← Handbook
知己 (Zhiji) is a Chinese metaphysics reading platform operated from Singapore. When we say "we," "us," or "our," we mean the operators of zhiji.io and find.zhiji.io.
We generate personalized readings integrating BaZi (八字), Zi Wei Dou Shu (紫微斗数), and I Ching (易经) using artificial intelligence. This privacy policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have over your data.
Data Protection Officer
Name: Kong Aik Lee
Email: find.zhiji@gmail.com
| Data | When | Why |
|---|---|---|
| Name, email address, profile photo | When you sign in with Google | To create and manage your account |
| Birth date, birth time, birth location | When you request a reading | To calculate your BaZi chart, ZWDS chart, and I Ching reading |
| Gender | During onboarding | To personalize your reading |
| Questions or topics of interest | During onboarding (stored in your browser's localStorage) | To tailor the focus of your AI-generated reading |
| Payment information | When you purchase credits | To process your payment (handled entirely by Stripe — we never see or store your card number) |
| Data | How | Why |
|---|---|---|
| Browser type, device type, IP address | Standard web request headers | Security, fraud prevention, and basic analytics |
| Pages visited and actions taken | Application logs | To improve the product and troubleshoot issues |
| Authentication tokens | Stored in your browser's localStorage | To keep you signed in (strictly necessary — no consent required) |
When you sign in with Google, Google shares your name, email address, and profile photo with us under their OAuth protocol. Google acts as an independent controller for authentication data. See Google's privacy policy at policies.google.com/privacy.
| Purpose | Data used | Legal basis (GDPR) | PDPA basis |
|---|---|---|---|
| Create and manage your account | Google OAuth data, email | Contract performance (Art. 6(1)(b)) | Consent at sign-up |
| Generate your personalized reading | Birth date, time, location, gender, onboarding questions | Explicit consent (Art. 6(1)(a)) | Consent at sign-up |
| Process payments | Payment details via Stripe | Contract performance + legal obligation | Consent + legal obligation |
| Store your reading history | Generated readings, chart data | Contract performance (Art. 6(1)(b)) | Consent at sign-up |
| Send transactional emails | Email address | Contract performance (Art. 6(1)(b)) | Consent at sign-up |
| Security monitoring and fraud prevention | IP address, authentication logs | Legitimate interest (Art. 6(1)(f)) | Legitimate interest |
| Product improvement | Aggregated, anonymized usage data | Legitimate interest (Art. 6(1)(f)) | Business improvement exception |
We do not sell your personal data. We do not share your personal data for cross-context behavioral advertising. We do not use your data for purposes other than those listed above.
This is the part that matters most for a service like ours, so we want to be specific.
What happens when you request a reading:
What is sent to Anthropic: Your birth date, birth time, birth location, calculated chart data (pillars, stars, elements), gender, and any onboarding questions you provided. Your name is NOT sent to Anthropic.
What Anthropic does with your data: Anthropic processes your data solely to generate your reading. Under Anthropic's commercial API terms, your inputs and outputs are NOT used to train their AI models. API inputs and outputs are retained by Anthropic for up to 30 days for safety and abuse monitoring, then automatically deleted.
Important disclaimers about AI-generated readings: Readings are generated by artificial intelligence and are provided for personal reflection and entertainment purposes. AI-generated content may contain inaccuracies. Readings should not be relied upon as factual predictions or as a substitute for professional advice of any kind, including medical, psychological, financial, or legal advice. We do not guarantee the accuracy of any AI-generated reading.
Your birth data and philosophical beliefs: Under the EU's GDPR, providing birth data specifically for a metaphysical reading may reveal philosophical beliefs, which are considered "special category" data requiring additional protection. We treat your birth data with this higher standard of care regardless of where you are located. We collect and process this data only with your explicit consent, which you provide when you enter your birth details and request a reading. You may withdraw this consent at any time (see Section 8).
We share your data only with the service providers necessary to operate zhiji.io. We do not sell your data. We do not share it for advertising.
| Provider | What they receive | Why | Location |
|---|---|---|---|
| Anthropic (Claude API) | Birth data, chart data, gender, onboarding questions | AI reading generation | United States |
| Supabase | All account and application data | Database hosting and authentication | AWS South Asia (Mumbai) |
| Vercel | Request data, page content | Website hosting and delivery | United States (primarily AWS) |
| Stripe | Payment and billing information | Payment processing | United States / Ireland |
| OAuth tokens, name, email, photo | Sign-in authentication | United States |
Each provider operates under a Data Processing Agreement (DPA) that restricts their use of your data to the purposes listed above. We do not store your payment card information — all payment processing is handled by Stripe.
We are based in Singapore. Your data may be transferred to and processed in the United States (where our service providers operate) and India (where our database is hosted).
For users in the EEA, UK, or Switzerland: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as our transfer mechanism for data leaving the EEA. For US-based processors certified under the EU-US Data Privacy Framework, we additionally rely on their DPF certification.
For users in Singapore: Cross-border transfers are made in accordance with Section 26 of the PDPA. We ensure that recipients of your data are bound by legally enforceable obligations to provide a comparable standard of protection.
| Data type | Retention period | Reason |
|---|---|---|
| Account data (email, name, photo) | Until you delete your account + 30 days | Service provision and grace period |
| Birth data (date, time, location) | Until you delete your account + 30 days | Core service data |
| Reading history and saved readings | Until you delete your account | User-requested feature |
| Payment records | 7 years after transaction | Tax and financial record-keeping |
| Authentication logs | 90 days (rolling) | Security monitoring |
| API logs at Anthropic | Up to 30 days (controlled by Anthropic) | Safety and abuse monitoring |
| Consent records | 3 years after last activity | Accountability and compliance |
When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law.
Regardless of where you live, you can:
To exercise any of these rights, email find.zhiji@gmail.com. We will respond within 30 days.
If you are in the EEA, UK, or Switzerland, you also have the right to data portability, restrict processing, object to processing based on legitimate interests, and request human review of automated decisions. Our AI readings are generated by automated processing of your birth data. You have the right to request human review, express your point of view, and contest the output. Contact find.zhiji@gmail.com.
If you are a California resident, you have the right to know what personal information we collect, delete your information, correct inaccurate information, and opt out of the sale or sharing of personal information. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals where required by law.
Under the Personal Data Protection Act 2012, you have the right to access your personal data, correct errors, and withdraw consent for any purpose with reasonable notice. Consequences of withdrawal: withdrawing consent for birth data processing means we cannot generate readings for you. Contact our Data Protection Officer at find.zhiji@gmail.com.
We use minimal browser storage. We do not use tracking cookies or third-party advertising cookies.
| Technology | Type | Purpose | Consent required? |
|---|---|---|---|
| Supabase auth token | localStorage | Keeping you signed in | No (strictly necessary) |
| Onboarding question | localStorage | Storing your question for reading generation | Yes (functional) |
| Reading state | localStorage | Managing loading and display state | No (strictly necessary) |
We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.
Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. Since our service requires a birth date to function, if the birth date provided indicates the user is under 18, we will not create an account or generate a reading.
We implement technical and organizational measures to protect your data, including TLS encryption for all data in transit, Row-Level Security (RLS) policies on our database, Google OAuth for authentication, and PCI DSS Level 1 certified payment processing through Stripe. No system is 100% secure. If we discover a data breach, we will notify the relevant authorities and affected individuals as required by law.
We may update this policy from time to time. When we make material changes, we will notify you by email or by a prominent notice on zhiji.io before the changes take effect. The "Last updated" date at the top will always reflect the most recent revision.
General privacy inquiries and data subject requests:
Email: find.zhiji@gmail.com
Data Protection Officer:
Kong Aik Lee · find.zhiji@gmail.com
Response times: General inquiries within 30 days. PDPA requests within 30 days (may extend to 60 days with notice). GDPR requests within 30 days (may extend to 90 days for complex requests). CCPA requests within 45 days (may extend to 90 days).
This privacy policy was last reviewed on 29 March 2026.