Skip to content
Vestara - Zhou Yi Market Analysis Platform
Vestara

Privacy Policy

Last updated: April 3, 2026

Vestara Cultural Research Group ("Vestara," "we," "us," or "our") operates the Vestara platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you register, we collect your email address. If you sign in via Google OAuth, we receive your name and email from Google; we do not access any other Google account data.

Birth Date

You provide your date of birth each time you run an analysis. This is used to compute your Four Pillars (Ba Zi), Five Elements (Wu Xing) profile, and Plum Blossom hexagram. Your birth date is stored alongside each analysis record so you can revisit results later.

Analysis History

We store the stock ticker, market type, company name, compatibility score, rating, and the full generated report associated with each analysis you run.

Payment Information

Payments are processed entirely by Stripe. We never receive or store your credit card number, CVV, or full card details. We retain only the Stripe session identifier, the amount paid, and the number of credits purchased for record-keeping purposes.

Usage Data

Our hosting provider (Cloudflare) may automatically collect standard server-level data such as IP addresses, request timestamps, browser user-agent strings, and referring URLs. This data is used for security, performance monitoring, and abuse prevention.

2. How We Use Your Information

  • Service delivery: To perform Zhou Yi compatibility analyses, which require your birth date and chosen stock ticker.
  • Payment processing: To create Stripe checkout sessions and maintain your credit balance.
  • Account management: To authenticate your sessions, store your analysis history, and enable features like report downloads.
  • Transactional communication: To send account confirmation and password-reset emails via our authentication provider.
  • Security & compliance: To detect and prevent fraud, abuse, or violations of our Terms of Service.

3. Data Storage and Security

  • User data is stored in a Supabase-managed PostgreSQL database with Row Level Security (RLS) enabled, ensuring that each user can only access their own data.
  • The application is hosted on Cloudflare Workers, which provides edge-level DDoS protection, TLS encryption, and a global CDN.
  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.

4. Third-Party Services

We rely on the following third-party services, each governed by their own privacy policies:

  • Supabase — Authentication and database hosting.
  • Stripe — Payment processing. Stripe's privacy policy is available at stripe.com/privacy.
  • Cloudflare — Application hosting, CDN, and security.
  • Finnhub — US stock market data. We send only stock ticker symbols; no personal data is shared.
  • EastMoney — Chinese A-share market data. We send only stock ticker symbols; no personal data is shared.
  • OpenAI-compatible API — AI report generation. We send anonymized analysis parameters (metaphysical data, financial metrics). No email addresses, user IDs, or payment data is transmitted.

5. Data Retention

  • Account & analysis data: Retained for as long as your account is active. You may request deletion at any time.
  • Payment records: Retained for a minimum period required by tax and financial regulations (typically 7 years).
  • Server logs: Managed and retained by Cloudflare per their data retention policies.

6. Your Rights

Depending on your jurisdiction (including under GDPR and CCPA), you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Delete your personal data ("right to be forgotten").
  • Port your data to another service in a structured, machine-readable format.
  • Object to or restrict certain processing of your data.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@vestara.cc.

7. Children's Privacy

Vestara is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes become effective immediately upon posting to this page. We encourage you to review this page periodically. Your continued use of Vestara after any changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at support@vestara.cc.

← Back to Home