Privacy-first palm reading by photo

• The original palm photo is accepted only for generating the reading flow.
• The backend policy is no source-image storage in D1, R2, long-lived logs, or analytics metadata.
• Generated report artifacts may be stored so you can preview, unlock, download, and delete a report.
• The frontend compresses and validates images before upload where the browser allows it.

• Email address for private report link continuity, payment continuity, and email backup delivery
• Quiz answers such as focus area, optional gender, optional zodiac, and relationship status when relevant
• Report status, paid state, private access-token hash, timestamps, and deletion state
• Payment status from Stripe Checkout and webhook events
• Generated PDF/report artifacts, not the original palm photo

Funnel analytics are used to understand landing, quiz, upload, preview, paywall, checkout, payment, email, download, and deletion behavior. Analytics sanitizers remove sensitive fields such as email, image data, tokens, receipts, transactions, photo metadata, checkout identifiers, payment intents, secrets, and JWT-like values.

The report experience includes a delete control. Deletion makes the private report link unusable, marks report metadata deleted, and removes generated PDF artifacts from report storage where applicable. The original palm photo is not retained as a separate source image to delete.