Privacy Policy

Master Hachimi (“the App”, “we”, “us”), brand Hachimi.ai, is operated by 元竹投資有限公司 (Yuenchuk Investment Limited), a company registered in Hong Kong (“the Company”). This Privacy Policy explains what data the App processes, why, and your rights. Please understand how the App works first. Master Hachimi is an emotional-companionship product: you provide two numbers and write the question on your mind; the Company's unified backend performs a deterministic Mei Hua Yi Shu (Plum Blossom Numerology) cast, and a third-party AI model then generates the reading in the voice of “Master Hachimi”. Unlike many purely on-device divination utilities, generating a reading necessarily sends your question and the cast to the Company's backend, which forwards them to a third-party AI (Google Gemini). This policy discloses that accordingly.

• The cast (numbers → hexagram) is a deterministic computation performed off-device; the reading is generated by a third-party AI (Google Gemini). Your question, the two cast numbers, and time-of-day are sent to the Company's backend for casting; thereafter only your question, the resulting hexagram, and time-of-day are forwarded to Google Gemini to generate the reading — the two cast numbers are not sent to Google. • We do not sell your data, do not use it for advertising, and do not track you across other apps or websites (no advertising identifier / IDFA, no App Tracking Transparency). • No account is required to use the App.

• Your question (free text you type) — the subject of the divination. Sent to the Company's backend on each cast and forwarded to Google Gemini to generate the reading. The backend is designed not to persist it (transient forwarding); your reading history, which includes the question, is stored on your device. • Two cast numbers + local time-of-day — used for the deterministic cast (upper/lower trigram, moving line). Sent with the question to the backend; not persisted by the backend by design; history is stored on your device. • Reading history (chart, reading, time, question) — stored on your device only, so you can review past readings. • Selected language / settings — app preferences, stored locally on your device. We do not collect: your name, email, contacts, photos, precise location (GPS), health data, financial data, or any advertising identifier (IDFA). The App does not use App Tracking Transparency because it performs no cross-app tracking. “Time-of-day” means your device's current clock hour (used to determine the moving line) — it is not GPS positioning.

To generate the “Master Hachimi” reading, on each cast the App sends [your question + the cast + time-of-day] to the Company's own backend (a thin proxy; client device-integrity attestation is planned — see section 7). The backend performs the deterministic cast and then forwards the hexagram and your question to the third-party AI service Google Gemini API to generate the reading text. • Explicit permission: Before your first cast, the App shows a consent screen that clearly states what will be sent and the recipients (the Company's backend + Google Gemini). Nothing is sent without your consent. • Revocable: You can withdraw consent at any time in Settings. After withdrawal the App sends no further data and therefore cannot generate new readings (the product has no offline reading mode); your existing local history is unaffected. • Google acts as a service provider: Google processes the content as a service provider / data processor, contractually limited to providing the reading service to the Company. Under the Gemini API paid-tier terms and its Data Processing Addendum (DPA), Google provides protection of your data equal to or no less than that stated in this policy. • Data use on the paid tier: the App uses the paid tier of the Google Gemini API. Per Google's current Gemini API Additional Terms of Service, on the paid tier Google does not use your prompts or responses to improve its products; Google logs prompts and responses only for a limited period, solely to detect abuse, maintain safety, and meet legal requirements. See the Google Gemini API Terms (https://ai.google.dev/gemini-api/terms) and Google Privacy Policy (https://policies.google.com/privacy). • Minimization: we send Google Gemini only what is necessary to generate the reading (your question + cast + time-of-day). We do not send your identity, device identifiers, or location to Google. Once enabled, the device-attestation token used for anti-abuse will be sent only to the Company's backend, never to Google, and will not be used for tracking.

• The Company operates a unified backend (thin proxy) to receive cast requests, run the deterministic cast, and forward to Google Gemini. By design this backend does not persist your question or history (transient forwarding, no user database). • Reading history is stored only on your device. Deleting a record or deleting the App removes it; we provide a “Delete all history” action in Settings. • Retention and deletion on the third party (Google): Google retains paid-tier prompts/responses for a limited period for abuse prevention (see section 3). To request deletion of content already sent to Google, contact us at support@hachimi.ai — we can initiate a request via Google's channels on your behalf — or see the data-request avenues in the Google Privacy Policy.

Depending on where you live (EU/EEA under GDPR, California under CCPA/CPRA, Hong Kong under PDPO, and others), you have rights to access, correct, and delete your personal data, to object to or restrict processing, and to withdraw consent at any time. • Withdraw consent: turn off the third-party AI reading consent toggle in Settings (see section 3). • Access / portability / deletion: because the Company's backend does not store your personal data and the App has no account, the reading history on your device is fully under your control — you can view and delete it in-app; we hold no server-side copy to export. • GDPR: the lawful basis for sending your question and cast to the third-party AI is your consent, which you may withdraw at any time. • CCPA/CPRA: we disclose your question only for a business purpose to Google acting as a service provider — this is not a “sale” or a “share” for cross-context behavioral advertising. • PDPO (Hong Kong): we collect only data necessary for the App's function, use it only for that purpose, and apply transport encryption (TLS) to all network calls (device attestation is planned). For any request or question, contact us using the details below; we will respond within the time limits required by applicable law.

The App is not directed to children under 13 and does not knowingly collect personal data from them.

All network calls use standard HTTPS/TLS; client device-integrity attestation (App Check / App Attest) to deter abuse is planned (not yet enforced at launch). Upstream AI service keys are held only on the Company's server and are never shipped to or embedded in the client.

We may update this policy; the “Last updated” date will change. Material changes will be surfaced in the App.

元竹投資有限公司 (Yuenchuk Investment Limited), Hong Kong Email: support@hachimi.ai