Wish & WitchLast updated April 20, 2026

Privacy Policy

This Privacy Policy explains what information Wish & Witch (“we”, “us”) collects when you use our website at wishandwitch.com or the Wish & Witch iOS app (together, the “Service”), how we use it, and the choices you have.

Wish & Witch is a reflective wellbeing and journaling product. It is not a medical, psychological, or legal service.

1. Information we collect

Information you provide

  • Quiz answers. Your responses to the onboarding and reading quizzes (goals, feelings, preferences, optional birth date).
  • Email address. If you enter it to receive your reading or product updates.
  • Palm photo (optional). If you choose to use the Palm Reading feature, an image of your hand is captured locally. We do not use it to identify you. See “Palm images” below.
  • Journal and wish entries. Text you write inside the app. These are stored locally on your device and are not transmitted to our servers unless you explicitly enable a backup feature.
  • Support messages. If you email us at hello@wishandwitch.com, we receive your address and the content of your message.

Information collected automatically

  • Device and usage data. Approximate device type, operating system, app version, anonymized event counts (e.g. “quiz started”, “paywall viewed”), and crash diagnostics.
  • Purchase data. If you subscribe, we receive a transaction identifier and subscription status from Apple (iOS) or Stripe (web). We do not receive your full payment card details.

Palm images

The Palm Reading experience is reflective, not biometric. Images captured for this feature are processed on your device to produce a visual “scan” animation. We do not run face or fingerprint recognition on them, we do not sell them, and we do not share them with third parties. Images are not uploaded to our servers by default. If a future feature requires upload, you will be asked explicitly and can opt out.

2. How we use your information

  • To generate and deliver your personalized reading and 28-day path.
  • To operate subscriptions, billing, and receipts.
  • To send the emails you requested (reading, updates, reminders).
  • To understand aggregate usage, fix bugs, and improve the product (analytics).
  • To respond to your support requests.
  • To comply with legal obligations and enforce our Terms.

3. Service providers we use

We rely on a small number of vendors, each bound by their own privacy terms:

  • Apple Inc. — iOS distribution and in-app subscription billing.
  • Stripe, Inc. — web subscription billing.
  • Supabase Inc. — email lead storage (only if you opt in).
  • Resend — transactional email delivery.
  • Vercel — hosting for our website.
  • Cloudflare — DNS and domain.
  • RevenueCat — managing and validating subscriptions on iOS.
  • Meta Pixel and Microsoft Clarity — optional analytics on the website. Disabled if you opt out.

4. Advertising and tracking

We do not sell your personal information. On iOS we do not request tracking permission unless we later enable it; if we do, you will see Apple’s standard App Tracking Transparency prompt and can decline. On the website, pixel-based analytics only fire if the corresponding environment IDs are configured; you can block them with any standard tracker blocker.

5. Data retention

  • Quiz answers and reading result: stored locally on your device for as long as you keep the app installed.
  • Email: kept while your account is active, or until you ask us to delete it.
  • Subscription and billing records: retained as required by applicable tax, accounting, and consumer-protection law (generally up to 7 years).

6. Your rights

Subject to your local law, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Port your data to another service.
  • Withdraw consent or object to certain processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email hello@wishandwitch.com. Inside the iOS app, you can also use Profile → Account → Delete account, which clears all locally stored data and queues a server-side deletion of any associated email and subscription records.

7. Children

Wish & Witch is not directed at children under 13 (or under 16 in the EEA and UK). We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it.

8. International transfers

Our vendors operate from the United States and the European Union. When your data leaves your region, we rely on Standard Contractual Clauses and the providers’ own safeguards.

9. Security

We use TLS in transit, access controls, and secret management for keys. No online service can be perfectly secure, and we encourage you to use a strong, unique email password.

10. Changes to this policy

If we make a material change, we will update the “Last updated” date above and, where appropriate, notify you in-app or by email.

11. Contact

Wish & Witch — privacy questions: hello@wishandwitch.com.