Goldman Global Financial Pty Ltd (ABN 83 635 979 841) operates Finn Tang's Reading Studio. This policy explains what personal information we collect, why, how we use it, who we share it with, and what your rights are. We apply the standards of the Australian Privacy Act 1988 and apply equivalent care where the EU GDPR or other applicable laws govern your relationship with us.
What we collect
- Account: your email address, locale preference (繁 / 简 / EN), sign-in metadata (timestamp, IP — for security and abuse prevention only)
- Reading inputs: birth date, birth time, birth place (city), gender, time precision, your name (a first name or nickname is recommended — your legal name is not required), and the optional names and birth data of up to four (4) additional persons you have chosen to add
- Reading content: the readings we compose for you (text), your feedback (👍 / 👎, optional note)
- Payment metadata: which credit pack you purchased, when, in what currency — but NOT your card or bank details (those are handled exclusively by Stripe and never reach our servers)
- Cookies: a session cookie to keep you signed in, an acknowledgement cookie for the compliance gate, and no third-party advertising trackers
- Methodology data (optional, opt-in): if you choose to contribute to The Hallmark Institute research programme, your anonymised methodology preference is added to the empirical dataset
Why we collect it
- To compose your reading — we cannot compute a reading (命書, your life-chart text) without birth details
- To deliver and re-deliver readings to your account
- To process payment and grant credits via Stripe
- To investigate quality issues and improve the engine (your feedback signal)
- To meet our legal and regulatory obligations (financial-record retention under Australian law)
How AI processes your data
Your birth data is converted to a deterministic structural chart on our servers. The chart and curated corpus entries are sent to our LLM provider (DeepSeek) for reading composition. Per DeepSeek's API policy, prompts and completions sent through the API are not used to train their models. We do not use your personal birth data to train any model of our own. Only aggregated, anonymised methodology selections may be used in published research, and only with your explicit opt-in.
Practitioner access — the studio privacy commitment
Even the practitioner (Finn Tang, sole studio operator and account administrator) has NO read access to your reading content or birth-data details through the admin panel.
This is enforced architecturally:
- The admin panel displays only operational metadata (your email, account creation date, credit balance, job status, version stamps). Birth date, birth time, birth place, gender, name, and the composed reading text are never displayed to the practitioner through the admin UI.
- For corpus curation (improvement work after customer feedback), the engine’s clustering process produces anonymised samples stripped of personal identifiers. The practitioner curates pattern-level corpus updates, not individual readings.
- Even when you flag a reading as wrong via the feedback widget, your reading text is not shown to the practitioner directly. The clustering cron extracts an anonymised pattern signal.
The only humans on this earth who can see what was composed for you are: you (signed in to your account) and whoever you choose to share it with.
The exceptions are narrow and structural: (a) automated workers (service role) need to read your birth data to compute charts — this is software-only, no human reads it; (b) court orders requiring data disclosure under Australian law; (c) you explicitly contacting us asking us to look at a specific reading on your behalf.
Customer-data deletion requests are processed by the practitioner via DELETE operations on database records — not by reading the records first.
Cross-border data transfers
Our processors are located outside Australia (USA, China, Ireland). We rely on contractual safeguards and each processor's own privacy practices. By using the service you consent to these cross-border transfers. If you have concerns about a specific transfer, please email us — we can discuss whether to limit certain processing for your account.
How long we keep it
- Account and reading data: kept while your account is open
- On account deletion: we delete or anonymise your personal data within 30 days, except where retention is required by law (e.g. financial records retained 7 years per AU tax law)
- Anonymised methodology data: retained indefinitely for research, with no link back to your identity
Your rights
- Access — request a copy of your data (email cto@goldmanglobal.com.au)
- Rectification — edit your profile, or use your one lifetime birth-data amendment via
/account/people - Deletion — request account deletion via the account page or by email
- Portability — request a machine-readable export
- Object — withdraw your methodology-programme consent at any time
- Complain — to the Office of the Australian Information Commissioner (OAIC) or your local data-protection authority
Children
The service is intended for users aged 18 or above. We do not knowingly collect data from minors. If you believe a minor has signed up, please email us and we will delete the account.
Security
All traffic is encrypted in transit (HTTPS / TLS 1.2+). Database access is restricted by row-level security policies — each user can read only their own data. Payment data never touches our servers; Stripe handles card processing in PCI-DSS compliant infrastructure. We will notify affected users in the event of a notifiable personal-data breach as required by the OAIC scheme.
Changes to this policy
We may update this policy. The effective date at the top of this page reflects the most recent revision. Material changes will be notified by email to active users.
Contact
Privacy enquiries: cto@goldmanglobal.com.au · Goldman Global Financial Pty Ltd · ABN 83 635 979 841 · Sydney NSW Australia