PRIVACY POLICY

Last Updated: 05/14/2026

This Privacy Policy ("Policy") explains how Eisberg Labs d.o.o. za proizvodnju i usluge ("we", "us", or "our") collects, uses, and protects information from users ("you") of the Jiazi mobile application and related services (collectively, the "App" or "Services").

We are the Data Controller under the EU General Data Protection Regulation (GDPR) for personal data processed through the Services.

1. WHO WE ARE

Eisberg Labs d.o.o. za proizvodnju i usluge Celjska ulica 3 OIB: 44452565653 Website: https://www.eisberg-labs.com Email: support+bazi@hexagramdreams.com

2. INFORMATION WE COLLECT

a. App - Anonymous Use

You can use the Jiazi app without signing in. When you use the app without an account, we and our service providers may automatically collect certain technical and behavioral data, including:

Device type and operating system
Unique device identifiers (such as the Google Advertising ID on Android, or the IDFA on iOS, subject to App Tracking Transparency consent)
IP address (used for approximate location and abuse prevention)
App version, language, theme, and other in-app preferences
Behavioral product analytics events about how you use the app - for example, when you create a profile, view a daily/monthly/yearly reading, change a setting, or open a chart
Performance and crash data

Birth date, birth time, and birth location entered for chart calculation are stored locally on your device by default. They are only sent to our servers if you sign in (Section 2b) or when explicitly required to generate an AI-assisted reading (Section 2c).

b. App - Signed-In Use (Optional)

If you choose to sign in with Apple or Google to sync your profiles and readings across devices, we additionally collect and process:

Your email address and display name (provided by Apple or Google)
A unique account identifier (Firebase UID)
Your saved profiles (name, birth date, birth time, birth location), reading history, notes, and app settings (synced to our cloud database so you can restore them on a new device)
The date of your first sign-in

c. App - AI Features

When you request an AI-generated reading or interpretation, the relevant chart context (such as the four pillars derived from a profile) is sent to OpenAI for processing. The interpretation is returned to your device and stored in your reading history. We do not send AI prompt text to any analytics provider.

d. Website

The Jiazi website (bazi.hexagramdreams.com) may use cookies and analytics to support functionality and understand traffic. These technologies may collect:

Browser type and version
IP address and approximate location
Pages visited and time spent
Cookies or similar identifiers

You can manage or disable cookies in your browser settings.

3. THIRD-PARTY SERVICES

We rely on trusted third-party providers to operate, analyze, and improve the Services. Each processes your data as our service provider and under their own privacy policies.

Service	Purpose	Privacy Policy
Firebase (Google LLC)	Authentication, cloud database (Firestore), Cloud Functions, Analytics	policies.google.com/privacy · firebase.google.com/support/privacy
Google Sign-In (Google LLC)	Account authentication	policies.google.com/privacy
OpenAI, L.L.C.	AI-generated readings and interpretations	openai.com/policies/privacy-policy
RevenueCat, Inc.	Subscription management and entitlement verification	revenuecat.com/privacy
Sentry (Functional Software, Inc.)	Anonymized error and crash reporting - no personally identifiable information is sent (`sendDefaultPii` is disabled, and no user identifiers are attached to events)	sentry.io/privacy/
Apple Inc.	App distribution, in-app purchases, Sign in with Apple	apple.com/legal/privacy/
Google LLC (Play)	App distribution and in-app purchases on Android	policies.google.com/privacy

4. APP TRACKING TRANSPARENCY (iOS)

On iOS, we honor Apple's App Tracking Transparency (ATT) framework. When you first open the app, you will be asked whether to allow tracking.

If you allow tracking, Firebase Analytics is enabled.
If you decline (or have not yet responded), Firebase Analytics is disabled - no events are sent.
Anonymized crash reports (Sentry), authentication, subscription management, AI features, and your synced data continue to function regardless of ATT, because they are necessary to provide the Services you have requested. Sentry receives no personally identifiable information.

You can change your ATT decision at any time in iOS Settings → Privacy & Security → Tracking.

On Android, the equivalent control is Settings → Google → Ads ("Opt out of Ads Personalization").

5. HOW WE USE INFORMATION

We use collected information to:

Provide the Services - calculate your bazi chart, sync your profiles and readings, deliver AI interpretations, manage subscriptions
Operate and improve the App and website - analyze usage to understand which features are valuable and which are confusing
Identify and fix technical problems - crash reports and performance metrics
Communicate with you - respond to support requests
Comply with legal obligations

Purpose	Lawful basis
Authentication, sync, AI interpretations, subscription	Performance of a contract (Article 6(1)(b))
Product analytics, crash reporting	Legitimate interests in improving the Services (Article 6(1)(f)); on iOS, contingent on ATT consent (Article 6(1)(a))
Legal compliance	Legal obligation (Article 6(1)(c))

We do not sell your personal data. We do not show third-party ads inside the Jiazi app.

We share information only in these cases:

With Service Providers listed in Section 3, who process data on our behalf
For Legal Compliance where disclosure is required by law, court order, or government request
During Business Transfers if our business or assets are sold or merged

Some of these providers (e.g., Firebase, OpenAI) are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on adequacy decisions or Standard Contractual Clauses approved by the European Commission.

7. DATA RETENTION

Account data (email, display name, Firebase UID) - retained for as long as your account is active. Deleted on request (see Section 9).
Synced profiles and reading history - retained until you delete them or your account.
Product analytics events (Firebase Analytics) - retained for up to 24 months, then aggregated or deleted.
Anonymized crash reports (Sentry) - retained for 90 days.
AI prompt text (OpenAI) - handled per OpenAI's retention policy. We do not retain a separate copy on our analytics infrastructure.
Logs - operational logs are retained for up to 30 days.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

Right of access - request a copy of the data we hold about you
Right to rectification - correct inaccurate or incomplete data
Right to erasure ("right to be forgotten") - request deletion of your data
Right to restriction - limit how we process your data
Right to data portability - receive your data in a machine-readable format
Right to object - object to processing based on legitimate interests, including analytics
Right to withdraw consent - at any time, where processing is based on consent (e.g., revoke ATT in iOS Settings)
Right to lodge a complaint with your local data protection authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP).

To exercise any of these rights, email support+bazi@hexagramdreams.com. We will respond within 30 days.

9. ACCOUNT AND DATA DELETION

You can delete your account and all associated personal data at any time by emailing support+bazi@hexagramdreams.com from the email address linked to your account. We will:

Delete your account, synced profiles, reading history, and personal identifiers within 30 days
Instruct our service providers (Firebase, RevenueCat) to delete or anonymize your data
Retain only what is required by law (e.g., billing records for tax purposes)

If you have not signed in, no account exists to delete; uninstalling the app removes locally stored data.

10. DATA SECURITY

We use appropriate technical and organizational measures to protect data, including encryption in transit (TLS), encryption at rest for synced data, access controls, and regular security review. However, no method of transmission or storage is completely secure.

11. CHILDREN'S PRIVACY

Our Services are not directed to children under 13 (or 16 in the European Economic Area). We do not knowingly collect data from children. If we discover such data, we delete it immediately. If you believe a child has provided us with personal data, contact us at support+bazi@hexagramdreams.com.

12. CHANGES TO THIS POLICY

We may update this Policy periodically. The "Last Updated" date at the top indicates the most recent version. For material changes, we will notify you within the app or by email if you have an account. Continued use of our Services after the effective date means you accept the updated Policy.

13. CONTACT US

If you have any questions, concerns, or requests regarding this Policy or your personal data, contact us at:

support+bazi@hexagramdreams.com

1. WHO WE ARE​

2. INFORMATION WE COLLECT​

a. App - Anonymous Use​

b. App - Signed-In Use (Optional)​

c. App - AI Features​

d. Website​

3. THIRD-PARTY SERVICES​

4. APP TRACKING TRANSPARENCY (iOS)​

5. HOW WE USE INFORMATION​

Lawful basis under GDPR​

6. SHARING INFORMATION​

7. DATA RETENTION​

8. YOUR RIGHTS UNDER GDPR​

9. ACCOUNT AND DATA DELETION​

10. DATA SECURITY​

11. CHILDREN'S PRIVACY​

12. CHANGES TO THIS POLICY​

13. CONTACT US​