Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

Oleg Stefanov
Independent Content Creator
Jl. Nusa Indah - Mas No. 19
Bali, Indonesia
Email: olegstefanoyv1@gmail.com

2. Personal Data We Collect

We collect the following categories of personal data:

• Account data: When you sign in with Google OAuth 2.0, we receive your name, email address, Google ID, and profile picture. Guest accounts are created with a randomly generated identifier and do not collect personal data.
• User-generated content: Fanfiction stories, characters, and other creative content you create on the platform.
• Payment data: When you purchase chapter packages, payment is processed by third-party providers (YooKassa for RUB payments, LemonSqueezy for USD/EUR payments). We receive transaction confirmations but do not store your full payment card details.
• Usage data: We collect anonymized analytics data through Plausible Analytics (cookieless), Google Tag Manager, and Yandex Metrika to understand how our platform is used.
• Technical data: IP address, browser type, device information, and access timestamps collected automatically when you visit our site.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide our services, including account creation, content generation, and payment processing.
• Legitimate interests (Art. 6(1)(f)): Analytics and platform improvement, fraud prevention, and security. Our legitimate interest is balanced against your rights and does not override your fundamental freedoms.
• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for optional marketing communications. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Processing necessary to comply with applicable legal requirements, such as tax and accounting obligations.

4. How We Use Your Data

• To create and manage your account
• To generate fanfiction content using AI (via OpenRouter API with Google Gemini models)
• To process payments for chapter packages
• To publish your fanfiction anonymously in the public catalog (if you enable publication)
• To improve our platform and user experience through analytics
• To communicate with you about your account or purchases
• To prevent fraud and ensure platform security
• To comply with legal obligations

5. Third-Party Services

We share data with the following third-party services to operate our platform:

• Google OAuth 2.0: Authentication provider. When you sign in with Google, your authentication data is processed by Google LLC. Google Privacy Policy
• OpenRouter API (Google Gemini models): AI content generation. Your story prompts and character descriptions are sent to OpenRouter for processing. Content is not used to train AI models. OpenRouter Privacy Policy
• Plausible Analytics: Cookieless, privacy-friendly web analytics. No personal data is collected. Plausible Data Policy
• Google Tag Manager: Tag management for analytics. Google Privacy Policy
• Yandex Metrika: Web analytics service. Yandex Privacy Policy
• YooKassa: Payment processing for RUB transactions. YooKassa Privacy Policy
• LemonSqueezy: Payment processing for USD/EUR transactions. LemonSqueezy Privacy Policy

6. Data Storage and Retention

• Your data is stored in PostgreSQL databases on secure servers.
• Account data is retained for as long as your account is active.
• User-generated content (fanfiction, characters) is retained until you delete it or request account deletion.
• Published fanfiction remains in the public catalog in anonymized form even after account deletion, unless you specifically request its removal.
• Payment records are retained for the period required by applicable tax and accounting laws (typically 5-7 years).
• Analytics data is collected in anonymized/aggregated form and does not contain personally identifiable information.
• When you request deletion of your account, your personal data will be erased within 30 days, except where retention is required by law.

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten").
• Right to restriction (Art. 18): You can request that we restrict the processing of your personal data.
• Right to data portability (Art. 20): You can request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): You can object to the processing of your personal data based on legitimate interests.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you can withdraw your consent at any time.

8. How to Exercise Your Rights

To exercise any of your rights, please contact us at olegstefanoyv1@gmail.com. We will respond to your request within 30 days.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

9. Cookies and Tracking Technologies

Our use of cookies and tracking technologies is minimal:

• Essential cookies: JWT authentication tokens stored in your browser to keep you signed in. These are strictly necessary for the platform to function.
• Plausible Analytics: Does not use cookies. Collects anonymized usage statistics only.
• Google Tag Manager: May set cookies for analytics purposes. You can manage these through your browser settings.
• Yandex Metrika: May set cookies to analyze website usage. You can opt out through your browser settings or Yandex opt-out tools.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including but not limited to the United States (Google services, OpenRouter) and Russia (Yandex Metrika, YooKassa).

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including reliance on the service providers' data protection measures and, where applicable, Standard Contractual Clauses.

11. Children's Privacy

Our platform is not intended for children under the age of 16 in the European Union or under the age of 13 in other jurisdictions. We do not knowingly collect personal data from children under these ages.

If we become aware that we have collected personal data from a child below the applicable age, we will take steps to delete that data as soon as possible. If you believe a child has provided us with personal data, please contact us at olegstefanoyv1@gmail.com.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS), secure authentication (OAuth 2.0 + JWT), and access controls on our databases.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on this page with a new "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

Oleg Stefanov
Email: olegstefanoyv1@gmail.com