Privacy

Your data, plainly.

CosmicPass is built to need as little of your information as possible — and to keep what little it does only when you ask. No dark patterns, no quiet retention. Here is exactly what happens.

Last updated 2026-06-11

The short version

  • We don't store your birth data unless you explicitly ask us to.
  • Anything you opt to save is encrypted — we hold ciphertext, not your details.
  • We can't see the plaintext of the questions you ask a tarot reading.
  • You can delete everything anytime with one tool call.

What we process in memory

To compute a chart, we need your birth date, time, and place (resolved to coordinates and a timezone). We use those values to run the calculation and write your reading — and then we discard them. They live only for the length of the request that produced your answer. By default nothing about your birth touches a database.

What we store only with consent

Some features can save work so you can retrieve it later. These only ever write to storage when you pass an explicit consent flag, and even then we never store anything in a form we can read back to a person:

Cached chart assets

If you ask us to keep a rendered chart, the chart image and metadata are encrypted with AES-256-GCM before being written. The row is keyed by an irreversible salted hash of your birth details (HMAC-SHA256) — never by the birth data itself — so the key cannot be turned back into who you are.

Tarot context

If you save a tarot reading, your free-text question, focus, and mood are stored only inside an AES-256-GCM encrypted blob. The plaintext columns are written empty. We hold the ciphertext; we do not hold your words.

What we never store

  • Plaintext birth data — date, time, and place are computed on and then dropped.
  • Plaintext questions — your tarot questions exist on our side only as ciphertext.
  • IP-based profiles — we don't build a picture of you from your network address.
  • Analytics scripts on this site — this page loads no trackers and no third-party analytics. View source and check.

Deleting your data

Use the delete_my_data tool inside ChatGPT. Give it your birth details (and, for saved tarot readings, the reading ids returned when you saved them) and it removes everything tied to them: cached charts, consent records, and those tarot readings. The deletion is immediate and irreversible, and it returns a count of exactly what was removed.

The honest caveat

CosmicPass runs as a tool inside ChatGPT. The conversation itself — everything you type into the chat — happens on OpenAI's side, and OpenAI processes it under their own privacy policy. This policy covers only the CosmicPass service: what our server receives, computes, and stores. We can speak for our half of the pipeline, not for the chat platform around it.

Infrastructure

CosmicPass runs on Cloudflare Workers and D1. Cloudflare acts as a data processor — it hosts the compute and the encrypted storage on our behalf and does not use your data for its own purposes. Encryption keys are held by us, not by the storage layer.

Questions about any of this? Email hello@cosmicpass.app.