← Back to Moonlit Oracle
Privacy Policy
Last updated: March 26, 2026
Hundred Core ("we," "us," or "our") operates the Moonlit Oracle mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this policy carefully. By using the App, you agree to the practices described herein.
1. Information We Collect
1.1 Information You Provide
- Google Account (Optional) — If you sign in with Google via Hundred Core unified account, we collect your email address and display name for cross-app account linking and cloud backup. Stored securely in Firebase Authentication and Firestore.
- Birth Date & Time — Used solely for elemental profile (Four Pillars / Saju) readings. Stored locally on your device and optionally backed up to your cloud account.
- Palm Images — Camera photos submitted for AI palm reading. Processed in real-time via a third-party AI API and never stored on our servers. Images are discarded immediately after the reading is generated.
- Persona Preferences — Your selected AI persona (Nox the Oracle, Selene the Velvet Witch, or Nova the Cosmic Chaos Agent). Stored locally on your device.
- Reading History — Past tarot readings and fortune results. Stored locally and optionally synced to your cloud account for cross-device access.
1.2 Information Collected Automatically
- Device Information — Device model, operating system version, and unique device identifiers for crash reporting and analytics.
- Usage Data — Feature usage frequency, session duration, and screen views collected through Firebase Analytics.
- Advertising ID — Collected by Google AdMob for personalized or non-personalized ad delivery, subject to your consent where required by law.
1.3 Information We Do NOT Collect
- Location data (GPS, IP-based geolocation)
- Contacts, call logs, or messages
- Financial or payment information (handled entirely by Google Play / Apple App Store)
- Biometric data (palm images are processed in-memory only, not stored)
Note: Account registration is optional. The App can be used fully without signing in. If you choose to sign in with Google, only the email address associated with your Google account is collected for account linking purposes.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|
| Generate fortune readings | Birth date, palm image | Performance of service |
| Hundred Core unified account | Google email (optional) | Consent |
| Cloud backup & cross-device sync | Reading history, preferences | Consent |
| Save preferences locally | Persona selection, settings | Legitimate interest |
| Improve the App | Usage analytics (aggregated) | Legitimate interest |
| Display advertisements | Advertising ID | Consent (where required) |
| Crash reporting | Device info, crash logs | Legitimate interest |
3. AI-Generated Content Disclosure
All fortune readings, tarot interpretations, palm analyses, and elemental profiles provided by the App are generated by artificial intelligence (AI) and are intended for entertainment purposes only. They do not constitute professional advice of any kind, including but not limited to medical, financial, legal, or psychological advice.
We do not guarantee the accuracy, completeness, or reliability of any AI-generated content. Users should exercise their own judgment and consult qualified professionals for important life decisions.
4. Third-Party Services
We use the following third-party services that may collect information:
- Firebase Authentication (Google LLC) — Google Sign-In for Hundred Core unified account. Collects email and display name upon user consent. Firebase Privacy Policy
- Firebase Firestore (Google LLC) — Cloud storage for account-linked reading history and preferences backup.
- Firebase Analytics & Crashlytics (Google LLC) — App analytics and crash reporting.
- Firebase Remote Config (Google LLC) — App configuration management. No personal data is transmitted.
- Google AdMob (Google LLC) — Advertisement delivery. Google Privacy Policy
- OpenRouter / AI API Providers — AI model inference for generating readings (Gemini 2.0 Flash primary, Claude Haiku/Sonnet fallback). Only the text of your query (not personal identifiers) is sent to AI providers. OpenRouter Privacy Policy
5. Data Storage & Security
- Local Storage — Birth date, persona preferences, and reading history are stored on your device using encrypted local storage (Hive).
- Cloud Storage (Optional) — If you sign in with a Hundred Core unified account, your reading history and preferences may be backed up to Firebase Firestore for cross-device sync. This data is associated with your account email and secured by Firebase security rules.
- Transmission Security — All data transmitted to Firebase and third-party AI services uses HTTPS/TLS encryption.
- Share Card — When you share a reading result, the App generates a static image (1080×1920) containing only the reading summary and your selected persona. No personal information is included in shared images.
6. Data Retention
- Local Data — Retained on your device until you clear the App data or uninstall the App.
- Palm Images — Processed in memory only; never written to disk or transmitted beyond the AI inference call.
- Analytics Data — Retained by Firebase for up to 14 months per Google's default retention policy.
7. Your Rights
Depending on your jurisdiction (including but not limited to the EU/EEA under GDPR, California under CCPA, South Korea under PIPA, and Japan under APPI), you may have the right to:
- Access — Request a copy of data we hold about you.
- Deletion — Request deletion of your data. Since all personal data is stored locally on your device, you can delete it at any time by clearing App data or uninstalling.
- Opt-Out of Personalized Ads — You can opt out via your device settings (Settings > Privacy > Advertising) or through the in-app consent dialog.
- Data Portability — Request your data in a structured, machine-readable format.
- Withdraw Consent — Where processing is based on consent, you may withdraw it at any time.
To exercise these rights, contact us at osu355@gmail.com.
8. Children's Privacy
The App is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete such information.
9. International Data Transfers
Your data may be processed by third-party AI service providers located outside your country of residence (including the United States). By using the App, you consent to such transfers. We ensure that appropriate safeguards are in place, including standard contractual clauses where applicable.
10. Advertising
The App displays advertisements served by Google AdMob. You may see personalized or non-personalized ads based on your consent preference. You can change your ad preference at any time through the App settings or your device's advertising settings.
For users in the EU/EEA, we obtain explicit consent before serving personalized advertisements, in compliance with GDPR and the ePrivacy Directive.
11. In-App Purchases
The App offers optional in-app purchases processed entirely by Google Play Store or Apple App Store. We do not collect, process, or store any payment information. Please refer to Google's or Apple's privacy policies for payment data handling.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the App after such changes constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact:
Hundred Core
Email: osu355@gmail.com
Developer: Kim Ho-young
14. Jurisdiction-Specific Provisions
For South Korean Users (PIPA)
In accordance with the Personal Information Protection Act (PIPA), we appoint the following as our Privacy Officer:
Name: Kim Ho-young
Email: osu355@gmail.com
You may file complaints with the Personal Information Protection Commission (PIPC) or the Korea Internet & Security Agency (KISA).
For EU/EEA Users (GDPR)
Our legal basis for processing is outlined in Section 2. You have the right to lodge a complaint with your local Data Protection Authority. As we do not have an EU establishment, we process data based on your explicit consent or the necessity to provide our service.
For California Users (CCPA)
We do not sell personal information. You have the right to know what personal information we collect and to request its deletion. To make a request, email osu355@gmail.com.