Privacy Policy

How we collect, use, and protect your data

Contact

Contents

Quick Links

Export My DataDelete AccountPrivacy Rights

Last Updated: May 12, 2026

By using Spicy Little Stories, you agree to this Privacy Policy. We take your privacy seriously and are committed to being transparent about how we handle your data.

๐Ÿ“ GDPR Compliant๐Ÿ“ CCPA Compliant๐Ÿ“ UK DPA 2018

1. Information We Collect

1.1 Information You Provide Directly

Account Registration: Email address and password (encrypted)

When You Create a Story: Story title, scenario, metadata, characters, and all narrative content

Usage Data: Cover image requests, scene generation, user choices, and feedback

1.2 Information Collected Automatically

We automatically collect usage analytics, device information, IP addresses, and cookies. This helps us improve the Service and detect abuse.

2. How We Use Your Information

We use your information to provide the Service, generate content, authenticate you, communicate with you, improve features, and prevent fraud.

All processing is based on contractual necessity, legitimate interest, or your consent (for analytics).

3. Data Sharing & Third Parties

3.1 Grok AI (xAI)

We share your story content and metadata with Grok to generate scenes and cover images. xAI retains this data for 30 days maximum.

3.2 Supabase (Infrastructure)

All your data is stored in Supabase's secure, GDPR-compliant infrastructure.

3.3 Vercel (Hosting)

Our application is hosted on Vercel's GDPR-compliant platform.

๐Ÿ’ก We Do NOT:

  • Sell your personal data
  • Share data with advertisers or marketers
  • Use data brokers

4. Your Privacy Rights

GDPR Rights (EU/UK Users)

  • Right of Access: Request a copy of your data
  • Right to Erasure: Request deletion of your account and data
  • Right to Rectification: Correct inaccurate data
  • Right to Data Portability: Export your data in machine-readable format
  • Right to Object: Opt out of analytics and processing
  • Right to Lodge a Complaint: File a complaint with your data protection authority

CCPA Rights (California Users)

  • Right to Know: What information we collect and how we use it
  • Right to Access: Get a copy of your personal information
  • Right to Delete: Request deletion of your data
  • Right to Non-Discrimination: We won't penalize you for exercising these rights

5. Data Retention

Active Account Data: Retained while your account is active

Deleted Account Data: Deleted within 30 days of deletion request

Analytics: Retained for 12 months (anonymized after 6 months)

Server Logs: Retained for 30 days

Grok Data: Automatically deleted by xAI after 30 days

6. Data Security

We implement industry-standard security measures including TLS encryption, secure password hashing, and Row-Level Security (RLS) on all user data.

โš ๏ธ Important:

No security system is 100% secure. You are responsible for keeping your password confidential. If we detect a breach, we will notify you within 72 hours.

7. Cookies and Tracking

We use essential cookies for authentication and security. Non-essential analytics cookies are optional and will require your consent.

We do not use third-party analytics (Google Analytics, etc.) and do not track you across the web.

8. AI Content Generation Disclosure

Your story content is sent to xAI's Grok API for:

  • Generating story scenes and narrative continuations
  • Generating AI cover images

Grok does not use your content to train models(per xAI's current policy). Your data is deleted after 30 days.

Contact & Questions

If you have questions about this Privacy Policy or want to exercise your privacy rights:

๐Ÿ“ง Email:

mat.gallacher@gmail.com

What to Include:

  • Your full name
  • Email address associated with your account
  • Type of request (Access, Deletion, Export, etc.)

Response Time:

Within 30 days (GDPR) or 45 days (CCPA)

Document Version: 1.0

Last Updated: May 12, 2026

Next Review: May 12, 2027

TermsยทPrivacy