Privacy Policy

The data controller is YM Corp. (Corporation). Address:

1201 N. ORANGE STREET SUITE 600 WILMINGTON, DE 19801 USA

Privacy questions: ryan.kim@ymcorp.co.

Your lawyer picks governing law; put their short note here if any.

You provide some information directly; we generate or derive some in order to operate the service.

• Account email address.
• A hashed password when you register with email and password.
• If you choose Google or Apple sign-in: identifiers and tokens needed to authenticate you.
• Name or profile photo from your OAuth provider if you choose to use them.
• Language preference for the app.
• Marketing email preferences (stored with your account; how we prompt for consent varies by region).
• Profile information you add: names, relationship labels (for example partner or family).
• Birth date and optional time-of-birth fields associated with profiles you create.
• Birth city coordinates and displayed label when you choose or autocomplete a location.
• Astrology-, compatibility-, or chart-related derived fields tied to profiles you manage.
• Optional personality indicators (such as MBTI) when you add them.
• Profile avatar images uploaded to cloud object storage when you use that feature.
• Generated “insights,” prompts, model outputs, and related metadata tied to your account.
• Feedback you submit about insights (for example thumbs up/down).
• In-app balances and ledger records for shells or credits.
• Subscription tier or promotional entitlements tied to your account.
• Share links and limited attribution signals when you invite others.
• Approximate country from IP or Edge headers used for signup compliance copy and UX (not precise geolocation).

Exact fields depend on the features you enable (for example birth city autocomplete, AI insights, OAuth, or uploads).

• Operate accounts, authenticate, prevent abuse.
• Show your profiles, charts, balances, subscriptions, shared links, and product history.
• Improve reliability, troubleshoot, aggregate statistics, analytics when enabled.
• Send optional marketing emails when permitted and opted in according to regional flows.
• Meet legal obligations, enforce contracts, defend claims.

We use essential cookies needed for authentication, security, routing, CSRF/session integrity, or similar functional requirements.

We may set a strictly limited attribution cookie tied to referral or share flows so attribution can stitch to an account safely. A short-lived cookie may briefly remember marketing consent preference during signup when you authenticate with OAuth in some jurisdictions. We may enable product analytics (for example Mixpanel and/or Google Analytics) depending on deployment settings. Analytics can include event names, coarse page paths, device-level identifiers from the SDK, and, when individually configured and enabled, capabilities such as session replay or heatmaps. You can disable or limit analytics cookies via your browser where applicable.

We may enable product analytics (for example Mixpanel and/or Google Analytics) depending on deployment settings. Analytics can include event names, coarse page paths, device-level identifiers from the SDK, and, when individually configured and enabled, capabilities such as session replay or heatmaps. You can disable or limit analytics cookies via your browser where applicable.

When AI insight generation is enabled, we send relevant profile fields, prompts you enter, and product context needed to produce an insight response. Those responses are saved to your account. Vendor may include a third‑party AI provider.

Visitors in some regions receive an explicit outreach/marketing checkbox or modal before account creation. Where we infer United States signup context, signup copy reflects applicable notice and promo email practices; preferences are stored as marketingEmailsOptIn on your account and you may adjust email settings as we expose them.

Unsubscribe requests: email ryan.kim@ymcorp.co with subject “Unsubscribe”.

We rely on common cloud providers to run the service. Today this includes: Vercel; Vercel; Amazon RDS; Data region focus: US.

Optional components (example: Amazon S3 for avatars, LocationIQ for city search, Google Gemini for generation) are used only when configured in the deployment; they receive the minimum data needed for that request.

We do not sell your personal information for money. We share data with processors who help us run the product (hosting, database, email, analytics if enabled, AI if enabled) under contracts that limit their use. OAuth providers authenticate you directly under their respective terms when you choose them.

Primary hosting and backups may reside in US or jurisdictions our subprocessors operate in. Laws may vary; we rely on safeguards such as SCCs/DPA clauses where legally required (YM Corp. retains primary responsibility toward you).

Account and profile-related data persist until you delete the account or we delete it consistent with retention schedules and legal holds.

• Share links remain valid until you revoke rotating tokens or delete underlying content; attribution cookies expire on a capped schedule.

We use industry‑standard safeguards such as HTTPS in transit and access‑controlled databases. No mechanism is flawless; notify us promptly if you suspect account compromise.

To exercise privacy rights where they apply to you, contact us at ryan.kim@ymcorp.co. Describe your account email and the specific request.

• If EU/EEA GDPR applies: access, rectification, deletion, restriction, portability, objection, and complaint to competent supervisory authorities.

• If California CPRA‑style disclosures apply you may obtain details on collected categories and opt out of selling/sharing (we do not sell for money).

The service is not directed at children under 13, and we do not knowingly collect their personal information. If we learn otherwise we delete promptly.

We revise this policy as the product evolves. Material updates will surface by updating this page (https://otterprism.com), in-product notices where appropriate, and email where required.