Privacy Policy

Last updated: 30/12/2024

Introduction

A Thousand and One Tales is committed to protecting the privacy of our users. This privacy policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

Data Controller

A Thousand and One Tales
Email: guillaume.bassot.guerra@gmail.com

Data Collected

We collect the following data:

  • Email address (for account creation and communication)
  • Username (to personalize your experience)
  • Story history (to save your creations)
  • Payment data (processed by Stripe, we do not store your banking information)
  • Connection data (IP address, browser, for security)

Purpose of Processing

Your data is used to:

  • Create and manage your user account
  • Provide the story generation service
  • Process your payments
  • Send transactional emails (account confirmation, orders)
  • Improve our service and ensure its security

Legal Basis

Processing of your data is based on: contract execution (service provision), your consent (account creation), our legitimate interests (security, service improvement), and our legal obligations (billing).

Data Retention

Your data is kept for the duration of your account. Upon account deletion, your personal data is anonymized or deleted within 30 days, except for data required for legal compliance (invoices kept for 10 years).

Data Recipients

Your data may be shared with:

  • Stripe (payment processing)
  • Anthropic/OpenAI (story generation via API)
  • OVH (hosting)

Your Rights

Under the GDPR, you have the following rights:

  • Right of access: obtain a copy of your data
  • Right of rectification: correct inaccurate data
  • Right to erasure: request deletion of your data
  • Right to portability: receive your data in a structured format
  • Right to restriction: restrict processing of your data
  • Right to object: object to processing of your data

To exercise these rights, contact us at guillaume.bassot.guerra@gmail.com or use the features available in your account (export, deletion).

Security

We implement appropriate technical and organizational measures to protect your data: encrypted communications (HTTPS), secure authentication, restricted data access.

Protection of Minors

Our service is intended for children under the supervision of their parents or legal guardians. Accounts must be created by an adult. We do not knowingly collect personal data directly from children under 16 without parental consent.

Cookies

Our website uses only strictly necessary cookies for the service to function (user session). These cookies do not require your prior consent.

Changes

We may modify this privacy policy at any time. Changes take effect upon publication on the website. We will notify you by email of significant changes.

Contact

For any questions about this policy or your personal data, contact us at: guillaume.bassot.guerra@gmail.com

Complaint

If you believe that the processing of your data does not comply with regulations, you may file a complaint with the CNIL (French Data Protection Authority).

Back to home