Privacy Policy

Katoptron / Ezrael Noetikos — operated by Anavotech

Effective date: 1 April 2026 · Last updated: 14 April 2026

This policy describes how Anavotech ("we", "us") collects, uses, stores, and protects your personal data when you access or use the Katoptron oracle service at katoptron.guru ("the Service"). It applies to all users worldwide, with specific provisions for residents of the European Economic Area (GDPR) and Brazil (LGPD).

1. Data Controller

The data controller is Anavotech, reachable at hierophant@katoptron.guru. For data protection inquiries, use the same address.

2. Data We Collect

• Account data: username, hashed password, email address.
• Waitlist data: name, email, phone number, hermetic background (if provided), tier interest, language preference, and your explicit consent record with timestamp.
• Session data: conversation history, session identifiers, timestamps, IP address (server logs).
• Usage data: AI interaction logs, feature use (Tarot draws, ritual requests), behavioral patterns for personalization.
• Technical data: browser type, device type, referral source (standard server logs).
• Cookie data: session cookies (essential, no advertising trackers).

3. Purpose and Legal Basis

• Service delivery — to authenticate you, maintain your session, and deliver AI responses. Legal basis: contract performance (GDPR Art. 6(1)(b)).
• Personalization — to build the Hermetic Memory system that preserves context across sessions. Legal basis: legitimate interest (GDPR Art. 6(1)(f)) and your implicit consent through use.
• Waitlist management — to contact you when your tier becomes available. Legal basis: your explicit consent (GDPR Art. 6(1)(a); LGPD Art. 7, I).
• Security and fraud prevention — to detect abuse. Legal basis: legitimate interest.

4. Data Retention

• Account data: retained until you request deletion.
• Conversation history: retained for the life of your account, used for memory continuity.
• Waitlist entries: retained until the waitlist closes or you request removal.
• Server logs (IP): rotated after 30 days.

5. Third-Party Processors

We share data with the following processors under data processing agreements:

• Anthropic — AI inference (conversation content processed; not retained beyond the request per their API policy).
• Google Cloud — Text-to-speech, Cloud Storage (audio files), hosted in the EU/US.
• Supabase — Database (user accounts, sessions, waitlist), hosted in the EU.
• Hetzner Online GmbH — VPS hosting (Germany, EU).

We do not sell, rent, or share your data with any advertising platform or data broker.

6. International Transfers

Some processors operate in the United States. Transfers are covered by Standard Contractual Clauses (SCCs) as required under GDPR Chapter V. Supabase and Hetzner process data within the EU.

7. Your Rights

Depending on your jurisdiction, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure ("right to be forgotten") — request deletion of your account and data.
• Portability — receive your conversation history in a machine-readable format.
• Objection — object to processing based on legitimate interest.
• Restriction — request that we limit processing while a dispute is resolved.
• Withdraw consent — at any time, without affecting prior lawful processing.

To exercise any right, write to hierophant@katoptron.guru. We respond within 30 days. EEA residents may also lodge a complaint with their national supervisory authority. Brazilian residents may contact the ANPD.

8. Cookies

We use only essential session cookies to authenticate your account and maintain your session state. No tracking pixels, no advertising cookies, no third-party scripts beyond Google Fonts (loaded from your browser). You can disable cookies in your browser but the Service will not function without session cookies.

9. Children

The Service is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has registered, contact us for immediate deletion.

10. Security

Passwords are stored as cryptographic hashes. All data is transmitted over HTTPS. Access to production systems is restricted and logged. We conduct periodic security reviews.

11. Changes to This Policy

We may update this policy. Material changes will be announced at the top of this page with a new effective date. Continued use after the effective date constitutes acceptance.

12. Contact

All privacy inquiries: hierophant@katoptron.guru
Response time: within 5 business days for routine inquiries, 30 days for formal rights requests.

---

This policy is provided in English as the governing version. Translations in Portuguese and Spanish are provided for convenience only.