Privacy Policy

How Palmly handles your data

2026/05/02

Last updated: May 2, 2026

Overview

Palmly creates AI palm readings from user-submitted palm photos. This Privacy Policy explains what we collect, why we collect it, and which third-party services help us operate the product.

Information We Collect

We may collect the following information when you use the service:

  • Account information, such as your name, email address, login provider, and authentication session if account features are enabled.
  • Palm reading inputs, including uploaded palm photos, photo quality signals, optional notes, and related configuration choices.
  • Reading task data, such as task IDs, status, report content, timestamps, and usage counts.
  • Billing information handled by Creem, such as subscription status, product IDs, and transaction metadata. We do not store full card numbers.
  • Technical data, such as IP address, browser, device type, request logs, and error logs needed for security and debugging.
  • Optional analytics events if analytics is enabled, such as page views and feature usage.

How We Use Information

We use this information to:

  • Generate palm readings and show task status.
  • Maintain accounts, sessions, quotas, billing state, and support history.
  • Prevent abuse, rate-limit expensive generation requests, and protect the service.
  • Debug failures, improve reading quality, and decide which report features to build next.
  • Send service-related emails, such as login, billing, support, or account notifications.

AI Processing

When you upload a palm photo, we may send the relevant request data to one or more third-party AI providers to complete the reading. These providers may process your uploaded photo and related metadata to complete the request. MVP-0 keeps the demo photo in your browser for preview; future versions may store selected reports if account history, payment unlock, or PDF download is enabled.

Do not upload private, confidential, or third-party images unless you have the right to use them.

Third-Party Services

We use third-party providers to operate the product:

  • Vercel for hosting and deployment.
  • Supabase for database storage.
  • Third-party AI providers for palm photo analysis and report generation where enabled.
  • Creem for payments, subscriptions, and order handling.
  • Better Auth, Google, and GitHub for authentication where enabled.
  • Resend for transactional email where enabled.
  • Analytics providers such as Vercel Analytics, Plausible, Umami, OpenPanel, Ahrefs, Seline, or DataFast only if configured.

Each provider processes data under its own terms and privacy commitments.

Retention

We keep account, billing, and usage records as long as needed to provide the service, comply with legal obligations, resolve disputes, and prevent abuse. Palm photos, task records, and generated reports may be retained while the feature is active or until you request deletion, unless we need to keep records for security, billing, or legal reasons.

Your Choices

You can request access, correction, export, or deletion of personal data by contacting support. You can also stop using the service, cancel paid plans through the billing flow, or clear local cookies from your browser.

Security

We use reasonable technical and organizational measures to protect data, including HTTPS, restricted access, secure authentication, and managed infrastructure. No internet service can be guaranteed to be completely secure.

Children's Privacy

The service is not intended for children under 13. If you believe a child has provided personal data, contact us so we can delete it.

Changes

We may update this Privacy Policy as the product changes. The latest version will be posted on this page with an updated date.

Contact

For privacy questions, contact support through the website or the email address configured for this product.