Last updated: May 9, 2026
Privacy Policy
Ask Akasha is a space for you to talk to yourself. We treat the moments you entrust to us as private. This page tells you, in plain language: what we collect, why, who can see it, how long we keep it, and what you can do at any time.
1. What we collect
Account info: email, hashed password, display name (optional), avatar URL (provided by Google / Apple when you sign in via OAuth). Reading content: the questions you ask, their visibility (private / self only / encrypted), notes you write, stars you put on readings. Profile: the birth info you provide during Onboarding (name, birth date, birth time, birth place), cultural preference, focus topics, personality baseline (answers to 5 scaled questions). This information personalizes the AI's readings for you. Technical info: device type at sign-in, IP address (for abuse prevention), timezone (from your browser, stored in the ak_tz cookie, used to compute "today"), Onboarding state (cookie ak_onboarded), Cookie consent (cookie ak_cookie_consent). We do not collect: precise geolocation, contacts, camera/microphone, third-party tracking cookies.
2. How we use it
Provide the readings: send your questions to AI models to generate readings; inject your profile into the prompt to personalize them. Maintain your account: sign-in, email verification, change email/password, sign out from all devices. Notices and operational reminders: account-security changes, email verification, password reset, deletion / restoration confirmation. We do not send marketing emails. Safety and abuse prevention: rate-limiting via Upstash; tracking failed sign-ins to deter brute force. We do not: use your readings to train third-party AI models; sell your profile or readings to advertisers; match you with anyone in your contacts.
3. Who can see it
You: always. Our operators: only the minimum data necessary, and only when you ask us for help or when we troubleshoot a specific incident on your account. Third-party processors (only as needed): • OpenRouter / model providers: process the questions and profile we send to generate a reading, then discard. Our contracts forbid them from retaining your content. • Resend: sends system emails (verification, notices). They see your email address and the email body. • Supabase: stores your account, profile, and reading history. This is where your data lives. • Vercel: hosts the site itself; requests pass through their servers briefly. • Upstash Redis: stores rate-limit counters (only IP / user ID + timestamps, no question content). We never sell your profile or reading content to any third party.
4. How long we keep it
Account and profile: kept for as long as your account exists. Reading history: kept indefinitely by default — that is the point of the Akashic Folio. You can delete entries individually at any time, or wipe everything in settings. Account deletion: a deletion request soft-deletes immediately (you can no longer sign in or be seen) and gives you a 30-day grace period during which you can restore your account from the sign-in page; after 30 days the system permanently deletes your account the next time anyone tries to sign in with that email. Email verification token: 24-hour expiry. Email-change token: 24-hour expiry. Session JWT: 30-day sliding window; changing your password or signing out from all devices invalidates every existing JWT immediately.
5. Your rights
View: your profile, history, and settings are always visible at /settings and /history. Edit: change email, password, display name, profile (personality baseline + focus + culture), birth info under /settings. Delete: delete a reading from the history page; delete your account from the Danger Zone in /settings. Export: an export button is not yet available in MVP; please email us if you'd like a copy of your data. Withdraw consent: change cookie consent in /settings; changing password / sign-out-all-devices signs you out everywhere immediately.
6. Cookie policy
We use three classes of cookies, all necessary / functional, none for tracking or advertising: • Session cookies (next-auth): keep you signed in. Cleared on sign-out. • ak_tz: your browser timezone, used to compute "today" boundaries in your local time. • ak_onboarded: marks whether you've finished Onboarding, to skip redundant redirects. • ak_cookie_consent: records that you've seen the Cookie notice. We do not use Google Analytics, Facebook Pixel, or any third-party tracking.
7. Children
Ask Akasha is not intended for children under 13. If we discover an account belonging to a minor, we will delete it and all associated data.
8. Changes to this policy
Material changes (e.g., a new use of data, a new third-party processor) will be announced by email or in-app banner before they take effect. Non-material updates simply revise the date at the top of this page.
9. Contact us
Questions about this policy, or to exercise your rights (export, delete, edit), email hello@askakasha.com. We respond within 7 business days.