Privacy Policy

Sixth Veil ("Sixth Veil," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect about you when you use our website at sixthveil.com or our Service, how we use that information, who we share it with, and the choices you have. Sixth Veil is operated from the Commonwealth of Virginia, United States.

By using the Service, you agree to the data practices described here. If you do not agree, please do not use the Service.

1. Information we collect

Information you provide directly

• Account information: email address (required) and password (we never see the plaintext password — it is hashed by our authentication provider, Supabase).
• Profile information: the name you'd like the readers to call you, your birthday (used to derive your zodiac sign and life-path number), and an optional "what brings you here" message.
• Conversation content: the text messages you send to a reader and the spoken words you say during a voice reading. Voice audio itself is processed in real time by our voice-AI provider and is not stored by us; the resulting text transcripts are stored.
• Payment information: when you make a purchase, you provide payment details directly to our payment processor (Stripe). We receive a customer record and a record of the transaction, but we do not see or store your full card number, CVV, or bank account details.
• Communications with us: any emails or other messages you send us.

Information generated about you by the Service

• Derived profile data: your zodiac sign, life-path number, and inferred form of address (e.g., the readers may learn over time how you prefer to be addressed; this is stored on your profile).
• Reading history: a record of every conversation you have, including timestamps, the character involved, the message-by-message transcript, and a short AI-generated summary of each session.
• Memories: short factual statements ("they have a partner named Marcus") that the AI extracts at the end of each conversation. These are shared among all four readers to create the experience that the readers know you over time.
• Usage data: per-session records of how much voice time or how many text messages you used, and which source funded it (free trial, member allowance, credit balance).

Information collected automatically

• Technical data: IP address, browser type, device type, operating system, and similar information collected by our hosting and CDN provider (Cloudflare) for security, fraud prevention, and basic analytics.
• Cookies: see Section 5.

Affiliate referrals

If you arrive at our Site via a link containing a referral code (e.g., ?ref=AFFILIATECODE), we store that code in your browser's local storage and, when you create an account, attach it to your profile. This lets us pay the referring partner a commission on purchases you make for 12 months after signup.

2. How we use information

We use the information we collect to:

• Provide and operate the Service — authenticate you, generate the readers' responses based on your profile and memories, store your reading history, and meter your usage.
• Process payments and manage your subscription or credit balance.
• Personalize your experience so the readers reference what they have learned about you across sessions.
• Communicate with you about your account, including account confirmations, security alerts, billing receipts, and (if you opt in to marketing) news about the Service.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with applicable law and respond to lawful requests from authorities.
• Improve the Service — for example, by analyzing aggregated usage patterns to decide what to build next. We do not use your individual conversation content to improve the Service in a way that would affect other users.
• Pay affiliate commissions to referral partners.

We do not sell your personal information. We do not use it for cross-context behavioral advertising. We do not share it with data brokers.

3. Third parties we share with

We share personal information only with service providers that help us operate the Service, and only to the extent necessary for them to do their job. We have contracts in place with these providers that require them to protect your data.

Provider	Purpose	What is shared
Supabase	Database hosting, user authentication	Email, hashed password, profile, conversations, memories, usage records
Anthropic (Claude)	AI language model that powers the readers' responses	The current conversation context and your messages, sent in real time to generate each reply. Anthropic's terms prohibit using this data to train their models.
ElevenLabs	Voice synthesis and real-time conversational-AI infrastructure for voice readings	Voice audio (processed transiently for speech recognition and synthesis), and the conversation context for each voice session
Stripe	Payment processing, billing portal, subscription management	Your name, email, and payment details (entered by you directly to Stripe). We receive transaction status and the last 4 digits of the card used.
Cloudflare	Website hosting, CDN, security, DNS	IP address, basic request metadata, traffic patterns

We may also share information:

• To comply with a subpoena, court order, or other legal process; to respond to lawful government requests; or to protect the safety of any person or the security of the Service.
• In connection with a merger, acquisition, sale of assets, or bankruptcy. If that happens, we will notify you and any successor will be bound by this Privacy Policy unless you are given notice and an opportunity to withdraw consent.
• With your explicit consent.

4. AI providers and your conversations

Your conversations with the readers are sent in real time to our AI providers (currently Anthropic for language and ElevenLabs for voice) so the readers can generate responses. Our agreements with these providers prohibit them from using your data to train their AI models.

We do not use your individual conversations to train any AI model — ours or anyone else's. The "memory" the readers develop about you is stored in our own database, not in the AI model itself, and is deleted when you delete your account or the session it came from.

5. Cookies and similar technologies

We use a small number of cookies and similar storage mechanisms:

• Authentication cookies and tokens set by Supabase to keep you signed in.
• Local storage in your browser to remember an affiliate referral code (e.g., from a TikTok bio link) so we can attach it to your account on signup.
• Cloudflare may set security cookies for bot detection and DDoS protection.

We do not currently use third-party advertising cookies or cross-site tracking. If that changes, we will update this Policy and provide appropriate notice and choices.

6. Your rights and choices

Edit or delete your data

From the Settings page you can:

• Update your display name, birthday, intention, email, or password.
• Delete individual readings (transcripts and the memories extracted from them are removed).
• Delete your entire account, which permanently erases your profile, reading history, memories, and Stripe customer record.

You can also delete individual readings directly from your History page.

Opt-out of marketing

We do not currently send marketing email. If we begin doing so, every marketing email will include an unsubscribe link.

Sign out

You can sign out at any time using the Sign Out button in the corner of any signed-in page.

7. Data retention

We retain your data for as long as your account is active, and:

• When you delete an individual reading, the transcript and any memories tied to it are deleted immediately.
• When you delete your account, your profile, conversations, memories, and Stripe customer record are deleted. We may retain a small number of records (such as transaction records) for a limited period to comply with tax, anti-fraud, or other legal obligations.
• Backups may retain deleted data for a short additional period before being overwritten.

8. Security

We take reasonable technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) for all traffic between your browser and our servers.
• Encrypted password storage (hashing and salting handled by Supabase).
• Row-level security in our database so users cannot read each other's data.
• Secrets management for API keys (kept server-side and never exposed to client code).
• Restricted administrative access to production systems.

No security measure is perfect. We cannot guarantee absolute security. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

9. Children's privacy

Sixth Veil is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has registered, please contact us at hello@sixthveil.com and we will delete the account and any associated data.

10. International users

Sixth Veil is operated from the United States. If you access the Service from outside the United States, your data will be transferred to, processed in, and stored in the United States, where data-protection laws may differ from those of your country.

11. Virginia, California, and other state privacy rights

Virginia Consumer Data Protection Act (VCDPA)

If you are a Virginia resident, you have the right to:

• Confirm whether we process your personal data, and access that data.
• Correct inaccuracies in your personal data.
• Delete your personal data.
• Obtain a copy of your personal data in a portable, readily usable format.
• Opt out of the processing of your personal data for purposes of targeted advertising, sale, or certain profiling. (Note: we do not engage in any of these activities.)

California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and (if applicable) sell.
• Access and obtain a copy of your personal information.
• Delete your personal information.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of your personal information. (We do not sell or share personal information for cross-context behavioral advertising.)
• Limit the use and disclosure of sensitive personal information.
• Be free from discrimination for exercising any of these rights.

Other states

Residents of other US states with applicable privacy laws (such as Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, and others as they take effect) may have similar rights. We will honor verifiable consumer requests under those laws to the same extent we honor the rights above.

How to exercise these rights

Most rights can be exercised directly through the Settings page (view, edit, delete). For other requests — including data portability or opting out of profiling — email us at hello@sixthveil.com with the subject line "Privacy Request." We will respond within the timeframe required by applicable law (typically 45 days, extendable once for another 45 days if needed).

We may need to verify your identity before processing your request. If we deny your request, you may have the right to appeal — instructions will be included in our response.

12. GDPR / EEA / UK users

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (and the UK GDPR) may apply to our processing of your personal data. The legal bases on which we rely are:

• Contract: processing necessary to provide the Service you have signed up for.
• Legitimate interests: operating, securing, and improving the Service; preventing fraud and abuse. We balance these interests against your rights.
• Consent: for any optional processing you opt into.
• Legal obligations: compliance with law.

You have the rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with your local data-protection authority.

13. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. If we make material changes, we will provide reasonable notice (such as a notice within the Service or an email to the address on file) before the changes take effect. Your continued use of the Service after notice constitutes acceptance.

14. Contact

Questions, requests, or complaints regarding this Privacy Policy or our data practices? Email hello@sixthveil.com with the subject line "Privacy Request."