who is a current or former customer, please provide an email from the email address we have on file for the customer authorizing the request.

You may also make a request under the California Consumer Privacy Act on behalf of a California consumer if you provide (1) a signed, written permission from the consumer to act on your behalf, and the consumer verifies their own identity directly with us; or (2) proof that the consumer has provided you with power of attorney pursuant to Probate Code sections 4000 to 4465.

We may deny a request from an agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

(6) Contact for More Information

If you have any questions or concerns about our privacy policies and practices, you may contact us via email at

(7) Date Privacy Policy Last Updated

Our Privacy Policy was lasted updated as of the date indicated at the beginning of the policy.

International Transfers of Information

Information may be processed, stored, and used outside of the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may be applicable to your data depending on where it is processed, stored, or used.

Your Consent

By using the App, you consent to this privacy policy.

Contacting Us

If you have questions regarding this privacy policy, you may email

Changes to This Policy

From time to time, we may change and/or update this Privacy Policy. We recommend you regularly review this page for updates.