Canonical: https://xunni.xyz/zh-CN/privacy

Privacy Policy (XunNi)

Last Updated: January 7, 2026

Language & Legal Authority
This English version is the only legally binding version of this Privacy Policy. Any translations are provided for reference only. In case of any inconsistency, the English version shall prevail. This Policy is governed by the laws of Japan.

Article 1 (General Provisions)

  1. This Privacy Policy (“Policy”) explains how Crealize LLC (“Company”, “we”) processes personal data of users (“User”, “you”) in relation to the XunNi service (“Service”).
  2. We recognize the importance of personal data protection and will follow the core principles required under applicable laws, including Japan’s APPI and, where applicable, the EU GDPR.
  3. By using the Service, you agree to this Policy. If you do not agree, you must stop using the Service.

Article 1A (Nature of Policy; No Third‑Party Beneficiary)

  1. This Policy describes our data processing practices. Except where mandatory law requires otherwise, it does not create obligations beyond applicable legal requirements.
  2. This Policy creates no third‑party beneficiary rights.

Article 2 (Scope of Data Collection; Data Minimization)

We follow a data minimization principle and collect only what is necessary to provide the Service. The Service is designed for de‑identified use and does not require real‑world identity.

  1. Data we may collect:
    • Birth‑related inputs: date of birth, time of birth, birthplace (used only for astrology/traditional calculations).
    • Nickname (pseudonym): chosen by you for UI display.
    • Preference data: your selected UI language/locale.
    • Login/account identifiers: third‑party platform user identifiers (e.g., Telegram/LINE/Google). If you choose Email login, we may process your email address for account identification.
    • Technical data: device type, OS/browser information, and necessary technical logs for security and stability.
  2. Data we do not collect:
    • Legal name, home address, personal phone number.
    • Government‑issued ID numbers.
    • Full payment card details (payments are processed by platforms; we do not store card numbers).
    • Third‑party passwords or one‑time verification codes (we never ask for your Telegram/LINE/Google/email password or OTP).

Article 3 (Purposes of Use)

We use collected data only for the following purposes:

  1. Service operation: generating personalized content (e.g., daily fortune, soul blueprint).
  2. UI localization: presenting the Service according to your language setting.
  3. Account maintenance: linking your account via your chosen login method to keep paid benefits and data synchronized.
  4. Legal compliance: fulfilling legal obligations or lawful requests from authorities/courts.

Article 3A (Legal Basis for Processing)

Where GDPR (or similar laws) applies, we may process personal data based on one or more of the following, depending on context:

  1. Contract necessity: to provide the Service, maintain login, and provide purchased digital benefits.
  2. Legitimate interests: to keep the Service secure and stable, detect abuse/fraud, operate and improve the Service (with reasonable balancing and risk mitigation).
  3. Legal obligation: to comply with applicable laws and lawful requests.
  4. Consent: where required, we will obtain consent; you may withdraw consent where legally permitted, which may affect certain features.

Article 4 (Storage, Processing, Cross‑Border Transfers)

  1. Storage: Data is stored on trusted cloud infrastructure used by the Company (e.g., Cloudflare-related services).
  2. Cross‑border processing: Cloud infrastructure may process data outside your country/region. We use reasonable encryption and security measures to protect data in transit.
  3. Retention (general rule): Unless otherwise required by law, data is retained while your account exists.
  4. Deletion & retention exceptions: Even if you request deletion, we may retain necessary data for a reasonable period to the extent permitted/required by law for:
    • Compliance (e.g., accounting/tax, authority requests, court orders)
    • Dispute handling/rights assertion or defense (e.g., refunds, payment disputes, abuse)
    • Security and anti‑fraud (e.g., preventing unauthorized access, attacks, spam)
    • Technical necessity (e.g., backups, disaster recovery, integrity) We will take reasonable steps to delete or de‑identify data once retention purposes are satisfied, where technically feasible.
  5. Backups: We may keep backups for reliability. Backup deletion may be delayed and may persist for a period until overwritten in normal backup cycles.

Article 5 (Sharing & Disclosure to Third Parties)

  1. No selling: We do not sell or rent your data.
  2. Limited disclosure: We disclose data only when:
    • You give explicit consent;
    • Required by law/court order;
    • Necessary to protect life, body, or property in emergencies; or
    • Necessary for outsourced processing (e.g., infrastructure maintenance) within a limited scope.
  3. Service providers (processors): We may use service providers for infrastructure, delivery, security, or technical operations. We reasonably require them to process data only to provide services and to apply appropriate safeguards; their practices may also be governed by their own policies and applicable laws.

Article 6 (Advertising & Third‑Party Content Disclaimer)

  1. The Service may include third‑party advertising. Ad providers may collect device data or cookies under their own policies. We do not provide birth‑related inputs to advertisers.
  2. Third‑party ad content compliance is the responsibility of the provider. If you encounter inappropriate ads, you may report them via our contact method and we will respond reasonably.

Article 7 (Your Rights)

Subject to applicable law, you may have rights including access, correction, deletion, and data portability.

We may request reasonable identity verification to prevent unauthorized access/deletion. To the extent permitted by law, we may refuse or limit requests that are manifestly unfounded, repetitive, excessive, or that may harm others’ rights or system security; where required, we will provide reasons and available remedies. We may also charge a reasonable fee where permitted (e.g., administrative cost) or request narrowing of scope to protect security and others’ rights.

Article 8 (Cookies & Technical Logs)

We use only necessary technical cookies/session records to maintain login and stability, and do not use cookies for cross‑site tracking or third‑party behavioral profiling.

For security and anti‑abuse, we may log necessary technical data (e.g., request time, error codes, device/browser type, IP address or partial IP, and anti‑abuse signals). Such logs are used only for security, fraud prevention, stability, and troubleshooting, with reasonable measures to reduce identification risk.

Article 9 (Children’s Privacy)

The Service is not designed for children under 13 (or the age defined by local law). We do not knowingly collect children’s data. If a parent/guardian believes a child provided data without consent, contact us.

Article 10 (Security)

  1. We use reasonable technical and organizational measures (HTTPS, access controls, infrastructure safeguards). However, no system is absolutely secure and we do not guarantee zero risk.
  2. If a security incident/data breach may affect users, we will investigate, mitigate, and notify as required by applicable law. Notice may be given via in‑Service announcements/prompts and/or email (if available).
  3. Notification timing/method may be limited by law, technical constraints, or investigative needs.

Article 11 (Changes & Notice)

We may update this Policy from time to time. Material changes will be announced in the Service and the “Last Updated” date will be revised.

Unless mandatory law requires otherwise, we may notify you via in‑Service notices/prompts and/or email (if available). Notice is deemed served upon posting or sending.

Article 12 (Contact & Jurisdiction)

  1. Contact: For privacy questions, contact [email protected].
  2. Governing law: Japan.
  3. Jurisdiction: Tokyo District Court as the exclusive court of first instance for disputes arising from this Policy.

(End of Privacy Policy)