Privacy Policy
Last Updated: 2026-06-21
This Privacy Notice applies to Shun Qian Trading (SSM: 202303132415) (doing business as Bazi2u) ("we", "us", "our"), and describes how and why we may access, collect, store, use, and/or share ("process") your personal information when you use our services (the "Services"). We respect and value your personal privacy. This Privacy Policy is primarily aligned with the Malaysia Personal Data Protection Act 2010 ("PDPA"), and references international frameworks — the Singapore Personal Data Protection Act, the EU General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA", as amended by CPRA), and the People's Republic of China Personal Information Protection Law ("PIPL") — where relevant to cross-border users.
This Privacy Notice applies in the following circumstances:
- Visiting our website at https://bazi2u.com or any other website that links to this Privacy Notice
If you use this website only, you may skip the mobile-app provisions below — they apply only to our independently published Android/iOS apps:
- Downloading and using mobile applications that we develop and operate, including: Shunqian Calendar (com.shunqian.calendar), 2026 Year of the Horse Chinese Zodiac Fortune (clump.horse.activity), AI I Ching (com.iching.oracle) — AI-powered I Ching hexagram interpretation and daily Chinese zodiac fortune, and other applications we may release in the future (collectively, the "Apps")
- Our Facebook application (bazi2u.com), or any other application that links to this Privacy Notice
- Engaging with us in other related ways, including any marketing or events
Questions or concerns? Please contact us at [email protected].
Summary of Key Points
This summary highlights the key points of our Privacy Notice. You can find more details in the corresponding sections via the table of contents below.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information based on how you interact with us. Learn more: Section 1.
Do we process sensitive personal information? When you use features such as BaZi (Eight Characters) or zodiac fortune, you may voluntarily provide your birth date, time, and location. We collect such information only when you actively use the relevant features, and we store it in encrypted form. Learn more: Section 1.
Do we collect information from third parties? We may receive information about you from public databases, marketing partners, social media platforms, and other external sources. Learn more: Section 1 — Information Collected from Other Sources.
How do we keep your information safe? We have adequate organizational and technical processes in place to protect your personal information, including local database encryption (SQLCipher), though no system can guarantee 100% security. Learn more: Section 10.
What are your rights? Depending on the laws applicable to your region (including Malaysia PDPA, Singapore PDPA, GDPR, CCPA, and PIPL), you may have certain rights regarding your personal information. Learn more: Section 12.
How do you exercise your rights? Please contact us at [email protected].
1. What Information Do We Collect?
Personal Information You Provide
In short: We collect personal information that you voluntarily provide to us.
When you register an account, log in, make a purchase, subscribe to our newsletter, or otherwise contact us, we collect personal information that you voluntarily provide, including but not limited to:
- Name
- Email address
- Phone number
- Mailing address
- Billing and shipping addresses
- Job title
- Username
- Contact preferences
- Contact or authentication data
Additional Information Collected by Mobile Apps
When you use our mobile applications, we may additionally collect the following information:
Birth information: To provide features such as BaZi (Eight Characters) charting, Chinese zodiac fortune, conflict (chong fan) lookup, date selection, and fortune-stick drawing, you may need to enter:
- Date of birth (Gregorian or lunar)
- Time of birth
- Place of birth (city name and corresponding geographic coordinates, used for true-solar-time and timezone correction)
This information constitutes special metaphysical data that you voluntarily provide. We only collect it when you actively use the relevant features, and we store it in encrypted form both on the local device (using SQLCipher encryption) and on our secure servers. You may view, modify, or delete the entered birth information at any time within the App.
User avatar: When you actively upload an avatar image in the App, the image is locally compressed and uploaded via an encrypted channel (HTTPS) using a pre-signed URL to our third-party object storage service, Amazon Web Services S3 (AWS S3), for display on your profile. We only retain the avatar file and its access URL, and we do not extract facial features, geolocation, or other biometric information from the image. You may replace the avatar at any time via "Settings → Edit Profile", or delete it along with your account via "Settings → Delete Account". AWS acts as our data processor and processes avatar data only on our instructions. For details, see the AWS Privacy Notice.
Divination questions and AI conversation records (AI I Ching app only): When you use the AI I Ching feature, the question text you enter (e.g., "Should I accept this job?"), the hexagram interpretation generated by AI after the cast, and the multi-turn follow-up conversation between you and the AI are saved to our servers (see Section 9 for retention periods), forming your personal divination history. You may view past records, delete individual sessions, or delete all content via "Settings → Delete Account" at any time. During processing, your questions and conversations are sent to our AI service providers (see Section 7).
Virtual currency transaction information: Transaction records generated when you purchase, use, or earn coins through ads or referrals.
Referral information: Records related to using or sharing referral codes.
Payment data: If you choose to make a purchase, we may collect data necessary to process the payment. All payment data is processed and stored by the following payment processors:
- Stripe (https://stripe.com/privacy) — Privacy Policy
- PayPal (https://www.paypal.com/webapps/mpp/ua/privacy-full) — Privacy Policy
- Google Play Billing (mobile in-app purchases only) — View privacy policy
During payment, certain information (such as purchase amount and billing information) is passed to the payment processor. We do not store complete credit or debit card numbers on our servers.
Social media login data: We may offer you the option to register using your existing social media accounts (such as Facebook, X, or Google). If you choose to register this way, we will receive certain profile information from the social media provider; see Section 8 for details.
App data: If you use our Apps and grant us access permissions, we may also collect:
- Geolocation information — Used to provide location-based services (including true-solar-time computation and location-based auspicious/inauspicious calculations). You may change permissions in your device settings.
- Mobile device access — We may request the following device permissions when you use the relevant features:
- Location permission (precise/approximate): Used for true-solar-time computation and location-based fortune calculations. You may turn this off in system settings at any time. - Push notification permission: Used to deliver festival reminders, daily fortune updates, and order notifications after you subscribe to push services. You may turn this off in system notification settings at any time. - Photo/media read permission: Requested only when you actively choose to upload an avatar, in order to read your selected local image.
- We do not currently request permissions for contacts, calendar, camera, microphone, SMS, or phone state.
- Mobile device data — Including device ID, model, operating system, browser type, IP address, etc.
- Push notifications — When you grant push notification permission, Firebase Cloud Messaging generates a registration token (FCM token) for your device. This token is uploaded to our servers and associated with your account, used to actively notify you of festivals, fortune updates, order status changes, or important service notices. You may disable push at any time via system notification settings or in the app at "Settings → Notifications". Once disabled, the token will no longer be used and will be cleaned up when you uninstall the app or delete your account.
Information Collected Automatically
In short: Some information (such as IP address and browser characteristics) is collected automatically when you access our Services.
Information we automatically collect includes:
- Log and usage data — IP address, browser type and settings, pages visited, time on page, date/timestamp, search records, error reports ("crash dumps"), and hardware settings.
- Device data — Device identifier, location, browser type, hardware model, operating system, and system configuration information.
- Location data — Location information based on IP address or GPS (precise or approximate). You may opt out by disabling location settings on your device.
- Advertising identifiers — On Android devices, we and our advertising partners (primarily AppLovin MAX) may collect your device's Google Advertising ID (GAID). The GAID is a device-level identifier that you can reset or delete in your system settings, used for ad attribution, frequency capping, and anti-fraud. It is not stored in association with your name, email, or BaZi metaphysical data. You may reset or delete the GAID on Android at "Settings → Google → Ads". After deletion, the app continues to work normally, but ads you see may be less relevant to your interests.
- App analytics data — Our mobile apps use Firebase Analytics to collect usage data (such as page views, feature usage frequency) and Firebase Crashlytics to collect crash logs (including Java/Kotlin and native NDK layers) to improve app stability and user experience. This data is primarily used for service security and operations, troubleshooting, and internal analytics.
Google API
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Information Collected from Other Sources
We may obtain information about you from public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and other third parties for targeted advertising and event promotion purposes. If you interact with us on social media platforms using a social media account (e.g., Facebook or X), we will receive information such as your name, email address, and gender from that platform. The information we collect from your social media account depends on your privacy settings.
Facebook app data: By default, we access your Facebook basic account information (name, email, gender, birthday, current city, and avatar URL), as well as other information you choose to make public. For more information on Facebook permissions, see the Facebook Permissions Reference.
2. How Do We Process Your Information?
In short: We process your information to provide, improve, and manage our Services, to communicate with you, for security and fraud prevention, and to comply with the law.
We process your personal information for the following purposes:
- Order processing and fulfillment — Including order management, payment, returns, and exchanges.
- Providing core app features — Including BaZi charting, Chinese zodiac fortune analysis, conflict (chong fan) lookup, date selection, auspicious-day recommendations, fortune-stick drawing, and other traditional folk-culture services.
- Account management — Account creation, authentication, and login functions.
- Virtual currency management — Coin balance queries, top-up, transaction records, and referral rewards.
- Service communications — Sending account notifications, order status updates, and service-related communications.
- Marketing communications — With your consent, sending newsletters, promotions, or updates.
- Targeted advertising — Developing and displaying personalized content and ads tailored to your interests.
- Service improvement — Identifying usage trends, evaluating and improving our Services, products, marketing, and your experience.
- Security and compliance — Monitoring and preventing fraud, abuse, and security threats, and fulfilling legal or regulatory obligations.
3. Cookies Policy
In short: We use cookies and other tracking technologies to collect and store your information to improve your browsing experience.
This website uses cookies to improve browsing experience, save user preferences, and analyze site usage. When you use our site, cookies may be stored for:
- Recording your language and interface preferences
- Storing analytics identifiers to measure how the site is used (only after you grant analytics consent)
- Remembering your consent choices so we do not re-prompt on every visit
We also allow third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including managing and displaying ads and customizing ads based on your interests. You may disable cookies in your browser at any time, though some features may not work properly.
Our mobile apps use Firebase Analytics and the AppLovin MAX ad SDK for data analytics and ad serving. You can manage ad tracking preferences through your device settings, including resetting or deleting your Google Advertising ID (GAID).
Google Analytics
We may share your information with Google Analytics to track and analyze the use of our Services. Features we may use include Google Analytics Demographics and Interest Reporting.
Opt-out options:
- Visit https://tools.google.com/dlpage/gaoptout
- Opt out via Google Ads Settings
- Opt out via http://optout.networkadvertising.org/
- Opt out via http://www.networkadvertising.org/mobile-choice
For more information on Google's privacy practices, visit the Google Privacy and Terms page.
4. Third-Party Services and Plugins
We use various third-party services and plugins to operate this website and our apps. Below are the data-processing notes for each:
4.1 Payment Processing We process payments through the following payment processors:
- Stripe (https://stripe.com/privacy) — Privacy Policy
- PayPal (https://www.paypal.com/webapps/mpp/ua/privacy-full) — Privacy Policy
- Google Play Billing (mobile in-app purchases) — View privacy policy
During payment, certain information (such as purchase amount and billing information) is passed to the payment processor.
4.2 Firebase (Mobile Apps) Our mobile apps integrate the following Google Firebase services, operated by Google LLC:
- Firebase Analytics: Collects app usage (page views, feature invocations, session duration, retention), device model, OS version, app version, Firebase Installation ID, and event parameters, used to evaluate product performance and improve user experience.
- Firebase Crashlytics (with NDK symbol uploads): When the app crashes or encounters non-fatal exceptions, automatically collects crash stacks (including Java/Kotlin exceptions and native C++ layer crashes), device model, OS version, app version, Crashlytics Installation ID, and limited breadcrumb logs preceding the crash. Does not automatically collect SharedPreferences contents, user input, birth information, or location data.
- Firebase Cloud Messaging (FCM): Used to deliver push notifications. FCM generates a registration token (FCM token) per installation, which is uploaded to our servers and associated with your account for targeted pushes; the token is invalidated when you uninstall the app, disable notifications, or delete your account.
Firebase data may be transmitted to Google servers in the United States and other regions. For details, see Firebase Privacy and Security and the Google Privacy Policy.
4.3 AppLovin MAX (Mobile Apps) Our mobile apps use the AppLovin MAX SDK to serve rewarded video ads. When you actively watch a rewarded ad to earn coin rewards, AppLovin may collect: your device's advertising ID (Google Advertising ID), device model and OS version, IP address, ad impression and click events, and limited technical parameters needed to prevent ad fraud. AppLovin may use this information for ad serving, frequency capping, attribution analysis, and anti-fraud purposes.
You can reset or delete your advertising ID in system settings (Android: Settings → Google → Ads → Delete Advertising ID) to limit interest-based advertising. For details, see the AppLovin Privacy Policy.
4.4 Supabase (Identity Authentication) We use Supabase (operated by Supabase, Inc.) to provide account authentication, session management, and user profile storage for our mobile apps. Supabase processes the following data: your email address, user unique identifier (UUID), encrypted password credentials, session tokens (access token / refresh token), and profile fields you actively provide (such as display name and avatar URL). When you choose to log in with a third-party social account (e.g., Google), Supabase acts as the authentication intermediary, receiving and processing basic profile data from that social platform.
Supabase servers are located in the United States, the European Union, and other regions; data may be transferred across borders. Supabase is SOC 2 Type II certified and implements industry-standard security measures. For details, see the Supabase Privacy Policy.
4.5 Mobile App Third-Party SDK List To help you understand the third-party components integrated into our mobile apps, the table below lists the main SDKs, their purpose, data categories collected, and links to their privacy policies:
- Firebase Analytics | Provider: Google LLC | Purpose: Usage analytics | Data: Device ID, event parameters, Firebase Installation ID
- Firebase Crashlytics | Provider: Google LLC | Purpose: Crash reporting (incl. NDK) | Data: Crash stack, device model, OS version
- Firebase Cloud Messaging | Provider: Google LLC | Purpose: Push notifications | Data: FCM registration token
- AppLovin MAX | Provider: AppLovin Corp. | Purpose: Rewarded video ads | Data: Advertising ID (GAID), device info, ad interaction events
- Supabase Auth | Provider: Supabase, Inc. | Purpose: Account authentication and session management | Data: Email, user UUID, password credentials, session tokens
- Amazon Web Services S3 | Provider: Amazon.com, Inc. | Purpose: Avatar image cloud storage | Data: Avatar images you actively upload
- Google Play Billing | Provider: Google LLC | Purpose: In-app purchases | Data: Order ID, product ID (payment details handled by Google)
- Coil | Provider: Coil Contributors | Purpose: Network image loading and caching (local) | Data: Does not transmit personal info to third parties
- uCrop | Provider: Yalantis | Purpose: Local avatar cropping | Data: Does not transmit personal info to third parties
- tyme4j | Provider: 6tail | Purpose: Lunar calendar calculation (local pure algorithm) | Data: Does not collect any data
The above SDKs process data only within the scope of their stated purposes. We do not authorize third parties to associate them with your metaphysical data (birth information, BaZi results).
5. When and With Whom Do We Share Your Personal Information?
In short: We may share information with certain categories of third parties in specific circumstances.
Vendors, consultants, and other third-party service providers. We may share your data with third parties who perform services for us or on our behalf ("Third Parties"). We have contracts with these third parties to help protect your personal information. They are not permitted to share your personal information with any organization other than us, and they commit to protecting the data they hold on our behalf.
Categories of third parties with whom we may share personal information:
- Ad networks (e.g., AppLovin MAX)
- AI platforms (currently Google Gemini API; additional providers may be added in the future, see Section 7)
- Data analytics services (e.g., Google Analytics, Firebase Analytics, Firebase Crashlytics)
- Identity authentication services (e.g., Supabase)
- Cloud storage providers (e.g., Amazon Web Services S3)
- Social networks
- Order fulfillment service providers
- Payment processors (Stripe, PayPal, Google Play Billing)
We may also need to share your personal information in the following situations:
- Business transfers. We may share or transfer your information during or in negotiations for a merger, sale of company assets, financing, or acquisition.
- Affiliates. We may share your information with our affiliates, requiring them to comply with this Privacy Notice.
- Business partners. We may share your information with business partners to offer you certain products, services, or promotions.
- Offer walls. Our apps may display third-party-hosted "offer walls" allowing advertisers to offer virtual currency, gifts, or other items. When you click an offer wall, you leave our app, and a unique identifier is shared with the offer wall provider to prevent fraud.
6. Our Position on Third-Party Websites
In short: We are not responsible for the safety of any information you share with third parties that we link to or that advertise on our Services but are not affiliated with us.
Our Services may link to third-party websites, online services, or mobile applications. We make no warranty regarding any such third party. Inclusion of a link does not imply endorsement of the third party. We cannot guarantee the security and privacy of data you provide to any third-party website. You should review the policies of such third parties and contact them directly.
7. Artificial Intelligence Products
In short: We provide products and features powered by AI, including hexagram interpretation in the AI I Ching app, daily fortune text generation, and AI fortune-stick interpretation. Your input is sent to our named AI service providers on the backend; your device does not directly interface with AI services.
7.1 AI Service Providers Currently in Use
- Google LLC — Gemini API (including gemini-2.5-flash-lite, flash, pro model tiers) — used for AI I Ching hexagram interpretation and conversation, daily Chinese zodiac fortune text generation, and fortune-stick interpretation.
We may add other AI service providers in the future (such as DeepSeek, Anthropic Claude, or others) to improve service availability and diversity. Before any new provider is introduced into production, we will update this policy to disclose them by name and note the date in the changelog.
7.2 Data We Send to AI Service Providers
- Your divination question text (e.g., "Should I change jobs?"), sent after sanitization
- Your follow-up conversation text (multi-turn), sent after sanitization
- Structured results of the cast (primary, nuclear, and changed hexagram IDs, line positions, trigram five-element relationships — non-personal information)
- For daily fortune: your Chinese zodiac sign (one of the twelve animals) and the target date
- System prompts written by us to guide AI output format and language
7.3 Data We Do NOT Send to AI Service Providers
- Your real name, email, phone number, or mailing address
- Your account unique identifier (UUID), device ID, or IP address
- Your password or payment credentials
- Your complete history of past divination sessions (only the current session's context)
- Your precise date, time, or place of birth
7.4 AI Service Provider Data Retention We use Google Gemini API through paid API access: per Google's current paid API policy, your input data is not used to train Google's AI models; for safety monitoring and abuse prevention, input data may be retained for a short period. Specific retention periods are governed by the current Gemini API terms.
We cannot control AI service providers' internal logging policies beyond their public commitments. Our processing relationship with providers is governed by their respective terms of service and data processing agreements (DPAs).
7.5 Important Disclaimer Regarding AI Output AI-generated hexagram interpretations, daily fortune text, follow-up responses, fortune-stick interpretations, and similar content are based on Chinese traditional folk culture and the generative capability of AI models. This content is provided for cultural reference and entertainment purposes only and does not constitute professional advice of any kind. Do not use it as the basis for medical, legal, financial, psychological, or other consequential decisions. AI output may contain inaccurate, outdated, or inapplicable content; you should exercise your own judgment.
You must not use our AI products in any manner that violates AI service providers' terms or policies, including but not limited to: attempting to induce AI to output harmful content, circumventing content filters, or passing off AI output as professional advice to third parties.
8. Social Logins
In short: If you choose to register or log in with a social media account, we may access certain information about you.
Our Services allow you to register and log in with third-party social media accounts (such as Facebook, X, or Google). The profile information we receive typically includes your name, email address, friends list, and profile picture. If you use Facebook to log in, we may also request permissions for friends, check-ins, and likes.
We use the information we receive only for the purposes described in this Privacy Notice. Note that we do not control and are not responsible for the third-party social media provider's other uses of your personal information. We recommend reviewing their privacy notice.
9. How Long Do We Retain Your Information?
In short: Unless required otherwise by law, we retain your information only for as long as necessary to fulfill the purposes set forth in this Privacy Notice.
We will retain your personal information only as long as necessary to fulfill the purposes set out in this Privacy Notice, unless a longer retention period is required by law. For example, to comply with tax and accounting requirements, order information may be retained for 7 years.
When we no longer have a legitimate business need to process your personal information, we will delete or anonymize it, or securely store it and isolate it from further processing until deletion is possible.
Retention details for app data:
- Birth information (date, time, location): Retained from entry until you actively delete the entry from the app or delete your entire account. After deletion, the corresponding records are permanently removed from the local encrypted database and our servers.
- Avatar images: Retained from upload until you replace it in the app or delete your account. After deletion, the corresponding file on AWS S3 is asynchronously purged (typically within 7 days).
- Divination questions, hexagrams, and AI conversation records (AI I Ching app only): Retained from the start of each divination until you delete individual sessions in the app or delete your entire account via "Settings → Delete Account". After deletion, the corresponding records are permanently removed from local caches and our servers within 30 days. AI service providers may retain your input text briefly per their respective policies for abuse monitoring (see Section 7); we do not control this retention.
- Device identifiers (FCM registration token, device ID): Cleaned up when you uninstall the app, disable push, or delete your account. Registered tokens typically become invalid on the FCM server within 30 days after uninstall.
- Crash reports and analytics data: After aggregation and de-identification, Firebase Crashlytics retains data by default for 90 days; Firebase Analytics for 14 months.
- Coin transactions and order records: Retained for 7 years from the transaction date to comply with Malaysia and Singapore tax and accounting requirements.
- Payment credential originals: We do not store complete credit/debit card numbers; Stripe, PayPal, and Google Play retain transaction data per their respective policies.
- App account deletion: You can permanently delete your account and all associated data (including profile, coin balance, order records, and referral data) via "Settings → Delete Account" in the mobile app. After deletion, the data is not recoverable.
10. How Do We Keep Your Information Safe?
In short: We use reasonable technical and organizational measures to protect your personal information.
We have implemented appropriate and reasonable technical and organizational security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data. Specific measures include:
- All website and API communications are encrypted via HTTPS
- Mobile app local databases are protected using SQLCipher encryption
- Sensitive keys are managed via native C++ code to prevent decompilation leaks
- Server-side data is stored in protected cloud environments
However, electronic transmission or information storage over the internet cannot be 100% secure, so we cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not defeat our security measures. Transmission of personal information to and from our Services is at your own risk.
11. Do We Collect Information from Minors?
In short: We do not knowingly collect data from or market to children under 18.
We do not knowingly collect, solicit data from, or market to children under 18, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 years old. If we learn that we have collected personal information from a user under 18, we will deactivate the account and take reasonable steps to delete such data. If you become aware of such a situation, please contact us at [email protected].
Users purchasing virtual currency (coins) or paid services must be at least 18 years of age.
12. What Are Your Privacy Rights?
In short: Depending on the laws of your region, you can view, change, or terminate your account at any time.
Under Malaysia PDPA, Singapore PDPA, and the EU GDPR, you have the right to:
- Inquire whether we hold your personal data
- Request access to, correction, or update of your data
- Withdraw consent for marketing communications
- Request deletion or restriction of processing (where permitted by law)
- For EU residents, request data portability
- Permanently delete your app account and all associated data via "Settings → Delete Account" in the mobile app
Withdraw your consent: If we rely on your consent to process your personal information, you have the right to withdraw consent at any time. Please contact us using the methods provided in Section 16. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.
Opt out of marketing communications: You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us at [email protected]. After opting out, you may still receive necessary service-related communications.
Right to complain to a supervisory authority (EU residents): If you are an EU or UK resident and believe our processing of your personal data violates applicable law, you have the right to file a complaint with the data protection supervisory authority in your member state. Common authorities include:
- Irish Data Protection Commission (DPC): https://www.dataprotection.ie
- UK Information Commissioner's Office (ICO): https://ico.org.uk
- French CNIL: https://www.cnil.fr
You can also find your country's supervisory authority on the EU member-state list at https://edpb.europa.eu/about-edpb/about-edpb/members_en. Before filing a complaint, we encourage you to contact us first at [email protected] so we can try to resolve your concerns directly.
12.1 Privacy Rights of California and Other U.S. State Residents (CCPA)
If you are a California resident, under the California Consumer Privacy Act (CCPA, as amended by CPRA) and other California privacy laws, you have the following rights:
- Right to Know: You have the right to request that we disclose the categories, sources, purposes, and recipient categories of personal information we have collected, used, disclosed, or shared over the past 12 months.
- Right to Delete: You may request that we delete personal information we have collected about you, except where retention is permitted or required by law (e.g., to complete a transaction, conduct compliance audits, prevent fraud).
- Right to Correct: You may request that we correct inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information, nor do we share your personal information for cross-context behavioral advertising in exchange for money or other valuable consideration. Therefore, no dedicated "Do Not Sell or Share My Personal Information" page is provided at this time; if this ever changes in the future, we will state so explicitly in this policy beforehand.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information (such as date of birth and time of birth) beyond what is necessary to infer your characteristics. We currently use such information only for the metaphysical services you actively request.
- Right to Non-Discrimination: After exercising the above rights, we will not deny you service, charge different prices, or provide different quality of service.
Residents of other U.S. states (such as Colorado, Connecticut, Utah, Virginia, etc.) may enjoy similar rights granted by local law.
How to exercise your rights: Please contact us at [email protected] with the subject "California/U.S. Privacy Request". We will respond within 45 days, extendable to 90 days if necessary. We will reasonably verify your identity before processing your request to prevent identity fraud.
Authorized agent requests: You may designate an authorized agent to submit requests on your behalf. We may require the agent to provide written authorization and your identity verification.
12.2 Privacy Rights of Users in Mainland China (PIPL)
If you are located in the mainland region of the People's Republic of China, under the Personal Information Protection Law of the People's Republic of China ("PIPL"), you have the following rights:
- Right to know and decide: You have the right to know the purposes, means, and types of our processing of your personal information, and the right to decide, restrict, or refuse processing.
- Right to access and copy: You have the right to access or copy your personal information held by us.
- Right to correct and supplement: If you find that your personal information is inaccurate or incomplete, you have the right to request correction or supplementation.
- Right to delete: Under statutory conditions (e.g., the processing purpose has been achieved, you have withdrawn consent, we have processed in violation), you may request that we delete your personal information. You may also exercise this right directly via "Settings → Delete Account" in the app.
- Right to withdraw consent: For processing based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal based on consent.
- Right to explanation: For automated decisions (such as personalized recommendations, ad ranking), you have the right to require us to explain the logic and provide ways to refuse decisions made solely by automated means.
- Rights of close relatives after death: For deceased natural persons, close relatives may, for their own lawful and proper interests, exercise the relevant rights set out in this section regarding the deceased's personal information.
Cross-border transfers: Some of your data may be transferred to servers outside mainland China due to technical architecture (e.g., Google, Firebase, Supabase, AWS facilities in the United States and the European Union). We will take necessary measures in accordance with PIPL requirements to ensure that overseas recipients provide protection no lower than that under this policy.
Contact: To exercise the above rights, please contact us at [email protected] with "PIPL Request" noted. We will respond within 15 business days.
Account Information
To access, change, or terminate your account, please contact us using the contact information provided. After account termination, we will deactivate or delete your account and information from active databases. However, we may retain certain information to prevent fraud, troubleshoot, assist investigations, enforce legal terms, and/or comply with legal requirements. Note: Coin balances will not be refunded after app account deletion.
Cookies and similar technologies: Most browsers accept cookies by default. You can configure your browser to delete or reject cookies, but this may affect certain features. You can also opt out of interest-based advertising.
If you have any questions about your privacy rights, please contact us at [email protected].
Filing a complaint with the Malaysia Personal Data Protection Department (JPDP):
If you believe we have processed your personal data in violation of Malaysia PDPA 2010, you may file a complaint with the Personal Data Protection Commissioner of Malaysia:
- Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi, JPDP)
- Aras 6, Kompleks Kementerian Komunikasi dan Multimedia, Lot 4G9, Persiaran Perdana, Presint 4, Pusat Pentadbiran Kerajaan Persekutuan, 62100 Putrajaya, Malaysia
- Email: [email protected]
- Website: https://www.pdp.gov.my/
We encourage you to contact us at [email protected] first so we can attempt to resolve your concern directly before escalation.
Withdraw Consent
You can withdraw consent for non-essential cookies at any time. Once you withdraw, Google Analytics stops collecting data and the stored _ga / _gid cookies are cleared.
13. Data Sharing and International Transfers
Since our Services may be hosted on international servers (including third-party services such as Google, Firebase, Supabase, AppLovin, Amazon Web Services, Stripe, PayPal, etc.), your data may be transferred to countries other than Malaysia. We work only with service providers that meet privacy and security requirements to ensure reasonable protection of data during cross-border transfers.
14. Do Not Track Controls
Most browsers and some mobile operating systems include a "Do Not Track" (DNT) feature. No uniform technical standard currently identifies and implements DNT signals. Therefore, we do not currently respond to DNT browser signals. If a relevant standard is adopted in the future, we will inform you in a revised version of this Privacy Notice.
15. Privacy Policy Updates
In short: We will update this notice as needed to remain compliant with applicable law.
We may update this Privacy Policy from time to time to reflect technological, regulatory, or business changes. Updated versions will be indicated by the "Last Updated" date at the top of this page. For material changes, we may notify you via prominent notice or directly. We encourage you to review this Privacy Notice regularly.
Changelog:
- June 21, 2026: Added clauses for the AI I Ching (com.iching.oracle) app launch; rewrote Section 7 — named Google Gemini API explicitly, added subsections 7.1 to 7.5, clarified data sent/not sent to AI providers, AI provider retention policy, and strengthened AI output disclaimer; added divination question and AI conversation record data collection in Section 1; added retention details for these in Section 9; updated AI platform naming in Section 5. Added full English version of this Privacy Policy.
- May 6, 2026: Added CCPA (California) and PIPL (Mainland China) rights explanations; explicitly disclosed AppLovin MAX, Supabase, and AWS S3; clarified processing of avatar upload, birth location, Google Advertising ID, and FCM tokens; refined Firebase Crashlytics (incl. NDK) description; added mobile SDK list table, app data retention details, and EU regulator complaint guidance; removed outdated language regarding contacts and calendar permissions.
- April 13, 2026: Initial version published.
16. Contact Us
If you have any questions about this Privacy Policy or the use of your personal data, please contact us:
Shun Qian Trading (SSM: 202303132415) Brand: 顺乾风水命理 / Shun Qian Feng Shui & Metaphysics / Bazi2u Online + on-site service only — no retail outlet Email: [email protected] Web: https://bazi2u.com Messenger: https://m.me/shunqian.fengshui
To request access to, update, or deletion of your personal information, please contact us at [email protected].
EU Representative (GDPR Art. 27): We do not currently maintain an establishment in the EU, nor have we designated an EU representative within the meaning of GDPR Article 27. EU residents with any queries or requests regarding personal data processing may contact us directly at [email protected]. We will respond to your requests with the same standards as if an EU representative were designated. If we appoint an EU representative in the future, this policy will be updated with the representative's name and contact information.
For postal correspondence: As we operate online and on-site only (no retail outlet), please send all postal inquiries via email to [email protected] and we will arrange a return address if needed.