Privacy Policy · ShenShu AI

Last updated: July 9, 2026

Welcome to ShenShu AI (also written as “神數AI” or “神数AI”). This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use https://www.shen-shu.com, https://app.shen-shu.com, and related services, as well as the rights you may have under applicable law.

ShenShu AI is operated by an individual sole operator. For privacy and security reasons, the operator's full personal address is not published on this page. If operator information needs to be verified for lawful, compliance, payment dispute, regulatory, or other necessary purposes, please contact us at support@shen-shu.com.


1. Data Controller

The data controller for the service is:

  • Name: the individual sole operator of ShenShu AI
  • Privacy contact email: support@shen-shu.com
  • Data Protection Officer (DPO): not appointed; privacy requests are received and handled through the email above

2. Information We Collect

We collect information only as needed to provide the service. This may include:

1. Information You Provide

  • Account information: email address, login method, and the name or avatar returned by Google login where applicable.
  • Verification information: email verification code records. Verification codes are stored as hashes and expire after a short period.
  • Birth profile information: optional name or label, gender, birth date, birth time, and, if you enable true solar time, city, longitude, latitude, timezone, and related location details.
  • AI input and interaction content: text you enter when generating reports, starting conversations, or asking questions, plus generated reports, chat messages, and structured context.
  • Payment and order information: purchased plan, amount, currency, order status, payment time, payment provider, transaction ID, entitlement period, usage count, and refund status. We do not collect or store full card numbers or full card security codes.
  • Contact and support information: emails or other support messages you send us, screenshots, account email, and issue descriptions.

2. Automatically Collected Information

  • Device and network information: IP address, browser type, device information, operating system, language preference, access time, timezone, and approximate region.
  • Usage information: page views, feature usage, button clicks, session duration, error logs, performance data, request logs, and security audit logs.
  • Local storage information: to improve the experience, we may use localStorage, sessionStorage, or cookies in your browser to temporarily store language preference, theme, form drafts, recent chart parameters, or transfer context.
  • Temporary transfer information: when moving from the main site to the app, some birth information and context may be stored under a temporary token in Vercel KV or similar temporary storage, usually expiring after about 10 minutes.

3. Third-Party Login Information

If you choose to sign in with Google, we receive the basic information necessary for authentication, such as email address, name, or avatar. Google's own privacy policy governs Google's handling of that information.


3. How We Use Information

PurposeLegal basis
Provide BaZi charting, AI readings, chat, reports, and account featuresPerformance of contract
Process payments, activate entitlements, reconcile orders, and handle refundsPerformance of contract / legal obligation
Save profile history, chat history, and reportsPerformance of contract / your choice
Customer support, billing inquiries, and troubleshootingPerformance of contract / legitimate interests
Send login codes, billing, security, policy update, and other necessary service noticesLegitimate interests / performance of contract
Prevent abuse, fraud, attacks, and abnormal useLegitimate interests / legal obligation
Product analytics, performance monitoring, and experience improvementLegitimate interests
Comply with legal, regulatory, tax, accounting, and dispute handling requirementsLegal obligation

We may aggregate, anonymize, or de-identify data for statistics and service improvement. Such data cannot identify a specific individual.


4. Cookies, Analytics, and Local Storage

We use cookies, local storage, and similar technologies to support service operation and improve the experience.

TypePurposeCan be disabled
Strictly necessaryLogin state, account security, checkout flow, core featuresUsually no
FunctionalLanguage, theme, form drafts, recent chart parametersYou can clear or disable them through your browser
AnalyticsUnderstand page visits, performance, and product usageYou can restrict them through browser settings, plugins, or provider tools
MarketingWe do not currently actively use personalized advertising tracking; if enabled later, we will explain it separatelyChoice will be provided before use

We may use analytics tools such as Google Analytics and Vercel Analytics. You can limit some tracking through browser settings, privacy plugins, Google's opt-out tools, or settings provided by the relevant services.


5. Sharing and Disclosure

We do not sell, rent, or otherwise sell your personal information commercially. We share necessary information only in the following situations:

  • Cloud and database providers: to host the website, app, databases, temporary cache, and logs.
  • Payment processors: to process payments, refunds, order status, and disputes. The specific payment processor is shown on the checkout page. Full card numbers and full security codes are not stored on our servers.
  • Authentication providers: such as Google login, to complete account login and authentication.
  • Email providers: to send verification codes, service notices, security alerts, and support emails.
  • Analytics and monitoring providers: such as Google Analytics, Vercel Analytics, or error monitoring services, to understand usage and improve the service.
  • AI model/API providers: to generate AI reports and chat responses. We try to send only the context and input necessary to provide the service.
  • Legal and regulatory requirements: where required by applicable law, court order, regulator request, payment dispute, risk investigation, or to protect users and service security.
  • With your consent: for other specific purposes after obtaining your explicit consent.

6. Data Security

We use reasonable technical and administrative safeguards to protect your information, including:

  • HTTPS / TLS encrypted transmission;
  • Hashing or short-lived handling of sensitive verification data such as login codes;
  • Access controls and least-privilege principles for backend data access;
  • Necessary protection for database connections, logs, and payment webhooks;
  • Removing removable personal usage data and anonymizing account information when an account is deleted.

Although we work to protect your information, no internet service can guarantee absolute security. If a data security incident may affect your rights, we will respond as soon as we understand the incident and, where required by applicable law, try to notify you or relevant regulators within 72 hours.


7. Data Retention and Account Deletion

We retain personal information only for as long as needed for the purposes described in this Policy. Retention rules include:

Data typeRetention periodHandling after expiry or deletion request
Account informationWhile the account is active; anonymized records may remain after account deletionDelete or anonymize identifiable email, name, avatar, and similar information
Birth profiles, chat sessions, AI reports, and usage reservation recordsWhile the account is active, or until you delete the relevant content/accountRemovable data is cleared when the account is deleted
Temporary transfer informationUsually about 10 minutesAutomatically expires and is deleted
Email verification recordsShort-lived, usually about 10 minutesAutomatically expires or is deleted after verification
Orders, transactions, entitlements, and refund recordsUsually up to 7 years for reconciliation, tax, accounting, payment dispute, and compliance needsDelete, archive, or de-identify after the retention period
Support and billing communicationsUsually up to 2 years, longer if a dispute remains unresolvedDelete or archive after the retention period
Security, access, and error logsUsually up to 12 months, longer if needed for security incidents or disputesDelete or aggregate after the retention period
Backup dataRotating backup cycle, usually no longer than 90 daysDeleted as backups rotate

Account deletion does not mean that every record is immediately and physically deleted from all systems. Under the current product process, when an account is deleted, we make reasonable efforts to remove removable personal usage data, such as birth profiles, chat sessions, and usage reservation records, and to anonymize account information, such as removing or replacing identifiable email, name, and avatar data.

Paid orders, transaction records, entitlement records, necessary logs, and data that must be retained for reconciliation, transaction tracking, entitlement verification, fraud prevention, tax, compliance, dispute handling, or legal reasons may not be deleted together with the account deletion request. Once an account is deleted or anonymized, the action is usually not reversible.


8. Your Data Rights

You may exercise the following rights by contacting support@shen-shu.com. To protect account security, we may ask you to verify your identity or account ownership first. We will try to respond within 30 calendar days.

RightDescription
Right to knowUnderstand what information we collect and use
Right of accessRequest a copy of your personal information
Right to rectificationRequest correction of inaccurate or incomplete information
Right to deletionRequest deletion or anonymization under certain conditions
Right to restrictionRequest suspension of certain processing in specific situations
Right to data portabilityReceive your data in a machine-readable format where applicable
Right to objectObject to processing based on legitimate interests or marketing
Right to withdraw consentWithdraw processing authorization based on consent

If you believe we have not properly handled your request, you may complain to your local data protection authority or consumer protection authority.


9. Marketing Communications and Opt-Out

We currently focus on necessary service communications, such as verification codes, billing, entitlements, security alerts, support replies, and policy updates.

If we send marketing communications in the future, we will obtain consent where required by applicable law and provide an opt-out method. Opting out of marketing communications will not affect necessary service notices.


10. International Data Transfers

Our website, app, databases, analytics tools, payment processors, AI providers, and other partners may be located outside your region, including in the United States or other countries/regions.

When cross-border transfers occur, we take reasonable measures to protect your information, such as selecting providers with security and compliance capabilities, entering into data processing agreements, using EU Standard Contractual Clauses (SCCs) or applicable equivalent mechanisms, and minimizing the data transferred where possible.


11. Minors

The service is primarily intended for adults. If you are under 18 years old, please use the service under guardian supervision and avoid submitting unnecessary sensitive information.

We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact support@shen-shu.com, and we will review and delete or anonymize the relevant information as soon as reasonably possible.


12. Third-Party Links and Services

The service may contain third-party links or integrations. Third-party services process personal information under their own privacy policies. This Policy applies only to information we directly collect and process.


13. Changes to This Policy

We may update this Privacy Policy due to product features, payment methods, service providers, or legal requirements. For material changes, we will try to provide at least 14 days' notice before the effective date through the website, in-app notice, email, or another reasonable method, and update the "Last updated" date at the top of this page.

If you continue to use the service after the Policy is updated, you acknowledge the updated Policy.


14. Contact Us

For questions about this Privacy Policy, personal data processing, account deletion, or data rights, please contact:

support@shen-shu.com

ShenShu AI
We value your privacy and aim to provide a safe and rational AI BaZi reading experience.

Content is for entertainment and self-understanding only. It does not involve superstitious guarantees, scam guidance, or promises of real-world gains.