Privacy Policy

Last updated: May 8, 2026

MagicalStory (“we”, “us”) respects your privacy. This policy explains what we collect, why, and how you can control it.

1. Information we collect

• Account data: email address, hashed password, display name.
• Story content: the prompts, hero names, photos, and generated stories you create.
• Billing data: handled by Stripe; we store only the customer ID and subscription status.
• Technical data: minimal logs (timestamp, IP truncation, user agent) for security and debugging.

2. How we use your data

• To provide the service (generate stories, store your library).
• To process payments via Stripe.
• To prevent abuse and comply with the law.

We do not sell your personal data. We do not use your uploaded photos or story content to train AI models.

3. Children’s privacy (COPPA / GDPR-K)

MagicalStory is designed for parents and guardians to create stories for children. Accounts must be held by someone 18 or older. We do not knowingly collect personal data directly from children under 13.

4. Data sharing

We share data only with these processors:

• Supabase — hosting, auth, database, storage.
• OpenAI — text and image generation (content sent per request, not retained for training).
• Stripe — payment processing.
• Netlify — static hosting.

5. Your rights

Under GDPR, CCPA, and similar laws you have the right to access, correct, export, and delete your data. You can exercise these rights from your dashboard or by opening a ticket on the Support page.

6. Retention

We keep your data while your account is active. On deletion, content is removed within 30 days (minus minimal billing records required by law).

7. Security

Data is encrypted in transit (TLS) and at rest. Access is controlled by Supabase Row Level Security policies tied to your authenticated user ID.

8. International transfers

Our processors may store data in the US and EU. We rely on Standard Contractual Clauses where required.

9. Changes

We’ll post updates on this page and update the “Last updated” date. Material changes will be emailed to account holders.

10. Contact

Questions? Open a ticket on the Support page or email privacy@magicalstory.app.