Privacy

Privacy at Given.

Effective April 26, 2026. This policy covers the marketing site at mygiven.app, the gift checkout, the waitlist, and the Given iOS app. This is the working policy for Given. We update it before any material change in how the app or site behaves.

Who we are.

Given is built and operated by Superbigcompany LLC, a company based in Brooklyn, New York with a working studio in Seoul. When this policy says "we," "us," or "Given," it means Superbigcompany LLC, doing business as Given. We're the data controller for the information described here. Our parent site is superbigcompany.com.

For any privacy question, write to hello@mygiven.app. A real person reads every email.

EU and UK representative.

Given is offered in the European Economic Area and the United Kingdom. Under Article 27 of the GDPR and Article 27 of the UK GDPR, we have appointed a designated representative in the EU and the UK. Until the representative's contact details are listed here, you can reach us — and have your request forwarded to the representative — at hello@mygiven.app with the subject line "EU representative" or "UK representative." We acknowledge each request within seven days.

What we collect.

We try to collect as little as possible, and only what each part of Given actually needs to work. Here's the full list, by surface.

On the website (mygiven.app).

  • Gift checkout — your name, email, and the recipient's birth details (date, time, place) so we can build the gift chart. Card details go directly to Stripe; we never see or store your full card number.
  • Waitlist — your email, sent to our email provider (Klaviyo) so we can tell you when Given opens.
  • Server logs — our host (Fly.io) processes standard request metadata such as IP address, user agent, path, response status, and timestamp for security and uptime.

In the Given iOS app.

  • Account data — your name (or chosen display name), email or Sign in with Apple identifier, and the password reset token if applicable.
  • Birth chart inputs — your date of birth, time of birth, and place of birth. These are required to calculate your saju. For compatibility readings, the same inputs for the other person, with their consent.
  • App usage — your daily readings, your saved questions in Ask, your subscription status, and your preferences.
  • Purchase metadata — Apple sends us the receipt and product identifier for any subscription or one-time purchase. We do not see your Apple ID or payment method.
  • Push tokens — only if you turn on notifications.
  • Device + diagnostics — device model, OS version, app version, language, time zone, and crash logs delivered through Apple's first-party crash reporting. These are not tied to your name or email when we view them.

Why we collect it.

Each piece of data has a reason. Where the GDPR applies, the legal basis is in parentheses.

  • Birth details, account data, and purchase metadata — to provide the service you signed up for (contractual necessity).
  • Waitlist emails and product update emails — because you asked to hear from us (consent).
  • Server logs, crash logs, and abuse-prevention signals — to keep Given fast, stable, and safe (legitimate interest).
  • Tax and financial records tied to a purchase — to comply with US and Korean tax and accounting law (legal obligation).

Sensitive data.

Your birth date, time, and place are at the heart of saju. We treat them as sensitive personal information. We use them only to compute and explain your chart and the readings you ask for. We do not use them to infer health, ethnicity, religion, or any other protected characteristic, and we do not sell or share them for advertising. Under California law you have the right to limit the use of your sensitive personal information; see "Your rights" below.

How we share it.

We use a short list of service providers. Each one only sees what they need.

  • Apple — sign in, in-app purchases, push delivery, crash reporting.
  • Stripe — card payment for gift purchases on the website.
  • Klaviyo — transactional and waitlist email.
  • Fly.io — application and database hosting.

We may also disclose information when we're legally required to (a valid subpoena, court order, or similar), to protect Given or its users, or in connection with a merger or acquisition. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

Tracking and analytics.

Given does not engage in "tracking" as defined by Apple's App Tracking Transparency framework. We do not link your data with data from other companies' apps or websites for advertising or measurement, and we do not present the App Tracking Transparency prompt. The marketing site does not run Google Analytics, Meta Pixel, or any third-party advertising or analytics SDK.

Cookies and local storage.

The marketing site does not set advertising or analytics cookies. We use the minimum browser storage needed to keep the gift checkout working and to remember that you've dismissed a banner. The app stores your account session and your preferences locally on your device.

Children.

Given is built for adults. You must be at least 13 to use it (16 if you're in the European Economic Area or the United Kingdom). We do not knowingly collect personal information directly from children under those ages, and we do not run the Apple Kids Category.

If you enter a birth chart for a child — for example, a parent gifting Given to a kid, or a chart drawn for a young family member — that data is treated as your information about a third party. We do not create an account for the minor and we do not use the chart to profile them. If you're a parent or guardian and you believe a child has given us personal information directly, email hello@mygiven.app and we will delete it.

How long we keep it.

  • Account and chart data — for as long as you have a Given account, then deleted within 30 days of account deletion.
  • Waitlist email — until you unsubscribe or ask us to remove it.
  • Gift checkout records — for as long as needed to fulfill the gift, then trimmed.
  • Receipts, invoices, and tax records — up to seven years, as required by US and Korean tax law, even after your account is deleted.
  • Server logs — typically 30 days.

Security.

We encrypt traffic in transit with TLS and encrypt our databases at rest. Access to production systems is limited to Given's operator on hardware-backed keys. No system is unbreakable, but we treat your chart with the care it deserves and we tell you promptly if anything material happens.

International transfers.

Given's servers are in the United States. If you use Given from the European Economic Area, the United Kingdom, or another region, your data is transferred to and processed in the US. We rely on the European Commission's Standard Contractual Clauses with our processors that operate in the US, and we accept the protections of the EU–US Data Privacy Framework where our processors are self-certified.

Your rights.

Wherever you live, you can ask us to:

  • tell you what we hold about you;
  • correct it;
  • delete it;
  • export it in a portable form;
  • stop using it for marketing;
  • limit how we use sensitive parts of it.

To exercise any of these, email hello@mygiven.app. We respond within 45 days. We will never charge you or retaliate against you for asking.

If you live in California, the CCPA/CPRA gives you specific rights to know, delete, correct, opt out of sale or sharing (we do neither), and limit the use of sensitive personal information. We have not sold or shared personal information for cross-context behavioral advertising in the past twelve months.

If you live in the EEA, the UK, or Switzerland, the GDPR and UK GDPR give you the rights above plus the right to object, withdraw consent at any time, and lodge a complaint with your data protection authority.

Other US states — Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others with comprehensive privacy laws give you similar rights, and we honor them on the same email channel above.

Account and data deletion.

In the Given iOS app, open Settings → Account → Delete account. Confirm the prompt and we kick off deletion immediately. You can also email hello@mygiven.app from the address on your account to request deletion.

When you delete your account, we purge your name, email, birth chart inputs, saved questions, readings, and push tokens from our active systems within 30 days. Receipts and tax records are retained for the legal periods listed above. Backups roll off within 90 days.

Changes to this policy.

When something material changes, we update this page and bump the effective date at the top. For larger changes — new categories of data, new processors, a new way the app behaves — we'll also tell you in-app or by email before the change takes effect.

Contact.

Questions, requests, or concerns: hello@mygiven.app. Postal mail can reach us at Superbigcompany LLC, Brooklyn, NY.