Welcome to StoryWiggle ("we", "our", or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

StoryWiggle is operated by an Australian entity and complies with the Australian Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area.

By using StoryWiggle, you agree to the collection and use of information in accordance with this Privacy Policy.

2.1 Personal Information You Provide

We collect information that you voluntarily provide when using our services:

• Account Information: Email address, username, password (encrypted), and profile details
• Payment Information: Processed securely through Stripe (we do not store complete credit card details)
• User-Generated Content: Stories, books, games, characters, and other creative content you create
• Communications: Messages, feedback, and support requests you send to us

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, device identifiers, and IP address
• Cookies and Tracking: Session cookies, authentication tokens, and analytics data
• Performance Data: Error logs, crash reports, and application performance metrics

2.3 Information from Third Parties

• Authentication Providers: If you sign in with third-party services
• Payment Processors: Transaction confirmations and payment status from Stripe

3.1 AI Service Providers

StoryWiggle uses third-party AI services to generate content:

• OpenAI (ChatGPT): For generating story text, narratives, and educational content
• Google Gemini: For generating images and illustrations for stories and games

3.2 How Your Content is Processed

When you create content using our AI features:

• Your prompts and inputs are sent to third-party AI services for processing
• These services process your data according to their own privacy policies
• Generated content is returned to StoryWiggle and stored in our secure database
• We do not share your personal information with AI providers beyond what's necessary for content generation

3.3 Content Ownership and Copyright

3.4 Data Retention by AI Providers

AI service providers may retain data as follows:

• OpenAI: May retain API inputs for up to 30 days for abuse monitoring, then deleted (subject to their policy)
• Google Gemini: Processes data according to Google's AI services terms
• We recommend reviewing each provider's privacy policy for complete information

We use collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve StoryWiggle's features
• Content Generation: To process your requests through AI services and deliver generated content
• Account Management: To manage your account, authentication, and preferences
• Payment Processing: To process subscriptions and payments securely
• Communications: To send service updates, notifications, and respond to inquiries
• Improvement and Analytics: To understand usage patterns and improve our services
• Security: To protect against fraud, abuse, and security threats
• Legal Compliance: To comply with legal obligations and enforce our terms

5.1 Where We Store Data

• Primary data storage: Supabase (cloud infrastructure with encryption)
• Image storage: Supabase Storage with secure access controls
• Data may be stored in servers located outside Australia (including USA and Europe)

5.2 Security Measures

We implement industry-standard security measures:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Password hashing using bcrypt or similar algorithms
• Regular security audits and updates
• Access controls and authentication mechanisms
• Secure API key management

5.3 Data Retention

• Active account data: Retained while your account is active
• Deleted account data: Permanently deleted within 30 days of account closure
• Backups: May be retained for up to 90 days for disaster recovery
• Legal requirements: Some data may be retained longer if required by law

6.1 Service Providers We Use

• Supabase: Database and authentication services
• OpenAI: AI text generation (ChatGPT API)
• Google Gemini: AI image generation
• Stripe: Payment processing (PCI-DSS compliant)

6.2 When We Share Your Information

We may share your information in limited circumstances:

• With Service Providers: To perform services on our behalf (under strict confidentiality agreements)
• For Legal Reasons: When required by law, court order, or government request
• Business Transfers: In connection with merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize sharing
• Public Content: Content you choose to share publicly (shared books/games)

6.3 We Do Not

• Sell your personal information to third parties
• Share your data for third-party marketing purposes
• Use your creative content for training our own AI models without permission

7.1 Rights Under Australian Privacy Law

You have the right to:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Opt-Out: Unsubscribe from marketing communications
• Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

7.2 Additional Rights for GDPR Users

If you're in the EEA, you also have rights to:

• Data Portability: Receive your data in a machine-readable format
• Restriction: Restrict processing of your data
• Objection: Object to certain types of processing
• Withdrawal: Withdraw consent at any time
• Supervisory Authority: Lodge a complaint with your local data protection authority

7.3 How to Exercise Your Rights

StoryWiggle is designed for use by children under parental supervision. We take children's privacy seriously and comply with applicable child privacy laws, including the Children's Online Privacy Protection Act (COPPA) where applicable.

• We do not knowingly collect personal information from children under 13 without parental consent
• Parents/guardians should create and manage accounts for children under 13
• We recommend parents review content created by and shared with children
• Parents can request access to, correction of, or deletion of their child's information
• If we learn we have collected information from a child under 13 without consent, we will delete it promptly

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics: Understand how you use our services (aggregated and anonymized)

You can control cookies through your browser settings, but disabling essential cookies may limit functionality.

Your information may be transferred to and processed in countries other than Australia, including the United States and European Union, where our service providers operate. These countries may have different data protection laws than Australia.

We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant authorities
• Ensuring service providers comply with EU-U.S. Data Privacy Framework or similar mechanisms
• Conducting due diligence on international service providers

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice in the app

Your continued use of StoryWiggle after changes become effective constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Complaints and Regulatory Bodies