Esoteia

Legal

Privacy Policy

Last updated: 14 June 2026

Esoteia is built to be quiet with your data. The short version: the things you put into the app, your name, your birth date, the people you save, stay on your device. They are not uploaded to our servers, we do not sell them, and we do not use them to follow you around the internet or track you across other companies' apps. A small amount of data leaves your device only to run specific features, above all the AI "Ask" feature, and this Policy explains exactly what and when. It also explains how ESOTEIA SRL ("Esoteia", "we", "us") collects, uses, stores, shares, and protects your personal data across the Esoteia app, our website, and our support channels (together, the "Services"). ESOTEIA SRL is a company registered in the Republic of Moldova, and it is the data controller responsible for your personal data.

We have written it to be specific and honest: clear about what stays on your device, what leaves it, and which service providers help us run the parts that do. If anything here is unclear, reach us at support@esoteia.com.

Who we are and how to contact us

ESOTEIA SRL is the data controller responsible for your personal data. It is a limited liability company (Societate cu Raspundere Limitata) registered in the Republic of Moldova.

  • Controller: ESOTEIA SRL
  • Registered address: str. Cărămidarilor 47, MD-2023, mun. Chișinău, Republic of Moldova
  • Company registration number (IDNO): 1024600083598
  • Privacy contact: support@esoteia.com

If you have any questions about this Policy or about how we handle your personal data, or if you wish to exercise any of your rights, please contact us at support@esoteia.com. This is a monitored address, and it is the contact point for all privacy matters, including requests from individuals and from supervisory authorities.

Data Protection Officer

We have assessed whether we are required to appoint a Data Protection Officer under Article 37 of the EU General Data Protection Regulation (GDPR). Based on the nature and scale of our processing at launch, we do not believe a Data Protection Officer is mandatory, and we have not appointed one. The contact point for all privacy matters remains support@esoteia.com. We keep this assessment on file and will revisit it as the Services grow.

Our representative in the EU and the UK

ESOTEIA SRL is established outside the European Union and the United Kingdom, but it offers the Services to, and may monitor the behaviour of, individuals located in the EU, the European Economic Area (EEA), and the UK. Data protection law therefore requires us to designate a representative in the EU under Article 27 of the EU GDPR and a separate representative in the UK under Article 27 of the UK GDPR.

The appointment of our EU representative and our UK representative is being finalised. Before we make the Services available to individuals in the EU, the EEA, and the UK, we will publish here each representative's name or organisation, full postal address, and a direct contact method, so that you and the supervisory authorities can contact them. Until then, you can reach us for all privacy matters at support@esoteia.com.

Scope of this Policy

This Policy applies to:

  • The Esoteia mobile application for iOS and Android.
  • Any Esoteia website we operate, including pages that host this Policy, our Terms, and support information.
  • Our support channels, including email to support@esoteia.com.

The App is a numerology consultation tool. You open it with a question or a decision in mind and receive readings grounded in numerology numbers calculated from the birth and name information you provide.

How the App works matters to your privacy

The App runs mainly on your own device. The personal data you enter, your profile, your saved people, and the numerology numbers computed from them, is stored on your device and is not uploaded to our servers. A limited set of data leaves your device only to run specific features: above all the AI "Ask" feature, which sends your question and the relevant numerology numbers to an AI text provider through our backend; a small usage counter that enforces free-tier limits; your subscription status through the app stores; a notification token if you enable notifications; and your support correspondence. Accounts, sign-in, and cross-device synchronisation are not part of this version of the App; if we add them, we will update this Policy and ask for any consent the law requires before that processing begins. Where this Policy describes data leaving your device, it says so explicitly.

This Policy does not cover third-party services that are not operated by us, such as the Apple App Store or Google Play, which have their own privacy policies.

The personal data we collect

We collect and process the following categories of personal data.

Data you provide directly

About you (your profile). Your first name, and optionally your middle name and last name, from which we derive a display name and a full name used for numerology calculations; your date of birth; optionally your time of birth and your place or location of birth; and your language, display, and numerology-scale preferences. Your time and place of birth are optional: you can use the App fully without providing them.

Numerology numbers about you. From your name and date of birth, the App computes a set of numerology identifiers (for example your life path, destiny, soul urge, personality, birthday, and maturity numbers). These are derived from the data you provide.

Information about other people you choose to save ("saved people"). The App lets you create records for other individuals so you can run readings for them. For each saved person you may enter a first name, and optionally a middle name, last name, date of birth, time of birth, place of birth, your relationship to them (for example partner, child, sibling, parent, friend, colleague, or other), and a colour used to label their card. From this information the App computes numerology and cycle numbers for that person in the same way as for you. Please read the section Information about other people below, which explains your responsibilities and the rights of those people.

Questions and messages you send to in-app features. If you use the App's question or chat features, we process the text you write, any titles you give to your conversation threads, and the saved people you reference for context. When you use the AI "Ask" feature described below, the content you submit is sent through our backend to an AI text provider to generate a response.

Support correspondence. If you contact us at support@esoteia.com, we process your email address, the content of your message, and any information you choose to include, so that we can respond.

Data collected automatically

Usage and feature data. The App keeps lightweight counters and flags so that free-tier limits and the basic experience work correctly, for example the date and count of your daily checks, monthly counts of questions and conversation threads, onboarding status, and whether you have dismissed certain one-time prompts. This information is stored on your device. A small usage counter is also kept on our servers, tied to your device's anonymous identifier, so that free-tier limits can be enforced for features that run through our backend, such as the AI "Ask" feature.

Device and diagnostic data. This version of the App does not use a third-party analytics or crash-reporting provider, and it does not send usage events or crash diagnostics off your device. If we add analytics or crash reporting in future to understand usage and to detect and fix faults, we will describe it here first, and any non-essential analytics will be subject to your consent in the EU, EEA, and UK before it collects anything.

Push notification token. If you allow notifications, the operating system issues a push notification token for your device installation. The token is sent to our backend so that we can deliver the server-scheduled notifications you have opted into, and the platform notification services deliver them to your device.

Identifiers. On first launch, the App generates a random anonymous identifier (a UUID) for your installation. This lets the App work without requiring an account, and it serves as the key for the small usage counter that enforces free-tier limits for features that run through our backend. This version of the App has no account sign-in, so no sign-in identifier is collected.

Subscription status. If you purchase a subscription, we process information about your entitlement, such as whether you have an active paid subscription, the plan type, and the next renewal date. Your actual payment is handled by Apple or Google; we do not receive or store your card or bank details.

Data we do not collect

We do not collect your precise location, your contacts, your photos, your microphone or audio, your camera, or other device-sensor data. The App asks only for the information described above.

No tracking and no sale of your data

We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

The App does not track you across other companies' apps and websites. It does not use the device advertising identifier (such as Apple's IDFA), it does not display an App Tracking Transparency prompt, and it does not link your activity with data collected by other companies for advertising. We do not include advertising software development kits in the App. If this ever changes, we will update this Policy, request any consent the law requires, and present the App Tracking Transparency prompt on iOS before any such tracking occurs.

Information about other people (saved people)

The App allows you to enter and store personal data about other individuals so that you can run readings for them. This is a real and important part of how the App works, and it carries responsibilities for you.

When you add information about anyone other than yourself, you are responsible for that data. You confirm that you have a valid lawful basis and any necessary rights, consent, or authority to provide that person's information to us and to have it processed for the purposes of the App. Where the law requires it, this includes obtaining the person's consent and giving them any notice the law requires.

You agree to use saved-people information only for personal, private reflection and entertainment, and not to profile, screen, or make any decision about another person concerning employment, insurance, credit, housing, healthcare, legal matters, or any other consequential matter. Do not add information about a child unless you are that child's parent or legal guardian, or otherwise have lawful authority to do so.

If you are a person whose data was entered by someone else

If another user of the App has entered your personal data as a saved person, this is what you should know. The information held is limited to a name and, optionally, a date of birth, time of birth, place of birth, a relationship label, and a colour label, together with the numerology numbers calculated from it. The source of that data is the user who entered it, and that user decides to add it for their own personal reflection and entertainment. The user can delete it within the App at any time. If you want that data removed and you cannot reach the user, or if you wish to object to the processing or exercise any other right, contact us at support@esoteia.com and we will help, including by assisting the user to delete it or by acting where we are able to.

Purposes of processing and the lawful bases we rely on

Under the GDPR and the UK GDPR, we must have a lawful basis for each purpose for which we process your personal data. The purposes and bases are set out below.

  • To provide the App and deliver your readings. We process your profile, your name and birth information, your saved people, your questions and threads, and the numerology numbers computed from them in order to provide the core service you requested. Lawful basis: performance of a contract with you (Article 6(1)(b)).
  • To store information you enter about other people. We process saved-people data so you can run readings for them. Lawful basis: our legitimate interests and yours in providing this feature (Article 6(1)(f)), with you responsible for the lawful basis to provide that data as described above. We provide a way to delete this data at any time.
  • To manage your subscription and process entitlements. When you subscribe, we process your subscription status and related information to give you access to paid features. The payment itself is processed by Apple or Google. Lawful basis: performance of a contract with you (Article 6(1)(b)), and compliance with our legal obligations such as tax and accounting record-keeping (Article 6(1)(c)).
  • To send you notifications. If you opt in, we use notifications to send reminders and updates. Lawful basis: your consent (Article 6(1)(a)), which you can withdraw at any time through your device settings. Notifications strictly necessary to deliver a service you requested may instead rely on performance of a contract.
  • Analytics (not enabled in this version). This version of the App does not run third-party analytics. If we add analytics in future, we will rely on your consent for non-essential analytics in the EU, EEA, and UK (Article 6(1)(a)) and describe it here first.
  • Crash reporting (not enabled in this version). This version of the App does not run third-party crash reporting. If we add it in future to detect and fix faults and protect the Services, the lawful basis will be our legitimate interests in the security and reliability of the App (Article 6(1)(f)), described here first.
  • To generate AI text in the "Ask" feature. When you use the "Ask" feature, we process the content you submit to generate a response through an AI text provider. Lawful basis: performance of a contract with you to deliver the feature you requested (Article 6(1)(b)).
  • To provide support. We process your correspondence to answer your questions and resolve issues. Lawful basis: our legitimate interests in supporting our users (Article 6(1)(f)), and performance of a contract where the request relates to the service.
  • To comply with the law and protect our rights. We may process personal data where necessary to comply with legal obligations or to establish, exercise, or defend legal claims. Lawful basis: compliance with a legal obligation (Article 6(1)(c)) and our legitimate interests (Article 6(1)(f)).

Where we rely on legitimate interests, we have weighed our interests against your rights and freedoms. You can ask us for more information about that balancing assessment at support@esoteia.com.

Special categories of data

We do not intentionally collect special categories of personal data, such as data about health, religious or philosophical beliefs, or sexual orientation. Numerology numbers derived from your name and date of birth are not special-category data, and we do not use them to infer or record such information. The question and chat features are free-form, so please do not type special-category information into them. We do not use the content of your questions to infer or record special categories of data about you. The AI text provider does not use the content you submit through the "Ask" feature to train its models, and we will not enable any such training use without disclosing it here first.

How and where your data is stored

On your device. The personal data you enter, the numerology numbers computed from it, your saved people, your questions and threads, your usage counters, and your subscription status are stored on your device using the device's on-device storage, so that the App works quickly and offline.

What reaches our servers. We do not upload your profile, your saved people, or your numerology numbers to our servers in this version of the App. The only personal data that reaches our backend is what specific features need to run: the content of your "Ask" questions and the numerology numbers for the subject (sent on to an AI text provider to generate a response), a small usage counter tied to your device's anonymous identifier, and, if you enable notifications, your notification token. Our servers and processors are located in the locations described in the section on international transfers, and the safeguards set out there apply.

Payments and notifications. Certain data also leaves your device through the platforms you use. Subscription purchases are processed by Apple or Google through their in-app purchase systems. Push notification tokens are issued by the operating system's notification service and used to deliver notifications you have opted into. These flows are governed by the relevant platform's own privacy policy.

Sharing your data with service providers

We do not sell your personal data, and we do not share it for cross-context behavioural advertising. We share personal data only with service providers (processors) that help us operate the Services, and only as needed for them to perform their function. The providers below are the ones we use.

  • Apple and Google. As the operators of the App Store and Google Play, they distribute the App and process subscription payments. They act as independent controllers for the store and payment relationship and apply their own privacy policies.
  • RevenueCat. A subscription-management provider we use to unify subscription state across platforms on top of Apple and Google billing. It processes a customer identifier and subscription and entitlement information.
  • Backend hosting and infrastructure. We use hosting and infrastructure providers, together with a DNS and content-delivery provider, to run the server side of the Services.
  • Analytics provider (not used in this version). We do not use a product-analytics provider in this version of the App; if we add one, it will be subject to consent in the EU, EEA, and UK.
  • Crash-reporting provider (not used in this version). We do not use a crash-reporting provider in this version of the App.
  • AI text provider. When you use the "Ask" feature, the content you submit is sent to an AI text provider to generate responses.
  • Push notification delivery. We use the platform notification services (Apple Push Notification service and Firebase Cloud Messaging, reached through our app-platform tooling) to deliver the server-scheduled notifications you have opted into.

We require our processors to protect your data, to process it only on our instructions, and to provide protections consistent with applicable law. We will maintain a current, publicly available list of our sub-processors at our website and will notify of material changes by reasonable means; until that list is published you can request the current details at support@esoteia.com.

We may also disclose personal data where required by law, to comply with a legal obligation or lawful request, to enforce our terms, or to protect the rights, property, or safety of our users, the public, or us. In the event of a corporate transaction such as a merger or sale, personal data may be transferred as part of that transaction, subject to this Policy.

International transfers

Because ESOTEIA SRL is established in the Republic of Moldova, and because some of our service providers are located in other countries (including the United States), your personal data may be transferred to, stored in, or processed in countries outside the EU, the EEA, and the UK. Some of these countries may not have been recognised by the European Commission or the UK authorities as providing an adequate level of data protection. Moldova is a party to the Council of Europe Convention 108 on data protection, but it is not currently the subject of an EU adequacy decision.

How these transfers occur

Some of these flows are carried out by the platforms you use under their own terms and safeguards, in particular Apple and Google for payments and the operating system's notification service for push tokens. Others occur because the limited data that reaches our backend (your "Ask" content, the usage counter, and any notification token) is processed on our backend servers and by the service providers described above, in particular the AI text, subscription-management, hosting, and infrastructure providers.

Safeguards we rely on

Where we transfer personal data internationally, we put in place appropriate safeguards required by law before the transfer begins. Depending on the recipient and country, these safeguards include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement or the UK Addendum to the Standard Contractual Clauses, reliance on a recipient's certification under an applicable transfer framework where available, and a transfer risk assessment. We only describe a safeguard as being in place once the relevant agreement has actually been executed. You can ask us for a copy of the safeguards we rely on by contacting support@esoteia.com.

How long we keep your data

We keep personal data only for as long as we need it for the purposes described in this Policy, and then we delete or anonymise it.

  • Profile, saved people, questions, threads, and numerology numbers. This data is stored on your device until you delete it or remove the App. It is not stored on our servers in this version of the App.
  • Subscription, payment, and tax records. Records that we are required to keep for accounting and tax compliance are retained for the period required by applicable law in the Republic of Moldova and any other jurisdiction whose rules apply to us.
  • Analytics data. Usage events are retained for a limited period proportionate to the purpose and then aggregated or anonymised.
  • Crash and diagnostic data. Diagnostic data is retained only for the period needed to investigate and fix faults.
  • AI question and chat content. Question and chat content you submit to the "Ask" feature is retained for the period needed to provide and secure the feature; it is not used to train the AI provider's models, and you can delete your threads in the App.
  • Push notification token. Retained until you withdraw notification consent or remove the App.
  • Support correspondence. Retained for as long as needed to handle your request and for a reasonable period afterwards.

When we delete data, we will also remove it from routine backups within our standard backup cycle.

How we protect your data

We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include on-device storage on your device, encryption of data in transit when data is exchanged with platform and backend services, access controls and least-privilege practices, vendor security diligence, and not storing secrets in the App itself. We also practise data minimisation by design; for example, the App deliberately does not require your full birth name during onboarding.

No method of storage or transmission is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will act in line with our legal obligations, including notifying the relevant supervisory authority and, where required, affected individuals.

Your rights

Depending on where you live, and in particular if you are in the EU, the EEA, or the UK, you have the following rights in relation to your personal data:

  • Access. You can ask for a copy of the personal data we hold about you.
  • Rectification. You can ask us to correct inaccurate or incomplete data. You can edit your own profile and your saved people directly in the App.
  • Erasure. You can ask us to delete your personal data in certain circumstances. You can also delete your profile, saved people, and threads in the App, as described below.
  • Restriction. You can ask us to restrict processing in certain circumstances.
  • Portability. You can ask to receive certain data you provided to us in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Objection. You can object to processing based on our legitimate interests, and you can object at any time to any processing for direct marketing.
  • Withdraw consent. Where we rely on your consent, you can withdraw it at any time. Withdrawing consent does not affect processing that took place before the withdrawal. You can withdraw notification consent through your device settings.
  • Automated decision-making. You have rights in relation to solely automated decisions that produce legal or similarly significant effects, as explained in the section on automated processing below.

To exercise any of these rights, contact us at support@esoteia.com. Because your data is stored on your device, you can exercise many of these rights directly in the App by editing or deleting your data. For the limited data that reaches our backend (your "Ask" content and the usage counter), contact us at the address above and we will action your request. We may need to verify your identity before acting on a request. We will respond without undue delay and within one month, although we may extend this by two further months for complex or numerous requests and will tell you if we do. Exercising these rights is free, unless your request is manifestly unfounded or excessive.

Deleting your data

You are in control of your data and can delete it.

In the App

You can delete individual saved people and individual conversation threads at any time in the App, you can clear your profile and the data the App has stored on your device, and you can remove the App's on-device data by deleting the App from your device.

Data that reaches our backend

Because your profile, saved people, and threads are stored on your device, deleting them in the App or removing the App deletes them. For the limited data that reaches our backend, your "Ask" content and the usage counter tied to your device identifier, you can ask us to delete it by contacting support@esoteia.com, subject only to data we are required to keep by law (such as tax and accounting records) and limited backup retention that is then cycled out.

Subscriptions are separate

Deleting your data or the App does not automatically cancel your subscription, because your subscription is managed by Apple or Google. To stop future charges, you must cancel your subscription through your Apple App Store or Google Play account settings. See our Terms for the cancellation and restore steps.

Children

The App is intended for adults and is not directed to children. We do not knowingly collect personal data from children below the applicable minimum age.

The minimum age to use the App depends on your region, and the App applies an age check based on your device region:

  • In the EU, the EEA, and the UK, you must be at least 16 years old. This applies in the following countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.
  • In all other regions, you must be at least 13 years old.

We have set the 16-year threshold across the entire EEA and the UK as a conservative floor, even though the digital-consent age set by some member states is lower. If we learn that we have collected personal data from a child below the applicable age without the required consent, we will delete it. If you believe a child has provided us with personal data, please contact us at support@esoteia.com. The App's age rating on the App Store and Google Play is set to be consistent with this approach.

Automated processing, profiling, and AI-generated content

The App automatically processes your name and date of birth to calculate numerology numbers and to produce personalised readings, briefings, and cycle information. This is a form of profiling under data protection law, in that we process your personal data automatically to provide personalised content. Your readings, briefings, and interpretations are selected from Esoteia's own built-in interpretation library based on those numbers; producing them does not involve sending your data to a large language model.

This automated processing does not produce legal effects concerning you or similarly significantly affect you. The readings are provided for personal reflection and entertainment, are informational and non-binding, and are not a substitute for professional advice. We do not use this processing to make solely automated decisions that have a legal or similarly significant effect on you. Accordingly, the prohibition in Article 22 of the GDPR on certain solely automated decisions does not apply.

When you use the "Ask" feature, some content shown to you is generated by automated systems and large language models. AI-generated content can be inaccurate, incomplete, or misleading, and you should not rely on it as a statement of fact or as professional advice. The content you submit to that feature is processed by an AI text provider to generate a response, as described above. We label AI-generated content as such within the App.

The readings and other numerology content are provided for entertainment and personal reflection only and are not medical, mental-health, legal, financial, or other professional advice.

Our website, cookies, and on-device storage

If you visit a website we operate, for example to read this Policy, our Terms, or support information, that website may use cookies or similar local-storage technologies. We use strictly necessary cookies that are required for the site to function. Where we use any non-essential cookies or similar technologies, for example for website analytics, we will ask for your consent in the EU, the EEA, and the UK before setting them, and you will be able to manage your choices. The specific cookies and any website analytics tools will be detailed in a cookie notice on the website before any non-essential cookies are used.

The mobile App itself does not use web cookies. It stores data locally on your device, as described in this Policy, in order to function. Any non-essential software development kit that reads or writes data on your device (such as an analytics kit) will not initialise or transmit data until you have given consent in the EU, the EEA, and the UK, and the consent mechanism will be presented in the App.

Changes to this Policy

We may update this Policy from time to time, for example to reflect new features or service providers, or to reflect changes in the law. Where a change introduces a new way of processing your data, we will publish an updated Policy before that processing begins. When we make changes, we will update the date at the top of this Policy and, where the changes are material, we will provide a more prominent notice in the App or by other reasonable means. Where the law requires it, we will seek your consent again before relying on it for any new processing. We encourage you to review this Policy periodically. We intend to make this Policy available in the main languages in which the App is offered.

How to complain to a supervisory authority

We hope to resolve any concern you have if you contact us first at support@esoteia.com. You also have the right to lodge a complaint with a data protection supervisory authority.

  • If you are in the EU or the EEA, you can complain to the supervisory authority in the member state where you live or work, or where you believe the issue occurred. A directory of EU supervisory authorities is maintained by the European Data Protection Board at edpb.europa.eu.
  • If you are in the UK, you can complain to the Information Commissioner's Office at ico.org.uk.
  • In the Republic of Moldova, our home supervisory authority is the National Center for Personal Data Protection of the Republic of Moldova (Centrul National pentru Protectia Datelor cu Caracter Personal), based in Chisinau, which supervises under Law No. 133 of 8 July 2011 on the protection of personal data. Information is available at datepersonale.md.

You may complain to whichever authority is appropriate for you. Lodging a complaint does not affect any other legal remedy you may have.

Contact us

If you have any questions, requests, or concerns about this Policy or about how we handle your personal data, please contact us:

  • ESOTEIA SRL
  • Email: support@esoteia.com
  • Registered address: str. Cărămidarilor 47, MD-2023, mun. Chișinău, Republic of Moldova

We will do our best to help and to respond within the timeframes required by law.