SumiSumi

Privacy Policy

Last updated: April 1, 2026

1. Data Controller

Sumi is operated by Canopy Studio, a brand of Canopy Studio (GenGrowth Consulting Ltd). For any questions regarding your personal data, contact us at hello@bycanopy.app

2. Data We Collect

We collect the following personal data:

  • Account data: Email address (for authentication via magic link)
  • Profile data: Zodiac sign (optional, user-provided)
  • Usage data: Card collection, reading history, streak count
  • AI conversations: Messages exchanged with the Reader feature
  • Session data: Authentication cookies required for the service to function

3. How We Use Your Data

  • Provide and maintain the service
  • Personalize your tarot reading experience
  • Generate AI-powered reading interpretations
  • Track your collection and reading history
  • Improve the quality of our service

4. Third-Party Services

We use the following third-party services to operate Sumi:

  • Supabase — Database and authentication. Your data is stored securely with row-level security policies.
  • Anthropic (Claude AI)— Powers the Reader feature. Your conversation messages are sent to Anthropic's API to generate responses. Anthropic does not use API inputs to train their models.
  • Vercel — Hosting and content delivery.
  • Apple (App Store) — Subscription management for iOS users.

5. Cookies

Sumi uses strictly necessary cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics.

6. Data Retention

Your data is retained for as long as your account is active. Reading history and AI conversations are kept to provide you with a continuous experience. You may request deletion of your data at any time.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing of your personal data
  • Withdrawal — Withdraw consent at any time

To exercise any of these rights, contact us at hello@bycanopy.app

8. Data Security

We implement appropriate security measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS)
  • Row-level security on database access
  • Secure authentication via magic links (no passwords stored)
  • HttpOnly, Secure cookies with SameSite protection

9. Children's Privacy

Sumi is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy with a new effective date.

11. Contact

For any questions about this Privacy Policy or to exercise your data rights, contact: hello@bycanopy.app