Back to Mystic SisterThe Ninth Door

Mystic Sister

Privacy Policy

Last Updated: December 23, 2025

This Privacy Policy explains how Mystic Sister and its parent company The Ninth Door, LLC ("Mystic Sister," "The Ninth Door," "we," "us," or "our") collect, use, store, and protect information when you use our mobile application, website, and related services (the "Services").

We take your privacy seriously. Our guiding principle is simple:

We treat your conversations with Mystic Sister as private. We do not actively monitor your conversations, and we do not sell, rent, or trade your personal data, conversation content, or API logs—now or ever.

If you do not agree with this Policy, please do not use the Services. This Policy is incorporated into and forms part of our Terms of Service.

1. Who We Are

Mystic Sister is operated by:

The Ninth Door, LLC
2520 Venture Oaks Way Suite 120
Sacramento, CA 95833

Contact email: support@ninth-door.com

We are the "data controller" for personal information we collect through the Services, except where a third-party platform (such as an app store) acts as its own controller.

2. What This Policy Covers

This Privacy Policy applies to information we collect through our mobile application, website, and related services.

3. Information We Collect

We intentionally keep data collection minimal. We collect only what we need to:

  • Create and maintain your account;
  • Process subscriptions;
  • Provide readings and "memory" features; and
  • Keep the app secure and functioning.

3.1 Information You Provide Directly

Account Information

  • Email address – required to create and manage your account and communicate with you.
  • Password – you create a password to log in. Your password is encrypted/hashed and not stored in plain text.

Subscription & Payment Information

  • If you purchase a paid tier, your payment details (such as card number, billing address, etc.) are processed through the platform on which you downloaded the app. On iOS, purchases are handled via Apple's In-App Purchase system. On Android, purchases are handled via Google Play Billing. Subscription management, entitlement access, and purchase validation are managed using RevenueCat.
  • We do not directly process or store your payment information. All billing details are handled by Apple or Google in accordance with their respective policies.

Content You Type into the App

  • Questions you ask Mystic Sister;
  • Any details or context you share in a conversation;
  • Any notes you voluntarily enter in the app.

This is "conversation content." It may contain personal, emotional, or sensitive details if you choose to share them. We do not require you to share any sensitive data.

3.2 Information Collected Automatically

When you use the app, certain technical data may be collected automatically, such as:

  • Device type (e.g., iPhone, Android);
  • Operating system version;
  • Basic app usage events (e.g., when you open the app, which screens are accessed, crashes or errors);
  • General timestamps and performance data.

This information is primarily collected through Firebase and similar infrastructure tools so we can keep the app secure and functioning properly. We do not use this data for ad targeting or data brokerage.

4. How Conversation Memory Works

Mystic Sister offers different tiers that determine how long the app "remembers" your conversations and context.

Free Tier

  • Conversation memory exists only during a single in-app session.
  • When you close the app, your in-session "memory context" for future readings is cleared.
  • Some technical logs may still exist on our servers for security and service integrity, but they are not used to "remember" you next time.

Intermediate Paid Tier(s)

  • Mystic Sister may remember your conversation context and past readings for a limited time (for example, up to 2 weeks) to make readings feel more personalized and continuous.
  • The exact retention period for your tier will be described in the app or subscription description.

Unlimited / Highest Paid Tier

  • Mystic Sister may remember your conversation history for six months or more, even if you close the app, so you can have a longer-running relationship and continuity with the oracle.

All conversation history and Mystic Sister's "memory" are stored securely using Firebase (and related managed infrastructure). We do not sell or share conversation content or API logs with third parties for their own purposes.

5. Conversation Privacy and Access

We treat your conversations with Mystic Sister as private. We do not actively monitor, scan, or review user conversation content, and we do not use conversation logs for advertising, profiling, or resale. Your conversation history is used solely to provide the Services, including memory features, debugging, security, and improving functionality.

Conversation data is stored securely through Firebase and may be accessed only in limited circumstances, such as:

  • to investigate technical issues,
  • to comply with law, valid legal process, or governmental requests,
  • to enforce our Terms (such as preventing abuse or harmful use of the Services), or
  • to protect the rights, property, or safety of Mystic Sister, our users, or the public, where permitted by law.

We are not a crisis or emergency service and do not monitor conversations for signs of harm. You should not rely on the Services to report emergencies or dangerous situations. If you are in crisis or believe someone may be in immediate danger, please contact local emergency services or a crisis hotline instead.

6. How We Use Your Information

We use the information we collect for the following purposes:

1. To provide and maintain the Services

  • Create and manage your account;
  • Authenticate you when you log in;
  • Generate readings through AI models;
  • Provide memory-based features according to your tier.

2. To process payments and manage subscriptions

  • Verify purchases and subscription status;
  • Handle upgrades/downgrades;
  • Coordinate with Apple In-App Purchase, Google Play Billing, and RevenueCat.

3. To communicate with you

  • Send service-related messages (e.g., account updates, billing notices);
  • Send optional push notifications or emails if you opt in;
  • Respond to your support requests.

4. To maintain security and prevent abuse

  • Protect your account;
  • Detect, prevent, and respond to fraud, misuse, security incidents, or outages.

5. To improve and develop the Services

  • Understand how the app is used (in aggregate);
  • Fix bugs, crashes, and performance issues;
  • Refine features and user experience.

We do not use your personal information or conversation content to build behavioral advertising profiles or sell your data.

7. AI and Google Gemini API

Mystic Sister uses Google Gemini's API to generate readings based on your questions and our oracle deck structure. Here's how that works:

  • The app sends your question and relevant contextual information (e.g., randomly drawn cards and recent conversation snippets, depending on your tier) to Gemini's API via secure connection.
  • Gemini's model returns a generated response, which we display to you in the app.

We treat all conversation content as private. We do not give Google Gemini permission to use your data for advertising or to sell it to others. Our use of Google Gemini is governed by GoogIe's own terms and policies.

8. Push Notifications and Email

We send push notifications and emails only if you opt in.

  • Push Notifications: Sent through OneSignal and/or app platform services. These may include reminders, updates, or suggestions from Mystic Sister.
  • Emails: Sent via MailerLite and may include product updates, feature announcements, or content you've opted in to receive.

You can opt out at any time by:

  • Turning off push notifications in your device or app settings;
  • Using unsubscribe links in emails; or
  • Contacting us at support@ninth-door.com

We may still send non-promotional, service-related communications where necessary (for example, about changes to these Terms or issues with your account).

9. Data Sharing and Disclosure

We do not sell your personal data or conversation content. We do not share your data with advertisers, data brokers, or other third parties for their own independent marketing or profiling.

We may share data only in these limited situations:

9.1 Service Providers ("Processors")

We use trusted third-party providers to operate the Services, for example: Thunkable (app build framework and infrastructure), Firebase (hosting, authentication, database, and secure storage), and MailerLite (email service provider, only if you opt in to emails).

9.2 Legal Requirements and Safety

We may disclose certain information if we reasonably believe it is necessary to:

  • Comply with a valid legal request, such as a subpoena, court order, or government demand;
  • Protect the rights, safety, or property of Mystic Sister, our users, or the public;
  • Investigate fraud, abuse, or security issues.

We are not a crisis or emergency service and do not actively monitor conversations for self-harm or illegal activity, but if we become aware of an imminent threat to life or safety, we may report limited information to appropriate authorities, as permitted by law.

9.3 Business Transfers

If The Ninth Door, LLC or Mystic Sister is involved in a merger, acquisition, restructuring, or asset sale, your information may be transferred as part of that transaction. We will take reasonable steps to ensure any successor entity honors this Privacy Policy or notifies you of material changes.

10. Data Retention

We retain information for as long as necessary to provide the Services, meet legal obligations, and resolve disputes, but we aim to minimize retention where possible.

Approximate retention patterns:

  • Account data (email, subscription status): Kept while your account is active and for a reasonable period after closure to comply with legal and accounting requirements.
  • Conversation memory:
    • Free tier – no ongoing memory once the session is closed, aside from limited logs needed for security and service integrity.
    • Intermediate tier – memory retained for up to ~2 weeks (or as stated in the app for your tier).
    • Unlimited tier – memory retained for at least six months, and possibly longer, to support continuity features.
  • Payment and billing records: Retained for the period required by tax and accounting laws.

You may request deletion of your account and associated data as described below.

11. Security

We use reasonable technical and organizational measures to protect your information, including:

  • Secure connections (HTTPS) where appropriate;
  • Encrypted passwords (hashed/salted, not stored in plain text);
  • Use of reputable infrastructure providers (Firebase, RevenueCat, etc.);
  • Access controls and restricted internal access to production systems.

No system can be guaranteed 100% secure, but we work to minimize risk and respond promptly to any security concerns.

12. Children's Privacy

Mystic Sister is intended for adults 18+. We do not knowingly collect personal information from individuals under 18.

If we learn that someone under 18 has created an account or provided personal information, we will take reasonable steps to delete that account and associated data. If you believe a child under 18 has used the Services, please contact us at support@ninth-door.com.

13. Your Rights and Choices

Depending on where you live, you may have certain rights regarding your personal information, such as:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to legal or contractual obligations.
  • Restriction / Objection: In some cases, request limits on how we use your data.
  • Portability: Request a copy of certain data in a structured, machine-readable format.

Even if your jurisdiction doesn't grant these formally, we'll try to honor reasonable requests where feasible.

You can typically manage many preferences directly in the app (e.g., notifications, tier, account deletion). For other requests, contact us at support@ninth-door.com and we'll respond within a reasonable timeframe.

If you are in a region with a data protection authority (for example, the EEA or UK), you may also have the right to lodge a complaint with your local authority.

14. Account Deletion

If you wish to delete your account and all associated data (including login credentials and chat history), please contact us at support@ninth-door.com with the subject line "Delete Account." We will verify your request and permanently delete your data within 30 days.

15. International Users

Our Services are operated from the United States, and your information may be stored or processed in the U.S. and other countries.

By using the Services, you acknowledge that your information may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country. We take steps to protect your information in line with this Privacy Policy, regardless of where it is processed.

16. Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, technologies, or legal requirements.

When we do:

  • We will update the "Last Updated" date at the top; and
  • Where required by law or where changes are material, we will provide additional notice (for example, via the app or email).

Your continued use of the Services after the updated policy becomes effective means you accept the changes. If you do not agree, you should stop using the Services and request deletion of your account.

17. How To Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, you can contact us at:

Email: support@ninth-door.com

Mailing Address:
The Ninth Door, LLC
2520 Venture Oaks Way Suite 120
Sacramento, CA 95833