Privacy Policy

1. Who we are

"Seidwyn" refers to the operator of seidwyn.com, Arnar Arinbjörnsson (Iceland). You can reach us at privacy@seidwyn.com with any privacy question. We are the data controller for the information described below.

2. What we collect, and why

2.1 What you give us directly

2.2 What we collect automatically

3. How we use your image

This is the part of the policy that matters most. When you submit an image:

  1. Your browser uploads the bytes to our Cloudflare Worker over TLS.
  2. The Worker hashes the bytes (SHA-256) and forwards them, together with your quiz answers, to the reading engine — see our sub-processor list for which provider handles which modality.
  3. The provider returns a text reading.
  4. We store the SHA-256 hash, the reading text, and a record that a reading happened. The image bytes are dropped from memory and are never written to disk on our infrastructure.

We do not generate or store face embeddings, gait signatures, or any other lasting biometric identifier. We do not retain the image after the reading is generated. We do not allow our sub-processors to retain it for training — see their respective contractual commitments linked in our sub-processor list.

4. Legal bases (GDPR)

If you are in the European Economic Area or the United Kingdom, our lawful bases are:

5. Sub-processors

We use the following processors. We have signed data-processing addenda with each of them where applicable. The complete current list with links to their terms is at /legal/sub-processors/.

6. How long we keep things

7. Your rights

Wherever you are, you have the right to:

Write to privacy@seidwyn.com and we will reply within 30 days. EU residents may also lodge a complaint with their national data-protection authority.

8. Children's privacy

Seidwyn is for adults only. We do not knowingly collect data from anyone under 18 and we do not target the service to anyone under 18. Do not upload images of minors for any modality, including companion readings of a child standing next to a pet. If you are a parent who believes a minor has used the service or appears in an uploaded image, write to us at privacy@seidwyn.com and we will delete the account and any associated records immediately.

9. International transfers

Anthropic, Google, Cloudflare, and Stripe are US companies. Where data leaves the European Economic Area we rely on the European Commission's Standard Contractual Clauses with each provider, plus their additional technical safeguards.

10. Security

Data in transit is TLS-encrypted end-to-end. Data at rest in our D1 database is encrypted at the disk level by Cloudflare. API keys for payment and reading providers are stored as Cloudflare Worker secrets, which are encrypted and accessible only to the running Worker code. We do not have access to your payment card number — that lives only at Stripe.

11. Changes

If we change this policy we will update the "Last updated" date at the top of this page. Material changes (sub-processor additions, retention increases) will be notified by email to subscribers.