1. Who We Are
MingYi B.V., registered in the Netherlands, is the data controller for the personal data collected through this Service. For any privacy-related questions, contact us via our Contact page or write to privacy@mingyi.com.
2. What Data We Collect
2.1 Account Data
When you create an account, we collect your email address, a hashed password (we never store your password in plain text), your timezone, and (optionally) your name.
2.2 Birth Data
To deliver readings we need the date, time, and place of birth. This data is stored encrypted at rest and is auto-anonymized after 90 days of account inactivity.
2.3 Payment Data
Payments are processed by PayPal. We do not see or store your credit card number or bank account. We store only the PayPal transaction ID and the last 4 digits of any subscription reference.
2.4 Communications
Messages you send through our chat are stored so we can deliver your readings and improve our service. Customer service emails are retained for 24 months.
2.5 Usage Data
We collect anonymized analytics: pages visited, time on page, feature usage. We do not use third-party analytics cookies by default.
3. How We Use Your Data
- To deliver readings, date selections, and other services you purchase.
- To process payments and manage your subscription.
- To send you service-related emails (order confirmations, reading delivery).
- To send marketing emails only with your explicit consent. You can opt out at any time.
- To detect and prevent fraud and abuse.
- To comply with legal obligations.
4. Legal Bases (GDPR)
Under the EU General Data Protection Regulation, we rely on the following legal bases:
- Contract — to deliver the services you purchase.
- Consent — for marketing emails and non-essential cookies.
- Legitimate interest — for fraud prevention and basic analytics.
- Legal obligation — for tax and accounting records (7-year retention).
5. Cookies & Browser Storage
We use essential browser storage for login, cart, language preference, security, and cookie-notice acknowledgement. This currently includes local storage and may include strictly necessary cookies if session handling changes. We do not use third-party tracking cookies by default. If we add non-essential analytics or advertising cookies later, we will request consent first through a cookie banner.
6. Sharing & Third Parties
We do not sell your personal data. We share data only with:
- PayPal — for payment processing (governed by PayPal's privacy policy).
- Email service — for transactional emails (Resend Inc., US, EU-US Data Privacy Framework certified).
- Hosting — for server hosting (within the EU).
- Law enforcement — when required by valid legal process.
7. International Transfers
Some of our service providers (PayPal, Resend) are based outside the EEA. Where we transfer data internationally, we rely on Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework to ensure your data remains protected.
8. Data Retention
- Account data: while your account is active.
- Birth data: until anonymization (90 days after last login) or account deletion.
- Order data: 7 years (legal obligation).
- Customer service emails: 24 months.
- Backups: 30 days rolling.
9. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of your data.
- Rectification — correct inaccurate data.
- Erasure — request deletion ("right to be forgotten").
- Restriction — limit how we process your data.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interest.
- Withdraw consent — at any time, where processing is based on consent.
- Lodge a complaint — with your local data protection authority.
To exercise any of these rights, contact privacy@mingyi.com. We respond within 30 days.
10. Security
We protect your data using industry-standard measures: TLS in transit, AES-256 at rest, bcrypt-hashed passwords, role-based access for staff, and 24/7 monitoring of our infrastructure. See our Disclaimer for the limits of any security guarantee.
11. Children
The Service is not directed to children under 18. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately for deletion.
12. Changes to This Policy
Material changes will be notified by email at least 30 days before they take effect.
— Arthur, MingYi · 2026