Privacy Policy
Last updated: 2026-05-12 (analytics revision)
Sajuteller (“we”, “our”) provides a Saju (Four Pillars) reading experience for adults aged 18 or older. This page explains what personal information we collect, why, how long we keep it, and the rights you have under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
1. Information we collect
| Category | What it is | Where it lives |
|---|---|---|
| Visitor cookie | A random 32-character token (sj_visitor) set in your browser. Tied to no other identifier. | Your browser, plus a salted hash of the same value in our rate-limit store. Expires after 7 days. |
| IP address | The network address your request came from. | Used only in memory while we serve the request (rate-limit checks, abuse triage). We do not store the raw IP. For DSAR requests we keep a salted hash so we can recognise repeat submitters. |
| Birth details | Optional display name, birth date, birth time, birth city, calendar type (solar / lunar), gender. | Sent to our server only to compute your chart and immediately returned. Not stored on our servers — kept in your browser’s session storage on your device. |
| Usage / dwell statistics | Page name, time spent on it, and a one-way hash derived from your visitor cookie. Alongside each row we record: which A/B variant you saw (used to compare two versions of our copy), your device class (mobile / tablet / desktop, derived from your browser’s user-agent), your country (the 2-letter code from Cloudflare, never the city), whether you are a returning visitor (boolean based on the visitor cookie), the host name of the page that referred you (e.g. google.com — never the search query or full URL), and any utm_source / utm_medium / utm_campaign tags present in the URL we sent you. | Our analytics table. Deleted after 7 days by an automated sweep. |
| Conversation messages | The follow-up questions you type into the AI chat and the assistant’s replies. | Processed in memory by an LLM we host. Not persisted — no chat-log table, no LLM provider log retention. |
| Privacy requests | If you use the privacy request form or email [email protected]: your email, the kind of request, your description, and a salted hash of your IP. | Our admin queue. Retained for our records of having fulfilled the request (see Section 3). |
2. How we use it
- To compute and present your Saju reading (chart calculation happens on our server but is not stored).
- To prevent abuse and rate-limit traffic (security purpose under CCPA 1798.140(e)(2)).
- To improve product quality through anonymous usage statistics.
- To respond to your AI counseling questions (the LLM runs on infrastructure we control; no third-party AI vendor receives your input).
2a. AI-generated content
Sajuteller uses a large language model (LLM) to compose narrative interpretations and to answer your follow-up questions. You should treat AI-generated output with the following understanding:
- Output may be inaccurate. LLMs can fabricate facts, misinterpret your input, or produce inconsistent answers for similar questions. We do not guarantee accuracy.
- It is not professional advice. AI output is not a substitute for medical, mental-health, legal, financial, tax, spiritual, or other licensed professional guidance.
- It is not a prediction. Statements about future events, relationships, prosperity, or health are interpretive narratives, not forecasts.
- It is generated, not curated. No human reviews each output before it reaches you.
- The model may evolve. We may update or change the model behind the service, which can change tone and content of future answers.
- Your input shapes the answer. The LLM sees the structured Saju chart we computed and the messages you send. Do not submit information you would not want processed by a software system you control.
3. Retention
- Visitor cookie + usage statistics: 7 days. An automated sweep deletes rows older than 7 days every hour. The cookie itself in your browser also expires after 7 days.
- Birth details and conversation messages: not stored on our servers. Birth details remain in your browser; chat messages are processed in memory only.
- Privacy / DSAR request records: retained as long as we are legally obligated to keep proof of fulfilment. We do not store the raw IP — only a salted hash — and we remove the off-band processing copy as soon as the request is marked resolved or rejected.
4. Sharing and sale
We do not sell or share your personal information as defined under the CCPA/CPRA. You can review and exercise this preference at Do Not Sell or Share My Personal Information.
5. Your rights (California residents)
- Right to know what we collect and how we use it.
- Right to delete personal information we hold (subject to security exceptions).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing (we do neither, but you can confirm at the link above).
- Right to non-discrimination for exercising any of the above.
To exercise any of these rights you have two options:
- Web form (fastest): /privacy/request. Requests submitted this way are queued in our admin console and a human reviews them.
- Email:
[email protected]. Inbound mail is delivered via Cloudflare Email Routing to a reviewed inbox and logged in the same admin console.
Either route lands in the same queue. We respond within 45 days as required by CCPA 1798.130. To verify your identity, our reply may ask for additional information that lets us match the request to a record we hold (for example, the approximate date / device you used).
6. Security exception
For fraud and abuse prevention (CCPA 1798.105(d)(2)), we may decline a deletion request when honoring it would defeat an active security defence. In that case we say so and explain why.
7. Children
Sajuteller is intended for adults 18 or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has used the service, contact us and we will remove the data.
8. Changes
We will update this page when our practices change and post the new “last updated” date at the top.
9. Governing law
We have chosen California law as the governing law for Sajuteller. We process personal information of California residents under the CCPA / CPRA as described above. Our operating address is in Seoul, Republic of Korea, but we have voluntarily aligned our privacy practices with California standards because they are among the strictest applicable to our user base.
10. Contact
Sajuteller · [email protected]
Operating address: Seoul, Republic of Korea
This document is a working draft modeled on conventions seen in major consumer apps. A California-licensed attorney will review it before public launch.