Privacy Policy

House of Mahakali is a spiritual services practice. We take your privacy seriously and aim to be straightforward about what information we collect and why. This Policy describes how we handle personal data when you use our website, submit a reading request, create a KarmaKoin account, or otherwise interact with our practice.

By using our services, you agree to the practices described in this Privacy Policy. If you have questions, you can reach us at any time at [email protected].

We collect information you provide directly to us, and limited technical data generated when you use our services. We do not use tracking pixels, behavioral advertising, or third-party analytics networks.

Information you provide:

• Name and email address — provided when you create an account, subscribe to updates, or contact us directly.
• Reading request content — the details, background, and questions you submit through our intake or reading request form. This may include sensitive personal context you choose to share.
• KarmaKoin account data — your account profile, KarmaKoin balance, and preferences associated with your account.
• Payment information — collected and processed directly by Stripe. We receive only a transaction confirmation and a non-sensitive token. We never receive or store your full card number, CVV, or billing details. See Section 4 for more.

Information generated automatically:

• Ledger transaction records — KarmaKoin transactions are recorded on the public ledger. See Section 5 for full details on what is visible and why.
• Basic server logs — our hosting provider may retain standard server access logs (IP address, browser type, page requested, timestamp) for security and uptime purposes. These logs are not used for profiling or advertising.

We use the information we collect for the following purposes:

• Deliver services — to fulfill reading requests, spiritual consultations, and any other services you have requested.
• Maintain your account — to create, authenticate, and manage your KarmaKoin account and associated preferences.
• Communicate with you — to send session confirmations, service updates, responses to your inquiries, and occasional practice-related announcements. You may opt out of non-essential communications at any time.
• Process payments — to initiate payment requests through Stripe and reconcile completed transactions.
• Operate and improve the platform — to maintain the security, integrity, and functionality of our website and services.
• Comply with legal obligations — to respond to lawful requests from authorities, enforce our Terms of Service, or protect the rights and safety of our users and practice.

We do not use your information for behavioral advertising, profiling, or any form of automated decision-making that produces legal or similarly significant effects.

All payment card transactions are processed securely by Stripe, a PCI DSS Level 1 certified payment processor. When you enter payment information on our site, that data is transmitted directly to Stripe's servers — it never passes through or is stored on our systems.

Stripe's handling of your payment data is governed by their own privacy policy, which you can review at stripe.com/privacy. By making a payment through our site, you also agree to Stripe's terms of service.

We retain records of completed transactions (amount, date, associated account) for accounting, legal compliance, and service continuity purposes. These records do not contain full card numbers.

The KarmaKoin economy is built on a principle of transparent exchange. As part of this design, KarmaKoin transactions are recorded on a publicly visible ledger. This transparency is intentional and is disclosed to users at the point of account creation and at the point of initiating any ledger transaction.

What the public ledger may display:

• Transaction type (e.g., earned, spent, gifted)
• KarmaKoin amounts transferred
• Timestamps
• Account identifiers (which may be a username or display name, not necessarily your legal name)

By participating in ledger transactions, you acknowledge and consent to the public visibility of the transaction data described above.

We do not sell, rent, or trade your personal information. We do not share your data with advertising networks, data brokers, or any third party for marketing purposes.

We share data only in the following limited circumstances:

• Stripe — to process payments on your behalf, as described in Section 4.
• Email service provider — we use a third-party email delivery service to send transactional and service communications. This provider receives your email address for the purpose of delivery only.
• Legal obligations — if required by law, court order, or governmental authority.
• Business transfer — in the unlikely event of a merger, acquisition, or sale of assets, user data may be transferred. We will notify users before any such transfer.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, or as required by law.

• Account data — retained while your account is active. If you request account deletion, we will remove or anonymize this data within a reasonable timeframe.
• Reading request content — retained for two years from the date of submission.
• Payment transaction records — retained for up to seven years as required for financial recordkeeping and tax compliance.
• Public ledger records — individual ledger entries may not be fully deletable without disrupting the integrity of the ledger. We will anonymize identifying account references upon deletion request where technically feasible.
• Server logs — retained for a short duration (typically 30–90 days) for security monitoring purposes.

To request deletion of your data, contact us at [email protected]. We will respond to deletion requests within 30 days.

Regardless of where you are located, you have the following rights with respect to your personal information:

• Access — you may request a copy of the personal information we hold about you.
• Correction — you may request that inaccurate or incomplete information be corrected.
• Deletion — you may request that we delete your personal information, subject to legal retention requirements.
• Opt-out of communications — you may unsubscribe from non-essential emails at any time.

California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights including the Right to Know, Right to Delete, Right to Opt-Out of Sale (we do not sell personal information), and Right to Non-Discrimination.

To exercise any of these rights, submit a request to [email protected].

We take reasonable and industry-standard measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

• Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS.
• VPS-hosted backend — our platform runs on a virtual private server with access controls, firewall configuration, and security monitoring.
• Payment security — payment card data is handled exclusively by Stripe, which maintains PCI DSS Level 1 compliance.
• Access controls — access to user data is restricted to authorized personnel with a legitimate operational need.

No method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that affects your rights or freedoms, we will notify affected users as required by applicable law.

Our services are intended for adults and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under the age of 18.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the Effective Date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.

Your continued use of our services after any update constitutes your acceptance of the revised Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all privacy-related inquiries within 5 business days.