Privacy Policy · ShenShu AI
Last updated: July 9, 2026
Welcome to ShenShu AI (also written as “神數AI” or “神数AI”). This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use https://www.shen-shu.com, https://app.shen-shu.com, and related services, as well as the rights you may have under applicable law.
ShenShu AI is operated by an individual sole operator. For privacy and security reasons, the operator's full personal address is not published on this page. If operator information needs to be verified for lawful, compliance, payment dispute, regulatory, or other necessary purposes, please contact us at support@shen-shu.com.
1. Data Controller
The data controller for the service is:
- Name: the individual sole operator of ShenShu AI
- Privacy contact email: support@shen-shu.com
- Data Protection Officer (DPO): not appointed; privacy requests are received and handled through the email above
2. Information We Collect
We collect information only as needed to provide the service. This may include:
1. Information You Provide
- Account information: email address, login method, and the name or avatar returned by Google login where applicable.
- Verification information: email verification code records. Verification codes are stored as hashes and expire after a short period.
- Birth profile information: optional name or label, gender, birth date, birth time, and, if you enable true solar time, city, longitude, latitude, timezone, and related location details.
- AI input and interaction content: text you enter when generating reports, starting conversations, or asking questions, plus generated reports, chat messages, and structured context.
- Payment and order information: purchased plan, amount, currency, order status, payment time, payment provider, transaction ID, entitlement period, usage count, and refund status. We do not collect or store full card numbers or full card security codes.
- Contact and support information: emails or other support messages you send us, screenshots, account email, and issue descriptions.
2. Automatically Collected Information
- Device and network information: IP address, browser type, device information, operating system, language preference, access time, timezone, and approximate region.
- Usage information: page views, feature usage, button clicks, session duration, error logs, performance data, request logs, and security audit logs.
- Local storage information: to improve the experience, we may use
localStorage,sessionStorage, or cookies in your browser to temporarily store language preference, theme, form drafts, recent chart parameters, or transfer context. - Temporary transfer information: when moving from the main site to the app, some birth information and context may be stored under a temporary token in Vercel KV or similar temporary storage, usually expiring after about 10 minutes.
3. Third-Party Login Information
If you choose to sign in with Google, we receive the basic information necessary for authentication, such as email address, name, or avatar. Google's own privacy policy governs Google's handling of that information.
3. How We Use Information
| Purpose | Legal basis |
|---|---|
| Provide BaZi charting, AI readings, chat, reports, and account features | Performance of contract |
| Process payments, activate entitlements, reconcile orders, and handle refunds | Performance of contract / legal obligation |
| Save profile history, chat history, and reports | Performance of contract / your choice |
| Customer support, billing inquiries, and troubleshooting | Performance of contract / legitimate interests |
| Send login codes, billing, security, policy update, and other necessary service notices | Legitimate interests / performance of contract |
| Prevent abuse, fraud, attacks, and abnormal use | Legitimate interests / legal obligation |
| Product analytics, performance monitoring, and experience improvement | Legitimate interests |
| Comply with legal, regulatory, tax, accounting, and dispute handling requirements | Legal obligation |
We may aggregate, anonymize, or de-identify data for statistics and service improvement. Such data cannot identify a specific individual.
4. Cookies, Analytics, and Local Storage
We use cookies, local storage, and similar technologies to support service operation and improve the experience.
| Type | Purpose | Can be disabled |
|---|---|---|
| Strictly necessary | Login state, account security, checkout flow, core features | Usually no |
| Functional | Language, theme, form drafts, recent chart parameters | You can clear or disable them through your browser |
| Analytics | Understand page visits, performance, and product usage | You can restrict them through browser settings, plugins, or provider tools |
| Marketing | We do not currently actively use personalized advertising tracking; if enabled later, we will explain it separately | Choice will be provided before use |
We may use analytics tools such as Google Analytics and Vercel Analytics. You can limit some tracking through browser settings, privacy plugins, Google's opt-out tools, or settings provided by the relevant services.
5. Sharing and Disclosure
We do not sell, rent, or otherwise sell your personal information commercially. We share necessary information only in the following situations:
- Cloud and database providers: to host the website, app, databases, temporary cache, and logs.
- Payment processors: to process payments, refunds, order status, and disputes. The specific payment processor is shown on the checkout page. Full card numbers and full security codes are not stored on our servers.
- Authentication providers: such as Google login, to complete account login and authentication.
- Email providers: to send verification codes, service notices, security alerts, and support emails.
- Analytics and monitoring providers: such as Google Analytics, Vercel Analytics, or error monitoring services, to understand usage and improve the service.
- AI model/API providers: to generate AI reports and chat responses. We try to send only the context and input necessary to provide the service.
- Legal and regulatory requirements: where required by applicable law, court order, regulator request, payment dispute, risk investigation, or to protect users and service security.
- With your consent: for other specific purposes after obtaining your explicit consent.
6. Data Security
We use reasonable technical and administrative safeguards to protect your information, including:
- HTTPS / TLS encrypted transmission;
- Hashing or short-lived handling of sensitive verification data such as login codes;
- Access controls and least-privilege principles for backend data access;
- Necessary protection for database connections, logs, and payment webhooks;
- Removing removable personal usage data and anonymizing account information when an account is deleted.
Although we work to protect your information, no internet service can guarantee absolute security. If a data security incident may affect your rights, we will respond as soon as we understand the incident and, where required by applicable law, try to notify you or relevant regulators within 72 hours.
7. Data Retention and Account Deletion
We retain personal information only for as long as needed for the purposes described in this Policy. Retention rules include:
| Data type | Retention period | Handling after expiry or deletion request |
|---|---|---|
| Account information | While the account is active; anonymized records may remain after account deletion | Delete or anonymize identifiable email, name, avatar, and similar information |
| Birth profiles, chat sessions, AI reports, and usage reservation records | While the account is active, or until you delete the relevant content/account | Removable data is cleared when the account is deleted |
| Temporary transfer information | Usually about 10 minutes | Automatically expires and is deleted |
| Email verification records | Short-lived, usually about 10 minutes | Automatically expires or is deleted after verification |
| Orders, transactions, entitlements, and refund records | Usually up to 7 years for reconciliation, tax, accounting, payment dispute, and compliance needs | Delete, archive, or de-identify after the retention period |
| Support and billing communications | Usually up to 2 years, longer if a dispute remains unresolved | Delete or archive after the retention period |
| Security, access, and error logs | Usually up to 12 months, longer if needed for security incidents or disputes | Delete or aggregate after the retention period |
| Backup data | Rotating backup cycle, usually no longer than 90 days | Deleted as backups rotate |
Account deletion does not mean that every record is immediately and physically deleted from all systems. Under the current product process, when an account is deleted, we make reasonable efforts to remove removable personal usage data, such as birth profiles, chat sessions, and usage reservation records, and to anonymize account information, such as removing or replacing identifiable email, name, and avatar data.
Paid orders, transaction records, entitlement records, necessary logs, and data that must be retained for reconciliation, transaction tracking, entitlement verification, fraud prevention, tax, compliance, dispute handling, or legal reasons may not be deleted together with the account deletion request. Once an account is deleted or anonymized, the action is usually not reversible.
8. Your Data Rights
You may exercise the following rights by contacting support@shen-shu.com. To protect account security, we may ask you to verify your identity or account ownership first. We will try to respond within 30 calendar days.
| Right | Description |
|---|---|
| Right to know | Understand what information we collect and use |
| Right of access | Request a copy of your personal information |
| Right to rectification | Request correction of inaccurate or incomplete information |
| Right to deletion | Request deletion or anonymization under certain conditions |
| Right to restriction | Request suspension of certain processing in specific situations |
| Right to data portability | Receive your data in a machine-readable format where applicable |
| Right to object | Object to processing based on legitimate interests or marketing |
| Right to withdraw consent | Withdraw processing authorization based on consent |
If you believe we have not properly handled your request, you may complain to your local data protection authority or consumer protection authority.
9. Marketing Communications and Opt-Out
We currently focus on necessary service communications, such as verification codes, billing, entitlements, security alerts, support replies, and policy updates.
If we send marketing communications in the future, we will obtain consent where required by applicable law and provide an opt-out method. Opting out of marketing communications will not affect necessary service notices.
10. International Data Transfers
Our website, app, databases, analytics tools, payment processors, AI providers, and other partners may be located outside your region, including in the United States or other countries/regions.
When cross-border transfers occur, we take reasonable measures to protect your information, such as selecting providers with security and compliance capabilities, entering into data processing agreements, using EU Standard Contractual Clauses (SCCs) or applicable equivalent mechanisms, and minimizing the data transferred where possible.
11. Minors
The service is primarily intended for adults. If you are under 18 years old, please use the service under guardian supervision and avoid submitting unnecessary sensitive information.
We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact support@shen-shu.com, and we will review and delete or anonymize the relevant information as soon as reasonably possible.
12. Third-Party Links and Services
The service may contain third-party links or integrations. Third-party services process personal information under their own privacy policies. This Policy applies only to information we directly collect and process.
13. Changes to This Policy
We may update this Privacy Policy due to product features, payment methods, service providers, or legal requirements. For material changes, we will try to provide at least 14 days' notice before the effective date through the website, in-app notice, email, or another reasonable method, and update the "Last updated" date at the top of this page.
If you continue to use the service after the Policy is updated, you acknowledge the updated Policy.
14. Contact Us
For questions about this Privacy Policy, personal data processing, account deletion, or data rights, please contact:
ShenShu AI
We value your privacy and aim to provide a safe and rational AI BaZi reading experience.
Content is for entertainment and self-understanding only. It does not involve superstitious guarantees, scam guidance, or promises of real-world gains.