demon deli

Privacy Policy

Privacy Policy

Last updated: 15 May 2026

1. Introduction

Demon Deli ("we", "us", or "our") operates the Demon Deli mobile application and website (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what choices you have in relation to it. By using the Service, you agree to the collection and use of information in accordance with this policy.

We take your privacy seriously. We collect only what we need to provide the Service, and we do not sell, rent, or trade your personal information with third parties for their marketing purposes.

2. Information We Collect

We collect information you provide directly, information collected automatically when you use the Service, and information we receive from third-party authentication providers.

Account information. When you create an account through Google Sign-In or Apple Sign-In, we receive your name and email address from the respective identity provider. We do not receive or store your Google or Apple password. The legal basis for this processing is the performance of the contract between you and us (Article 6(1)(b) GDPR).

Profile information. If you choose to provide it, we collect your date of birth, birth time, and birth city to personalise your experience. This information is optional and can be left blank. The legal basis for this processing is your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time by deleting this information from your profile.

Quiz responses. When you complete the onboarding quiz, we store your answers in order to determine your primary and secondary archetypes. These are used solely to personalise the daily reading content. The legal basis for this processing is the performance of the contract between you and us (Article 6(1)(b) GDPR).

Usage data. We collect information about how you interact with the Service, including the readings you receive, the dates on which you receive them, and your reading history. This data is used to power features such as the compatibility pairing system and your personal field map. The legal basis for this processing is the performance of the contract and our legitimate interest in operating and improving the Service (Article 6(1)(b) and (f) GDPR).

Device information. If you enable push notifications, we collect a device token associated with your device in order to deliver notifications. We associate this token with your account and do not use it for any other purpose. The legal basis for this processing is your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time by disabling notifications in your device settings.

Communications. If you contact us directly, we may retain the content of your message and your email address in order to respond. The legal basis for this processing is our legitimate interest in handling support and enquiries (Article 6(1)(f) GDPR).

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service, including generating your daily reading content.
  • To personalise the content you receive based on your archetype profile, birth information, and reading history.
  • To send push notifications when your daily reading is ready, if you have opted in to notifications.
  • To calculate compatibility readings between you and friends who have also connected on the Service.
  • To improve and develop the Service, including understanding how users interact with features.
  • To communicate with you about your account, including responding to support requests.
  • To enforce our Terms of Service and protect against fraudulent or abusive use of the Service.

4. Third-Party Authentication Providers

The Service uses Google Sign-In and Apple Sign-In for authentication. When you sign in using one of these services, you are subject to the privacy policy of the respective provider. We receive only the information those providers make available to us — typically your name and email address — and we do not receive your passwords or payment information from them.

Google's privacy policy is available at policies.google.com/privacy. Apple's privacy policy is available at apple.com/legal/privacy.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

With other users you connect with. When you add another user as a friend on the Service, your display name, archetype profile, and today's entity are visible to that user. Compatibility readings generated between you and a friend are visible to both parties.

With service providers. We use third-party infrastructure providers (including cloud hosting, database, and AI generation services) to operate the Service. These providers process your information on our behalf and are contractually restricted from using it for any other purpose.

For legal reasons. We may disclose your information if we believe in good faith that doing so is required by law, regulation, or legal process, or to protect the rights, property, or safety of Demon Deli, our users, or the public.

In the event of a business transfer. If Demon Deli is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your account information and reading history for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal or legitimate business reasons.

Device tokens for push notifications are deleted when you sign out or uninstall the application, or when the token becomes invalid.

7. Security

We implement technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS), secure credential management, and access controls on our infrastructure.

No method of transmission over the internet or method of electronic storage is completely secure, however, and we cannot guarantee absolute security.

8. International Data Transfers

Some of the third-party providers we use are located outside the European Economic Area (EEA), primarily in the United States. Personal data transferred to these providers is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or by other appropriate transfer mechanisms.

The providers and the data they process on our behalf are:

  • Anthropic, Inc. (United States) — generates daily reading content. Data processed: your archetype profile, reading history, and birth information where provided.
  • Apple Inc. (United States) — delivers push notifications via Apple Push Notification service (APNs). Data processed: device token.
  • Google LLC (United States) — provides authentication via Google Sign-In. Data processed: name and email address.
  • Render Services, Inc. (United States) — hosts the application and database. Data processed: all personal data stored by the Service.
  • ActiveCampaign, LLC / Postmark (United States) — delivers transactional email. Data processed: your email address and the content of service emails.

9. Your Rights

Depending on your jurisdiction, you may have certain rights in relation to your personal information, including the right to access, correct, or delete the information we hold about you. You may also have the right to object to or restrict certain processing, or to receive your data in a portable format.

To exercise any of these rights, please contact us at the address below. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority. If you are based in Germany, the competent authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI). If you are based elsewhere in the EU, you may contact the supervisory authority in your country of residence.

10. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. If the changes are material, we will notify you through the Service or by email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

mailer@co-demon.com

← Back

Cookies keep you signed in. Nothing else. Learn more.