The Spread Logo The Spread ← Home

Privacy Policy (US‑only)

Effective Date: November 20, 2025

Entity / Controller: WSTBD LLC (“WSTBD,” “we,” “our,” “us”)
Address: 218 W 123RD St, New York, NY 10027-5683, United States
Website: https://the-spread.org
Contact (Privacy): support@the-spread.orglegal@the-spread.org

This Privacy Policy explains how we collect, use, disclose, and protect information when you use The Spread mobile application, website, and related services (the "Service"). The Service is a personal journaling and reflection tool that uses tarot symbolism for self-discovery and introspection—it is not a fortune-telling or prediction service. This Policy applies to U.S. residents only. By using the Service, you agree to this Policy.

1) Overview & Scope

  • We collect only what we need to run and improve the Service you request.
  • We do not sell or share personal information for cross-context behavioral advertising (as those terms are defined under California law).
  • We use trusted service providers (e.g., authentication, hosting, storage, diagnostics, basic analytics).
  • This Policy incorporates the Notice at Collection for California and discloses the categories of personal information we collect, the purposes, sources, and disclosures.

2) Notice at Collection (What we collect, why, from whom, and to whom)

We may collect the following categories of personal information. The examples are illustrative; actual data depends on how you use the Service.

Category (CPRA) Examples Purpose of Use Sources Disclosed To Typical Retention
Identifiers Name, email, IP address, device identifiers Account creation/login, security, deliver core features, fraud prevention You; your device Service providers (auth, hosting, security) Account life + up to 24 months backups/logs
Customer Records Profile name, date of birth (DOB) (required for age verification), support requests Age verification (17+ requirement), personalization you choose, support You Service providers Account life + up to 24 months backups
User Content Daily reflections, journal entries, spread sessions (questions and card selections), Personal Story chapters, weekly reflection summaries, saved readings, notes, tags; photos you upload (e.g., avatar) Core journaling and reflection features (save/reflect/view privately), pattern analysis, Personal Story generation, tarot-based self-reflection prompts, library management You Service providers (storage/hosting, AI processing via Yandex Cloud) While in your library + up to 12 months in backups
Internet / Activity App interactions, diagnostic & crash logs, device/OS metadata Security, fraud prevention, debugging, quality, performance Your device/SDKs Service providers (diagnostics/analytics) 90–180 days unless needed longer for security or legal
Approximate Location Country/region inferred from IP or device settings Localization, security/abuse signals Device/SDKs Service providers 90–180 days
Sensitive Personal Information (SPI) Account log-in & password Authenticate and secure your account You Service providers (authentication/security) Account life + security backups

Important about SPI. We use Sensitive Personal Information (log-in and password) only to provide and secure your account. We do not use SPI to infer characteristics. Because our use is limited to permitted purposes, a "Limit Use of Sensitive PI" link is not required.

2.5) AI Processing & Personal Story

The Service uses artificial intelligence to generate personalized insights, reflections, and narrative content based on your journal entries and tarot-based self-reflection sessions. This processing happens through Yandex Cloud (YandexGPT API) under strict privacy controls:

  • What we send: Your written reflections, journal entries, spread session questions, card selections, and related metadata (dates, patterns, themes) are sent securely to Yandex Cloud for analysis, interpretation generation, and Personal Story chapter creation.
  • How it's used: Yandex Cloud's AI processes your content to generate personalized insights, narrative chapters, pattern analysis, tarot interpretations, and weekly reflection summaries. This is done on-demand when you create reflections, spreads, or reach Personal Story milestones.
  • Purpose: AI-generated content serves as a tool for self-reflection and personal insight—not for fortune-telling, prediction, or professional advice.
  • Data retention by Yandex Cloud: Your data is processed according to Yandex Cloud's data handling practices. We do not control Yandex Cloud's retention policies; data processing is subject to Yandex's terms and privacy policy.
  • Your control: Generated content (insights, chapters, interpretations) and your source reflections belong to you. You can delete them anytime through the app.
  • Security: All data is transmitted over encrypted connections (HTTPS/TLS).

For more information about Yandex Cloud's data handling practices, see Yandex's privacy policy at https://yandex.com/legal/confidential/.

3) Do we sell or share personal information?

No. We do not sell personal information and do not share it for cross-context behavioral advertising. If this changes, we will update this Policy and provide a clear “Do Not Sell or Share My Personal Information” link before such activities occur.

4) Sources of Personal Information

  • Information you provide (e.g., account, profile, date of birth, daily reflections, journal entries, spread session questions and card selections, Personal Story content, weekly reflections, saved readings, notes, tags, photos).
  • Information from your device and in-app activity (e.g., diagnostics, security logs, performance).
  • Information from service providers that support authentication, hosting, storage, AI processing (Yandex Cloud), diagnostics, and security.

5) How we use information (Purposes)

  • Verify age eligibility (17+ requirement) using your date of birth.
  • Provide the Service you request (accounts, journaling features, tarot-based reflection prompts, spread sessions, Personal Story generation, weekly reflection summaries, pattern analysis, saved readings, photos you upload).
  • Generate insights and content using AI processing (Yandex Cloud API) based on your reflections, journal entries, and spread sessions—for self-reflection purposes only, not for fortune-telling or prediction.
  • Operate, secure, and troubleshoot the Service (diagnostics, error logs, anti-abuse/fraud).
  • Improve quality and performance (product analytics configured for product operations, not ad targeting).
  • Communicate with you about the Service (e.g., support responses, important notices, chapter readiness notifications).
  • Comply with law and enforce terms, protect users, our rights, and the Service.

We do not use personal information for cross-context behavioral advertising, fortune-telling, or predictions about future events. The Service is a tool for personal reflection and self-discovery only.

6) Disclosures to Service Providers (and When Else We Disclose)

We disclose information to service providers under written agreements limiting their use to our instructions, including for:

  • Authentication and account security
  • Cloud hosting, database, and storage
  • AI processing and content generation (Yandex Cloud API for Personal Story chapters, tarot interpretations, reflection analysis, and insights—used solely for self-reflection, not fortune-telling)
  • Diagnostics, crash reporting, and product analytics (configured for product quality/security)
  • Customer support tools and anti-abuse/security

We may also disclose information:

  • If required by law or legal process, or to protect users, our rights, or the Service
  • In connection with a business transfer (e.g., merger, acquisition); if ownership changes, we will notify you if required and your information will remain protected under this Policy or an equivalent policy

We do not allow service providers to sell or share your personal information for advertising.

7) Your Privacy Rights (U.S. State Laws, incl. California)

Subject to applicable law and verification, you may have the right to:

  • Know/Access the categories and specific pieces of personal information we collected about you.
  • Delete personal information (with legal/operational exceptions, e.g., security or compliance).
  • Correct inaccurate personal information.
  • Obtain a portable copy of certain information.
  • Opt out of sale or sharing of personal information (we do not sell/share; if that changes, we will provide opt-out mechanisms).
  • Limit use of Sensitive Personal Information (not required here because we use SPI only for permitted purposes).
  • Non-discrimination for exercising rights.
  • Appeal a decision regarding your privacy request (see below).

How to exercise your rights

Use Settings → Privacy & Security → Privacy Requests in the app or email support@the-spread.org or legal@the-spread.org with subject “Privacy Request.” We will verify your identity (e.g., signed-in request, email verification, reasonable match against account data). We typically respond within 45 days; we may extend once if reasonably necessary and permitted by law, and will notify you of the extension.

Authorized agents

An authorized agent may submit a request on your behalf if they provide proof of authorization and we can verify your identity and the agent’s authority.

Appeals process

If we deny your request (in whole or in part), you may appeal by replying to our decision or emailing legal@the-spread.org with subject “Privacy Appeal”. We will review and respond within applicable legal timelines.

“Do Not Track” and Global Privacy Control

There is no uniform “Do Not Track” standard; however, we honor applicable Global Privacy Control (GPC) signals to the extent required by law. Our current practice of no sale/share means your opt-out is already respected.

Financial incentives

We do not offer financial incentives related to personal information.

8) Children's Privacy

The Service is intended for individuals 17 years of age or older in the United States. We require users to verify their age (17+) through a mandatory date of birth field during onboarding. We do not knowingly collect personal information from individuals under 17. If you believe someone under 17 has provided personal information, please contact us immediately so we can delete it.

9) Security

We implement reasonable technical and organizational safeguards appropriate to the nature of the data and the risks of processing (e.g., encryption in transit, access controls, monitoring). No method is 100% secure; use a strong, unique password and keep it confidential.

10) Data Retention

We retain personal information only as long as necessary for the purposes described above or as required by law. Typical retention periods:

  • Account & Profile (including identifiers and date of birth): while your account is active + up to 24 months in backups/logs.
  • Reflections, journal entries, spread sessions, Personal Story chapters, weekly reflections & photos: while you keep them in your library + up to 12 months in backups.
  • AI processing data: Your content is processed by Yandex Cloud according to their retention policies; we do not separately store intermediate AI processing data. Generated outputs (insights, chapters, interpretations) are stored as part of your User Content (see above).
  • Diagnostics / logs: typically 90–180 days, unless needed longer for security/legal.

Actual periods may vary based on law, disputes, enforcement, or technical limitations (e.g., backup overwriting cycles).

11) Additional Disclosures (California "Last 12 Months")

In the last 12 months, we collected the categories listed in Section 2, disclosed them to service providers for business purposes, and did not sell or share personal information for cross-context behavioral advertising. We did not knowingly collect personal information from individuals under 17.

We do not share personal information with third parties for their direct marketing purposes.

12) International Use

The Service is intended for U.S. residents and is operated in the United States. If you choose to use the Service from another country, you understand that your information will be transferred to, stored, and processed in the United States under U.S. law.

13) Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated Policy with a new Effective Date and, where required by law, provide additional notice. Your continued use of the Service after the Effective Date means you acknowledge the updated Policy.

14) Accessibility

If you need this Policy in an alternative format, contact support@the-spread.org.

15) Contact Us

WSTBD LLC
218 W 123RD St, New York, NY 10027-5683, United States
support@the-spread.orglegal@the-spread.org

16) Key Definitions (plain language)

  • "Personal information" (or "PI"): Information that identifies, relates to, or could reasonably be linked with an individual or household (as defined by applicable U.S. state privacy laws).
  • "Sensitive Personal Information" (SPI): Certain protected data (e.g., account log-in and password). We use SPI only for permitted purposes (authentication/security).
  • "Sell" / "Share": Have the meanings under California law; we do not sell or share PI for cross-context behavioral advertising.
  • "Service providers": Vendors that process PI on our behalf under written contracts that restrict their use of PI to our instructions.
  • "User Content": Content you choose to write or save (e.g., daily reflections, journal entries, spread sessions, questions, card selections, notes, photos).
  • "AI Outputs": Text or other content generated by the Service (including Personal Story chapters, tarot interpretations, insights, and weekly reflection summaries) based on your inputs; used solely for self-reflection and personal growth, not for fortune-telling or prediction; governed by our Terms of Use.
  • "Personal Story": AI-generated narrative chapters created from your reflections and journal entries when you reach certain milestones.
  • "Spread": A tarot-based self-reflection session where you select cards and receive AI-generated interpretations as prompts for journaling and introspection—not fortune-telling.

Version: v1 • Effective Date: November 20, 2025