[[App]] Privacy Policy
Effective Date: ____// Version: 1.0
Table of Contents
- Data Collection
- Data Sharing & Third-Party Processors
- User Rights
- Protection of Minors
- Account Deletion & Data Erasure
- Data Security
- Data Breach Notification
- Analytics & Tracking
- AI Risk Management
- Marketing Communications
- Updates to This Policy
- Applicable Law & Supervisory Authorities
- Contact Us
1. Data Collection
[[App]] collects the following categories of personal data:
| Data Category | Details | Purpose | Legal Basis (GDPR Art.6) | Retention Period |
|---|---|---|---|---|
| Account Information | Phone number / Email / Third-party login authorization | Account registration and identity verification | Performance of contract (1(b)) | Deleted within 30 days after account deletion |
| Device Information | Device ID, IP address, operating system | Application security | Legitimate interest (1(f)) | 180 days |
| AI Interaction Data | User-input text (Prompts), conversation history, story choices | Providing AI story generation services | Performance of contract (1(b)) | Deleted within 30 days after account deletion |
| Behavioral Data | Reading duration, preferred genres, bookmarks | Personalized recommendations | Consent (1(a)) | Deleted within 30 days after account deletion |
| Payment Information | Subscription status, IAP transaction records | Providing paid services | Performance of contract (1(b)) | Statutory retention period |
1.1 Special Note on AI Interaction Data
- Text input (Prompts) entered in [[App]] will be encrypted in transit and sent to third-party AI model providers for story content generation.
- [[App]] will not use your conversation data for training or fine-tuning AI models without your explicit authorization. You can enable or disable "Allow my data to be used to improve AI models" in "Account Settings → Privacy → Data Usage" (default: disabled).
2. Data Sharing & Third-Party Processors
[[App]] shares data with the following third-party data processors:
| Service Provider Category | Shared Data | Purpose | Outside EEA | Transfer Mechanism |
|---|---|---|---|---|
| AI Model Provider (e.g., [provider name]) | User Prompt text | AI story content generation | Yes | Standard Contractual Clauses (SCC) |
| Analytics Provider (e.g., [provider name]) | Behavioral data | Product optimization | Yes | Standard Contractual Clauses (SCC) |
| Cloud Infrastructure (e.g., [provider name]) | All stored data | Data storage | Yes | Standard Contractual Clauses (SCC) |
| Payment Processor (e.g., Apple/Google) | Subscription order information | Processing IAP | Yes | Standard Contractual Clauses (SCC) |
| Content Safety Provider | User Prompt text, AI-generated text | Content safety review | Varies | Standard Contractual Clauses (SCC) |
[[App]] has executed Data Processing Agreements (DPA) compliant with GDPR Article 28 with all data processors. Privacy policy links for major third-party service providers are listed in the appendix.
[[App]] does not sell your personal information.
3. User Rights
3.1 GDPR Rights (EU Users)
You have the following rights, which can be exercised by submitting a request through the contact information at the end of this policy. [[App]] will respond within 30 days:
- Right of access (Art.15): Obtain a copy of your personal data
- Right to rectification (Art.16): Correct inaccurate data
- Right to erasure / Right to be forgotten (Art.17): Request deletion of your personal data
- Right to restriction of processing (Art.18): Restrict [[App]]'s processing of your data
- Right to data portability (Art.20): Export your data in a structured format
- Right to object (Art.21): Object to processing based on legitimate interests
3.2 CCPA Rights (California Users)
You have the following rights. [[App]] will respond within 45 days (extendable to 90 days with explanation):
- Right to know (§1798.100): Learn about the categories and specific pieces of personal information collected in the past 12 months
- Right to delete (§1798.105): Request deletion of your personal information
- Right to opt-out of sale/sharing (§1798.120): Opt out of the sale or sharing of personal information
- Right to non-discrimination (§1798.125): Exercise the above rights without discriminatory treatment
Past 12-month Personal Information Sharing Disclosure (CCPA/CPRA §1798.120): [[App]] does not sell your personal information. In the past 12 months, [[App]] has shared personal information with the following categories of third parties for the purpose of providing services: AI model providers (Prompt text), analytics providers (behavioral data), cloud infrastructure providers (stored data), payment processors (subscription information). Such sharing is for the purpose of providing services and does not constitute a "sale" under the CCPA.
To submit a CCPA request: (1) Send an email to privacy@[[app-domain]]; (2) Submit through "Settings → Privacy → Submit Data Request" within the App.
4. Protection of Minors
- [[App]] is not intended for children under 13. If a user under 13 is discovered, [[App]] will immediately delete their data and deactivate their account (in compliance with COPPA).
- EU users aged 13 to 16 must provide verifiable parental consent to register (in compliance with GDPR Art.8).
- Users under 18 will automatically receive stricter content filtering protection.
- [[App]] has a dedicated "Minor Personal Information Protection Rules" available in "Settings → Help & Legal" within the App.
5. Account Deletion & Data Erasure
Deletion path: "Profile → Settings → Account & Security → Delete Account" (no more than 3 taps).
After deletion is confirmed, [[App]] will:
- Completely delete all your personal data within 30 days (including account information, AI conversation records, behavioral data)
- Send a deletion confirmation email to your registered email address
- Cancel your active subscriptions
- Anonymize data that must be retained for legal obligations (such as transaction records) rather than deleting it
Consent Records: [[App]] will record the timestamp and document version number of your initial acceptance of this agreement and privacy policy for compliance purposes. These records will be retained during the account's existence and for no more than 5 years after account deletion.
6. Data Security
[[App]] implements the following measures to protect your personal data: encryption in transit (TLS), encryption at rest, access controls, and regular security audits.
7. Data Breach Notification
- EU Users: In the event of a data breach that may affect your rights, [[App]] will notify the competent supervisory authority within 72 hours of discovery and will notify affected users as soon as practicable.
- California Users: [[App]] will comply with the breach notification requirements of California Civil Code §1798.82.
- Breach notifications will include: the nature of the breach, categories of data affected, remedial measures taken, protective actions users can take, and contact information.
8. Analytics & Tracking
[[App]] uses analytics technologies to collect behavioral data for product improvement and personalized recommendations. Specific data points collected include: reading duration, chapter completion rate, genre preference tags, bookmark and share records, and feature usage frequency.
Cookies and Similar Technologies: As a native mobile application, [[App]] does not use browser cookies. The App uses device-level anonymous random identifiers (UUID) for session association, which automatically expire when you uninstall the App.
Analytics data may be shared with third-party analytics providers (see "Section 2: Data Sharing"). You can opt out of analytics in "Account Settings → Privacy → Analytics Data." [[App]] currently does not use advertising identifiers (IDFA/GAID) for targeted advertising and does not use personal data for targeted advertising.
9. AI Risk Management
[[App]] implements risk management measures for AI systems, including content safety filtering, output quality monitoring, and regular model evaluation, in compliance with the requirements of the EU AI Act.
10. Marketing Communications
At registration, you may separately choose whether to consent to receiving marketing notifications (not bundled with the service agreement, not pre-checked). You can withdraw marketing consent at any time through "Settings → Notification Preferences" or email unsubscribe links. [[App]] will process your unsubscribe request within 48 hours.
11. Updates to This Policy
When material changes are made to this policy, [[App]] will notify you 30 days in advance through in-app notifications and your registered email. You will need to re-confirm acceptance of the new policy upon first opening the App after an update. Historical versions can be viewed in "Settings → Help & Legal → Policy History." If changes reduce your rights, you may apply to delete your account before the changes take effect.
12. Applicable Law & Supervisory Authorities
- EU Users: This policy is governed by the GDPR. The competent supervisory authority is [the data protection authority in your member state].
- California Users: This policy is governed by the CCPA/CPRA.
13. Contact Us
| Subject | Contact |
|---|---|
| Privacy inquiries and data subject requests | privacy@[[app-domain]] |
| Operator mailing address | [Company name], [Mailing address] |
| EU Representative (if applicable) | [EU representative name and contact] |
| Data Protection Officer (if applicable) | dpo@[[app-domain]] |
Appendix: Privacy Policy Links for Major Third-Party Providers
| Provider Category | Provider Name | Privacy Policy Link |
|---|---|---|
| AI Model Provider | ||
| Cloud Infrastructure | ||
| Analytics Provider | ||
| Payment Processor | Apple (App Store IAP) | https://www.apple.com/legal/privacy/ |
| Payment Processor | Google (Play Store IAP) | https://policies.google.com/privacy |
| Content Safety Provider |
To replace [[App]] with the actual product name, find and replace [[App]] with the official product name and operating entity; replace [[app-domain]] with the actual domain.