Privacy Policy — Data, Cookies & Rights

Introduction

Mythology Stories is an interactive platform for mythology, legends, and modern fantasy worlds. We provide knowledge-base browsing, AI Q&A, character chat, creative tools, account management, subscriptions, and credits purchases. This Privacy Policy explains what personal information we collect when you access or use Mythology Stories, how we use and share it, how long we keep it, and how you can manage your privacy choices.

This Privacy Policy applies to the Mythology Stories website, account features, paid features, AI features, email communications, customer support, and related pages and APIs. By using Mythology Stories, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

Depending on the features you use, we collect the following categories of information:

Account and identity information: name or display name, email address, avatar, sign-in method, authentication provider, account status, account role, language preference, session information, security verification records, and account settings.
Login and third-party authentication information: when you use Google or another enabled third-party sign-in method, we receive basic account information from that provider, such as email address, name, avatar, and provider user ID. We do not receive your third-party account password.
Payment and subscription information: subscription plan, checkout status, purchase amount, currency, Stripe customer ID, Stripe subscription ID, invoice ID, payment ID, refund records, credits packages, and credits grant and consumption records. Full card numbers and security codes are processed by Stripe and are not stored by us.
AI and creative content: prompts, chat messages, selected characters, session participants, assistant replies, generated images, oracle cards, tool-call records, citation data, source attribution, token usage, model used, credits consumed, and necessary session metadata.
Content safety and moderation information: moderation results, safety labels, provider block reasons, image safety attributes, abuse reports, enforcement actions, related account identifiers, IP addresses, request IDs, asset IDs, and limited content metadata needed to detect, prevent, investigate, and address policy violations or abuse.
Page context information: when you start an AI chat or admin action from a specific page, we may save the current page path, entity type, entity ID, and selected field path so the AI can understand the object being discussed or edited.
Knowledge-base and product usage information: product events you trigger, plus page paths, referrers, and related event parameters recorded after analytics or advertising cookie consent.
Login, security, and log information: login session identifiers, session expiration, IP address, user agent, security verification records, request logs, error logs, and technical records needed to debug issues and protect the service.
Analytics and conversion events: with your consent for analytics or advertising cookies, we may record page path, referrer, campaign parameters, event ID, session ID, and events such as registration, login, checkout start, successful purchase, subscription changes, credits purchases, and AI feature usage. Our own analytics event table does not separately store parsed device type, browser name, or operating system; third-party analytics or advertising services may process device and browser information through their own technologies.
Cookies and similar technologies: essential cookies, local storage, pixels, tags, and similar technologies; with your consent, we also use analytics and advertising cookies. See our Cookie Policy for details.
Support and communications information: emails, questions, feedback, unsubscribe choices, notification preferences, and operational records needed to handle your requests.

We do not require you to submit sensitive personal information, such as government ID numbers, financial account passwords, precise health information, religious beliefs, political opinions, or children's information. Please do not submit unnecessary sensitive information in prompts, chat messages, uploads, or support requests.

How We Use Information

We use personal information to:

Create, maintain, protect, and administer your account.
Provide mythology knowledge-base browsing, AI Q&A, character chat, creative tools, image generation, conversation history, and citation display.
Process subscriptions, credits purchases, trials, promotions, refunds, invoices, accounting reconciliation, and tax or accounting records.
Calculate, grant, deduct, and display credits balances and usage records.
Send transactional emails, security notices, verification emails, password reset emails, service announcements, product updates, and marketing messages where permitted and consistent with your choices.
Measure product performance, debug errors, improve features, and optimize reading, retrieval, conversation, and creation experiences for mythology and modern fantasy worlds.
Record registration, checkout start, subscription purchase, credits package purchase, lifetime plan purchase, and other key conversion events.
Prevent fraud, abuse, spam, unauthorized access, and violations of our Terms of Service.
Review prompts, uploaded reference images, generated images, galleries, sharing links, and related metadata to detect, prevent, and investigate policy violations, abuse, fraud, chargebacks, payment network risk, and Terms of Service violations.
Comply with legal, tax, accounting, compliance, dispute-resolution, and rights-protection obligations.

AI Feature Processing

When you use AI Q&A, character chat, creative tools, image generation, or oracle card features, your prompts, chat content, selected character, current page context, retrieved knowledge-base excerpts, and generated outputs may be sent to our configured AI model providers so they can generate replies, images, citations, or other outputs.

When you use image generation or upload reference images, prompts, images, generated results, safety attributes, and related metadata may be processed by our configured AI model providers and content moderation providers. We use this processing to generate requested outputs, enforce content safety rules, prevent abuse, debug errors, and retain policy enforcement evidence.

We save AI session records so we can display conversation history, continue the same session, show citations, calculate token and credits usage, and generate a session title where needed. The system may also save compressed AI profile memory summaries to support continuity in later conversations; you can manage memory features in your account settings.

We send AI model providers the information reasonably needed to process your request, support service security, and meet applicable legal requirements. Please do not include personal information, trade secrets, passwords, payment credentials, or other sensitive content that you do not want processed in AI inputs. AI-generated content may be inaccurate; you are responsible for deciding whether it is appropriate to save, share, or rely on for a particular use.

We do not use your prompts, chat content, generated outputs, or memory summaries to train AI models. AI features are powered by third-party model providers (such as Anthropic and Google); we call their APIs to generate responses. How those providers handle your inputs is governed by their own terms and data-processing policies, which you should review for the specific commitments they make.

Cookies, Analytics, and Advertising Attribution

We use essential cookies and local storage to support login, language settings, security, fraud prevention, checkout, consent preferences, and core service operation. Essential cookies cannot be disabled through the cookie banner.

With your consent, we may use Google Analytics 4, Google Ads, Google tag (gtag), Google Tag Manager, PostHog, Vercel Analytics, Speed Insights, and similar analytics or advertising tools to measure traffic, understand feature usage, debug errors, measure campaigns, attribute conversions, optimize ads, and support remarketing.

We use Google Consent Mode. Optional analytics storage and advertising storage are denied by default until you make a choice. You can change your choices at any time through the Cookie Settings link in the footer.

To improve payment and conversion measurement accuracy, certain purchase or subscription events may be recorded server-side through Stripe webhook events, such as paid subscriptions, credits package purchases, or lifetime plan purchases. These events may include transaction ID, amount, currency, plan ID, user ID, and payment status. They are used for internal reporting and may be sent to Google Analytics through the GA4 Measurement Protocol when configured.

We do not sell your personal information. If a future business arrangement may constitute a "sale" or "share" of personal information under applicable privacy law, we will update this Privacy Policy before implementing it and provide any notice, consent, or opt-out mechanism required by law. If applicable privacy laws treat disclosure of online identifiers, device information, or usage events to advertising or analytics partners for cross-context behavioral advertising, ad attribution, or remarketing as a "share" of personal information, you can limit that sharing by rejecting or withdrawing consent for advertising cookies.

Legal Bases

Depending on your location, including where EU, UK, or similar privacy laws apply, we may process personal information based on one or more of the following legal bases:

Contract: to create your account, provide the service, process subscriptions and credits, and respond to requests you initiate.
Consent: for optional analytics cookies, advertising cookies, certain marketing communications, and tracking technologies that require consent.
Legitimate interests: to maintain service security, prevent abuse, improve the product, perform aggregate analytics, debug errors, and protect our rights, provided those interests are not overridden by your privacy rights and interests.
Legal obligations: for tax, accounting, compliance, lawful requests, dispute resolution, and legally required records.

We may share personal information where reasonably needed to provide, maintain, improve, and protect Mythology Stories, where permitted by applicable law, or as otherwise described in this Privacy Policy. Recipients may include:

Payment processors, such as Stripe, for checkout, subscriptions, invoices, refunds, and fraud prevention.
Authentication and login-related services, including Google sign-in, email sign-in, and account security services.
Hosting, database, and infrastructure providers, for running the website, APIs, databases, logs, job queues, and content delivery.
Email providers, such as Resend or SMTP providers, for verification, password reset, transactional, and service emails.
Object storage providers, such as S3 or Cloudflare R2-compatible storage, for avatars, uploads, generated images, and other static assets.
AI model providers, such as Anthropic, Google, or configured compatible model providers, for text generation, Q&A, character chat, retrieval-augmented responses, and image generation.
Content safety and moderation providers, including AI model providers, image moderation providers, cloud safety services, and abuse prevention services, for prompt review, image review, safety filtering, abuse prevention, and policy enforcement.
Analytics, advertising, and monitoring providers, such as Google, PostHog, Vercel Analytics, Speed Insights, and similar tools, for statistics, attribution, debugging, and performance monitoring within the scope of your consent.
Notification, collaboration, and operations tools, such as Discord notifications or similar internal operations tools.
Professional advisors and service providers, such as legal, accounting, security, audit, and compliance advisors.

We may also disclose information when required by law, to respond to lawful requests, enforce our Terms of Service, protect users or the public, address fraud or security incidents, or in connection with a merger, acquisition, financing, reorganization, bankruptcy, asset sale, or similar transaction.

International Transfers

Mythology Stories and our service providers may process, store, or access personal information outside your country or region. Data protection laws in those locations may differ from those where you live. Where required by applicable law, we use contractual terms, data processing agreements, provider compliance mechanisms, and other appropriate safeguards to protect personal information transferred internationally.

Retention

We determine retention periods based on the purposes described in this Privacy Policy, the category of information, account status, legal obligations, security needs, billing and accounting needs, and dispute-resolution needs. We retain personal information for the period reasonably needed to fulfill those purposes or protect legitimate rights and interests.

Account information is generally kept while your account exists and for a limited period after deletion as needed for security, backup, compliance, or dispute resolution.
Payment, invoice, refund, subscription, and credits records are kept as needed for tax, accounting, anti-fraud, and dispute-resolution purposes.
AI conversations, prompts, generated content, citations, page context, and conversation memory summaries are kept as needed for product functionality, user settings, security audit, and service improvement.
Logs, analytics events, and error records may be kept in raw, aggregated, or pseudonymized form for security, debugging, product, and business reporting.

When we reasonably determine that personal information no longer needs to be retained, we delete it, anonymize it, or otherwise reasonably limit its use unless legal, compliance, security, billing, backup, or dispute-resolution needs require continued retention.

Your Choices and Rights

Depending on the laws that apply in your location, you may have one or more of the following rights:

Access personal information we hold about you.
Correct inaccurate or incomplete personal information.
Delete personal information.
Export or transfer personal information.
Restrict or object to certain processing activities.
Withdraw consent-based processing, such as optional cookies or marketing emails.
Opt out of the sale or sharing of personal information where those terms are defined by applicable law.
Complain to your local privacy regulator about our processing.

You can update editable account information in your account settings, manage optional cookies through the Cookie Settings link in the footer, accept or reject marketing emails, or contact us at support@mythologystories.net to make a privacy request. To protect account security, we may need to verify your identity before processing a request.

Some information may not be deleted immediately where it is needed for security, fraud prevention, legal, tax, accounting, billing, backup, or dispute-resolution reasons.

Security

We use reasonable technical and organizational measures to protect personal information, including access controls, authentication, logging, service provider management, and security configuration. No online service can guarantee absolute security. You should use a secure password, protect your login credentials, and contact us promptly if you notice unusual account activity.

Children

Mythology Stories is not directed to children under 13, or the higher minimum age required in your jurisdiction. We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

Third-Party Links

Mythology Stories may contain links to third-party websites, services, payment pages, social platforms, or external content. This Privacy Policy does not apply to those third parties. Please review their privacy policies before using third-party services.

Changes

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new date at the top. If changes materially affect your rights or how we process personal information, we will provide notice where appropriate through the website, email, or another reasonable method.

Contact

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal information, contact us at:

Email: support@mythologystories.net

Introduction

Information We Collect

Depending on the features you use, we collect the following categories of information:

Account and identity information: name or display name, email address, avatar, sign-in method, authentication provider, account status, account role, language preference, session information, security verification records, and account settings.
Login and third-party authentication information: when you use Google or another enabled third-party sign-in method, we receive basic account information from that provider, such as email address, name, avatar, and provider user ID. We do not receive your third-party account password.
Payment and subscription information: subscription plan, checkout status, purchase amount, currency, Stripe customer ID, Stripe subscription ID, invoice ID, payment ID, refund records, credits packages, and credits grant and consumption records. Full card numbers and security codes are processed by Stripe and are not stored by us.
AI and creative content: prompts, chat messages, selected characters, session participants, assistant replies, generated images, oracle cards, tool-call records, citation data, source attribution, token usage, model used, credits consumed, and necessary session metadata.
Content safety and moderation information: moderation results, safety labels, provider block reasons, image safety attributes, abuse reports, enforcement actions, related account identifiers, IP addresses, request IDs, asset IDs, and limited content metadata needed to detect, prevent, investigate, and address policy violations or abuse.
Page context information: when you start an AI chat or admin action from a specific page, we may save the current page path, entity type, entity ID, and selected field path so the AI can understand the object being discussed or edited.
Knowledge-base and product usage information: product events you trigger, plus page paths, referrers, and related event parameters recorded after analytics or advertising cookie consent.
Login, security, and log information: login session identifiers, session expiration, IP address, user agent, security verification records, request logs, error logs, and technical records needed to debug issues and protect the service.
Analytics and conversion events: with your consent for analytics or advertising cookies, we may record page path, referrer, campaign parameters, event ID, session ID, and events such as registration, login, checkout start, successful purchase, subscription changes, credits purchases, and AI feature usage. Our own analytics event table does not separately store parsed device type, browser name, or operating system; third-party analytics or advertising services may process device and browser information through their own technologies.
Cookies and similar technologies: essential cookies, local storage, pixels, tags, and similar technologies; with your consent, we also use analytics and advertising cookies. See our Cookie Policy for details.
Support and communications information: emails, questions, feedback, unsubscribe choices, notification preferences, and operational records needed to handle your requests.

How We Use Information

We use personal information to:

Create, maintain, protect, and administer your account.
Provide mythology knowledge-base browsing, AI Q&A, character chat, creative tools, image generation, conversation history, and citation display.
Process subscriptions, credits purchases, trials, promotions, refunds, invoices, accounting reconciliation, and tax or accounting records.
Calculate, grant, deduct, and display credits balances and usage records.
Send transactional emails, security notices, verification emails, password reset emails, service announcements, product updates, and marketing messages where permitted and consistent with your choices.
Measure product performance, debug errors, improve features, and optimize reading, retrieval, conversation, and creation experiences for mythology and modern fantasy worlds.
Record registration, checkout start, subscription purchase, credits package purchase, lifetime plan purchase, and other key conversion events.
Prevent fraud, abuse, spam, unauthorized access, and violations of our Terms of Service.
Review prompts, uploaded reference images, generated images, galleries, sharing links, and related metadata to detect, prevent, and investigate policy violations, abuse, fraud, chargebacks, payment network risk, and Terms of Service violations.
Comply with legal, tax, accounting, compliance, dispute-resolution, and rights-protection obligations.

AI Feature Processing

Cookies, Analytics, and Advertising Attribution

Legal Bases

Depending on your location, including where EU, UK, or similar privacy laws apply, we may process personal information based on one or more of the following legal bases:

Contract: to create your account, provide the service, process subscriptions and credits, and respond to requests you initiate.
Consent: for optional analytics cookies, advertising cookies, certain marketing communications, and tracking technologies that require consent.
Legitimate interests: to maintain service security, prevent abuse, improve the product, perform aggregate analytics, debug errors, and protect our rights, provided those interests are not overridden by your privacy rights and interests.
Legal obligations: for tax, accounting, compliance, lawful requests, dispute resolution, and legally required records.

Payment processors, such as Stripe, for checkout, subscriptions, invoices, refunds, and fraud prevention.
Authentication and login-related services, including Google sign-in, email sign-in, and account security services.
Hosting, database, and infrastructure providers, for running the website, APIs, databases, logs, job queues, and content delivery.
Email providers, such as Resend or SMTP providers, for verification, password reset, transactional, and service emails.
Object storage providers, such as S3 or Cloudflare R2-compatible storage, for avatars, uploads, generated images, and other static assets.
AI model providers, such as Anthropic, Google, or configured compatible model providers, for text generation, Q&A, character chat, retrieval-augmented responses, and image generation.
Content safety and moderation providers, including AI model providers, image moderation providers, cloud safety services, and abuse prevention services, for prompt review, image review, safety filtering, abuse prevention, and policy enforcement.
Analytics, advertising, and monitoring providers, such as Google, PostHog, Vercel Analytics, Speed Insights, and similar tools, for statistics, attribution, debugging, and performance monitoring within the scope of your consent.
Notification, collaboration, and operations tools, such as Discord notifications or similar internal operations tools.
Professional advisors and service providers, such as legal, accounting, security, audit, and compliance advisors.

International Transfers

Retention

Account information is generally kept while your account exists and for a limited period after deletion as needed for security, backup, compliance, or dispute resolution.
Payment, invoice, refund, subscription, and credits records are kept as needed for tax, accounting, anti-fraud, and dispute-resolution purposes.
AI conversations, prompts, generated content, citations, page context, and conversation memory summaries are kept as needed for product functionality, user settings, security audit, and service improvement.
Logs, analytics events, and error records may be kept in raw, aggregated, or pseudonymized form for security, debugging, product, and business reporting.

Your Choices and Rights

Depending on the laws that apply in your location, you may have one or more of the following rights:

Access personal information we hold about you.
Correct inaccurate or incomplete personal information.
Delete personal information.
Export or transfer personal information.
Restrict or object to certain processing activities.
Withdraw consent-based processing, such as optional cookies or marketing emails.
Opt out of the sale or sharing of personal information where those terms are defined by applicable law.
Complain to your local privacy regulator about our processing.

Some information may not be deleted immediately where it is needed for security, fraud prevention, legal, tax, accounting, billing, backup, or dispute-resolution reasons.

Security

Children

Third-Party Links

Changes

Contact

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal information, contact us at:

Email: support@mythologystories.net

Introduction

Information We Collect

How We Use Information

AI Feature Processing

Cookies, Analytics, and Advertising Attribution

Legal Bases

Sharing Information

International Transfers

Retention

Your Choices and Rights

Security

Children

Third-Party Links

Changes

Contact

Introduction

Information We Collect

How We Use Information

AI Feature Processing

Cookies, Analytics, and Advertising Attribution

Legal Bases

Sharing Information

International Transfers

Retention

Your Choices and Rights

Security

Children

Third-Party Links

Changes

Contact