Privacy Policy

Story inputs such as age band, CEFR level, hero name, place, theme, genre, selected words and interface language.

Account and authentication information when sign-in is enabled through Supabase.

Technical information such as hashed IP address, quota usage, timestamps, moderation status, model name and prompt version for safety, abuse prevention and debugging.

Children should not enter full names, addresses, phone numbers, school numbers, exact school names or contact details into story fields.

If the product is used by children under the applicable digital-consent age, a parent, guardian or school should manage consent and supervision.

To generate CEFR-aligned reading material, vocabulary and comprehension questions.

To enforce safety, rate limits, quotas and content moderation.

To investigate errors, abuse reports and protected-character/franchise attempts.

Stories and related logs should be retained only as long as needed for the educational account, safety records, legal obligations and service operation.

Before production launch, add a clear user-facing deletion request channel and document the retention period for each data category.

This template is not legal advice. Before launch, have a privacy lawyer review the policy for KVKK, GDPR/UK GDPR, COPPA or any other jurisdictions where the product will be offered.