Privacy Policy
GuoXue · guoxue.app
- Effective:
- 2026-04-24
- Last updated:
- 2026-05-26
This Privacy Policy (the “Policy”) governs the website guoxue.app and its subdomains (the “Service”) operated by Eaglewood Japan Co., Ltd. (恒林日本株式会社) (“we”, “us”, “our”). This Policy does NOT apply to our separately published iOS applications (QiMen, BaZi, ZiWei, SixYao, MeiHua), each of which has its own privacy policy.
By using the Service you confirm you have read, understood, and agreed to the practices described in this Policy. If you do not agree, please stop using the Service.
1. Basic Information
- Operator: Eaglewood Japan Co., Ltd. (恒林日本株式会社)
- Registered office: 872-19 Tokaichiba-cho, Midori-ku, Yokohama-shi, Kanagawa 226-0025, Japan
- Incorporated: 12 May 2022
- Capital: JPY 5,000,000
- Representative Director: Sasaki Hiroshi (佐々木浩)
- Scope: the website guoxue.app and its API subdomain (api.guoxue.app)
- Corporate general contact: contact@eaglewoodjp.com
- Service (guoxue.app) contact: contact@guoxue.app
- Privacy contact: privacy@guoxue.app
2. Information We Collect
2.1 Information You Provide
- Account: your email address (required for first-time magic-link email verification). If you choose to enable password sign-in from /account, we additionally store a PBKDF2-SHA256 hash of your password (with a random per-user salt, 100,000 iterations). We never store the plaintext password and cannot recover it. The hash is deleted immediately if you disable password sign-in.
- User input: birth date/time (solar or lunar), place of birth, name (optional), and gender. This is required to generate the chart you request.
- Subscription and payment metadata: Stripe customer ID (`cus_xxx`), plan, status, invoice identifiers. We do NOT see or store card numbers or CVVs — these are handled directly by Stripe, Inc.
- AI interaction history: the chart you query, the question you ask, and the AI-generated interpretation. Used to render results, cache identical requests, meter costs, and improve the Service.
2.2 Automatically Collected Information
- Session cookie: `gx_session` (HttpOnly, Secure, SameSite=Lax, sliding 30-day expiry). Used solely to keep you signed in. Not used for cross-site tracking.
- Access logs: IP address, User Agent, request timestamp, path, response status. Collected via Cloudflare, retained for 30 days by default, used for security and abuse prevention.
- Page-view records (signed-in users only): user ID, session ID, page path (query strings and hash fragments stripped), visit timestamp, dwell time in milliseconds. Used to improve product experience and funnel analytics. We do NOT store IP address, User-Agent, device fingerprint, or any cross-site identifier. To request deletion, contact privacy@guoxue.app.
- Daily almanac email subscription (you must opt in by entering your email): email address, language preference, frequency, subscription timestamp, last-sent timestamp, unsubscribe timestamp, and an opaque one-click-unsubscribe token. Used only to send the daily almanac email. Every message carries a 1-click unsubscribe link and an RFC 8058 List-Unsubscribe header. We do not share your email with any third party.
We do NOT set any advertising or analytics cookies. We do NOT integrate Google Analytics, Meta Pixel, TikTok Pixel, or any similar third-party tracker.
3. How We Use Your Information
- Account authentication: sending one-time magic-link sign-in emails.
- Core service: performing portions of chart computation server-side; saving the charts you choose to save.
- AI interpretation: sending chart data and your questions to the Anthropic API (Claude AI) to generate interpretations. Without your explicit consent, we do not use identifiable chart data to train AI models, disclose it to third parties, or use it beyond the stated scope.
- Payment and subscription management: processing payments, managing subscription status, issuing invoices (via Stripe).
- Transactional email: sending magic links, subscription confirmations, and purchase receipts (via Resend). Non-subscribers receive no marketing email.
- Security & abuse prevention: Cloudflare WAF, rate limiting, Bot Fight Mode.
- Compliance: retaining transactional records as required by the Japanese Companies Act, the Corporation Tax Act, and the Consumption Tax Act.
- Profiling and automated decision-making: we do not perform profiling on your personal information. Specifically, we do not use your chart data, AI interaction history, usage behaviour, or similar data to perform individual-trait analysis, behavioural prediction, scoring, segmentation, or any other form of automated evaluation of you. We do not use your data for any form of automated decision-making, including but not limited to decisions that produce legal effects or similarly significant effects on you (such as credit, employment, insurance, or healthcare). Every AI interpretation is generated solely from the chart information you submit in that session; we do not perform cross-session or cross-user correlation analysis, nor do we use it to train commercial models. If our service model changes in the future and we need to introduce profiling or automated decision-making, we will notify you in advance by email and obtain your separate, explicit consent.
4. Subprocessors
We rely on the following trusted third parties. Each is governed by its own privacy policy and contractual commitments:
| Subprocessor | Purpose | Data location | Privacy policy |
|---|---|---|---|
| Cloudflare, Inc. | Workers / D1 database / KV / CDN / WAF | Global (primarily APAC) | https://www.cloudflare.com/privacypolicy/ |
| Stripe, Inc. | Payment processing | United States | https://stripe.com/privacy |
| Anthropic PBC | AI interpretation (Claude API) | United States | https://www.anthropic.com/legal/privacy |
| Resend | Transactional email | United States | https://resend.com/legal/privacy-policy |
5. Retention
- Account data: kept until you delete or close your account.
- Subscription and payment records: retained for 7 years, as required by the Japanese Companies Act, the Corporation Tax Act, and the Consumption Tax Act.
- Saved charts: kept until you delete them.
- Access logs: 30 days (Cloudflare default).
- AI cache: 90-day rolling retention (hashed lookup avoids redundant API calls); purged on expiry.
6. Your Rights
Under Japan's Act on the Protection of Personal Information ("APPI") and other applicable laws, you have the following rights:
- Access — view everything we hold about you via account settings.
- Correction — edit your profile directly in account settings.
- Deletion — the “Permanently delete account” flow irreversibly erases charts, AI history, and sessions. Subscription and invoice records we must keep by law are excluded.
- Portability — export your data as JSON via account settings.
- Withdraw consent — unsubscribe at any time; paying members can cancel at any time via the Stripe Customer Portal.
- Lodge a complaint — with Japan’s Personal Information Protection Commission (PPC) or your local data-protection authority.
To exercise these rights, sign in and use the self-service tools, or email privacy@guoxue.app. We will respond within a reasonable period, generally within 30 days.
7. Cookies
- Necessary cookie: `gx_session` — the session token. Sign-in is impossible without it.
- We do not set advertising, analytics, or any third-party tracking cookies.
- You may disable cookies in your browser settings, but you will then be unable to sign in.
8. International Transfers
- Our servers run primarily on Cloudflare’s APAC region.
- Anthropic API and Stripe are located in the United States.
- Resend’s email infrastructure is located in the United States.
- By using the Service you consent to the international transfers necessary to provide it, including to jurisdictions that may offer less stringent data-protection standards than yours.
9. Children
The Service is intended for adults aged 18 or over, as its content discusses marriage, finances, and other adult topics. We do not knowingly collect personal information from minors. If we learn that a registered user is under 18 we will delete the account promptly.
10. Security
- Transport: TLS 1.3 site-wide.
- At-rest: Cloudflare D1 and KV are encrypted at the storage layer.
- Passwords: sign-in is primarily via one-time magic links. If you opt into password sign-in we store only a PBKDF2-SHA256 hash (with a random per-user salt, 100,000 iterations) — never the plaintext, and the hash cannot be reversed. Five consecutive wrong-password attempts trigger a 30-minute lockout on the account.
- Sessions: HttpOnly + Secure + SameSite=Lax + 30-day sliding expiry. Resetting or changing your password forcibly signs out every other device.
- Rate limits: 5 magic-link requests per minute per IP, 3 per hour per email; password sign-in 10 per minute per IP, 20 per hour per email; AI calls limited to 2 per minute per user.
- Cost hard cap: $8 per user per month (MTD) to prevent runaway billing from abusive usage.
Although we employ industry-standard safeguards, no system transmitted over the Internet is 100% secure. In the event of a breach affecting your rights, we will notify you and the relevant authority as required by law.
11. Changes to This Policy
Material changes will be announced by email to registered users and via a banner on your next sign-in. Minor edits will only update this page and the “Last updated” date above.
12. Contact & Complaints
- Privacy inquiries: privacy@guoxue.app
- General inquiries: contact@guoxue.app
- Corporate matters: contact@eaglewoodjp.com
- Supervisory authority: Personal Information Protection Commission, Japan (https://www.ppc.go.jp/)
13. Language
This Policy is published in Simplified Chinese, Traditional Chinese, English, and Japanese. All versions are intended to convey the same meaning; in case of ambiguity, the Simplified Chinese version prevails.