Legal

Privacy Policy

Last updated: May 17, 2026

IChingGuide ("the Platform") takes your privacy seriously. This policy explains how we collect, use, store, and protect your personal information in connection with our website (ichinguide.com) and related services. By using our Platform, you agree to this policy.

1. Data Controller

The data controller for this Platform is Zhang Yishao (Zhang Haishen). Contact details:

Email: yishao.zhang2026@gmail.com
WeChat: zhanyishao5758

For any questions about this policy or to exercise your data rights, please contact us at the above address.

2. Information We Collect

We may collect the following categories of personal information:

Account information: Name and email address provided when you register.

Metaphysical analysis data: Birth year, month, day, and hour — the foundational parameters required for BaZi and related analysis. This data is used solely to deliver the consultation service you request — it is never sold, shared for marketing, or used for any other purpose. We apply data minimization principles and collect only what is strictly necessary for the analysis. This information is protected with appropriate security measures; Calendly receives it only to the extent needed to process your booking. For EU/UK users, the legal basis for processing this data is contract performance (GDPR Art. 6(1)(b)); for other users, it is your explicit consent provided at the point of booking.

Transaction information: Payment-related data processed via Stripe. We do not directly store your card details — these are handled directly by Stripe.

Communications: Content you send us through the contact form or by email.

Technical data: IP address, browser type, access times, and page view records (collected via cookies and analytics tools).

3. Purposes and Legal Basis for Processing

We process your personal information for the following purposes and on the following legal bases:

Service delivery (contract performance): Processing your birth data to complete metaphysical analysis; providing consultations and courses you have purchased.

Account management (contract performance): Creating and maintaining your account; processing bookings and payments.

Customer support (contract performance / legitimate interests): Responding to your inquiries.

Site improvement (legitimate interests): Analyzing site usage to improve user experience.

Legal compliance (legal obligation): Retaining records as required by law.

We do not sell, rent, or otherwise transfer your personal information to third parties for marketing purposes.

4. Third-Party Data Processors

To provide our services, we share necessary personal information with the following third parties:

Clerk (identity & authentication): Handles user registration and login. Clerk holds SOC 2 Type II certification. Data may be stored on US servers; cross-border transfers are governed by Standard Contractual Clauses (SCCs). Clerk Privacy Policy: clerk.com/legal/privacy

Stripe (payment processing): Processes online payments. Stripe holds PCI DSS Level 1 certification. We do not have access to your full payment card details. Stripe Privacy Policy: stripe.com/privacy

Calendly (booking system): Manages consultation scheduling. Calendly Privacy Policy: calendly.com/legal/privacy-notice

These third parties are authorized to use your information only to the extent necessary to provide their respective services.

Data Processing Agreements (DPA): Clerk and Stripe each provide standard GDPR-compliant DPAs, available through their respective dashboards. Calendly also offers a DPA. To confirm the Platform's current DPA status with any provider, please email yishao.zhang2026@gmail.com.

Mainland China Users (PIPL Compliance): If you are located in mainland China, your personal information will be transferred to servers outside mainland China (including in the United States). Under China's Personal Information Protection Law (PIPL), such cross-border transfers may require specific legal bases or security assessments. The Platform is continuously evaluating its PIPL compliance obligations. If you have concerns, please contact yishao.zhang2026@gmail.com.

5. Data Retention

Your personal information is retained for the following periods:

  • Account information: For the duration of your account, plus up to 2 years after closure (to resolve potential disputes).
  • Consultation records: 3 years after the consultation, so you can access your historical analysis.
  • Payment records: At least 7 years, as required by applicable financial regulations.
  • Cookie data: Ranging from end-of-session to 24 months, depending on cookie type.

When these periods expire, we will securely delete or anonymize the relevant data.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal information we hold about you.
  • Right to rectification: Request correction of inaccurate personal information.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data in certain circumstances.
  • Right to restriction: Request that we restrict our processing of your data in certain circumstances.
  • Right to data portability: Receive your personal data in a portable format (EU/UK users).
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw previously given consent at any time (without affecting the lawfulness of processing before withdrawal).

To exercise any of these rights, please email yishao.zhang2026@gmail.com. We will respond within 30 days (as required by GDPR for EU/UK users).

7. Cookie Policy

This website uses cookies and similar technologies, categorized as follows:

Strictly necessary cookies: Maintain essential website functionality (login state, security). No consent required.

Analytics cookies: Help us understand how visitors use the site. Used only with your consent.

Functional cookies: Remember your preferences (e.g., language selection). Used only with your consent.

You can update your cookie preferences via the cookie settings banner at the bottom of the page, or manage cookies through your browser settings. Disabling certain cookies may affect site functionality.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • HTTPS encrypted transmission
  • Use of certified third-party providers (Clerk, Stripe)
  • Restricted internal access controls
  • Regular security reviews

However, no internet transmission is entirely risk-free. In the event of a data security incident, we will notify affected users as required by law.

9. International Data Transfers

This website serves a global audience, and your personal information may be transferred to and stored on servers outside your country of residence (including in the United States). For EU/UK users, such transfers are conducted under EU Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure your data receives appropriate protection.

10. Children's Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal information from minors. If you believe we may have inadvertently collected information from a minor, please contact us immediately and we will delete it.

11. Policy Updates

We may update this Privacy Policy from time to time. Material changes will be communicated via site announcement or email. Continued use of our services after an update constitutes acceptance of the revised policy.

12. Contact and Complaints

For questions about this policy, please contact:

Email: yishao.zhang2026@gmail.com

If you believe we have processed your personal information in breach of applicable data protection law, you have the right to lodge a complaint with your local supervisory authority:
- UK users: Information Commissioner's Office (ICO) — ico.org.uk
- EU users: Your member state's Data Protection Authority
- Singapore users: Personal Data Protection Commission (PDPC) — pdpc.gov.sg

13. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendment (CPRA) grant you the following rights:

Right to Know: You have the right to know what personal information we collect, the purposes for which it is used, and whether it has been sold or disclosed to third parties.

Right to Delete: You may request deletion of personal information we have collected from you, subject to certain legal exceptions.

Right to Correct: You have the right to request correction of inaccurate personal information.

Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out action is required, but you may confirm this by contacting us.

Right to Non-Discrimination: Exercising any of these rights will not result in discriminatory treatment.

How to Submit a Request: Email yishao.zhang2026@gmail.com with the subject line "California Privacy Rights Request." We will respond within 45 days (or up to 90 days for complex requests, with advance notice).