FairyAI Privacy Policy

1. Who We Are

FairyAI is operated by Rebel AI Ltd, registered in Scotland, UK (Company Number: SC839626). Contact: legal@fairyai.co.uk.

2. Information We Collect

We collect:

• Account Information: Email, name, age confirmation (13+).
• Generated Content: Stories, characters, images, songs, narrations you create, including prompts and uploaded images.
• Device Information: Device type, operating system, device tokens for push notifications.
• Usage Data: Features used, content viewed, generation history, reading time, completion rates.
• Subscription Data: Transaction IDs and subscription status from App Store/Google Play (we do not receive payment card details).
• Technical Data: Temporary IP addresses for security and rate limiting (retained in server logs for 7 days).
• Uploaded Images: When using photo-to-character feature, images are processed and deleted within 24 hours.
• Analytics: We use PostHog to collect anonymous usage analytics to improve the app. This includes which features are used and general app performance. No personal data is collected or shared.

3. How We Use Your Data

We use your information to:

• Provide and personalise the App's features.
• Generate AI content based on your prompts.
• Send push notifications about content completion and app updates (with your permission).
• Manage your account, subscription, and fairy dust credits.
• Improve the App through internal analytics.
• Ensure security and prevent abuse.
• Comply with legal obligations.

Legal Basis for Processing (GDPR):
We process your data based on:

• Contract: To provide the services you've requested
• Legitimate interests: To improve our services and ensure security
• Consent: For push notifications and marketing (where applicable)

4. Local Storage

The App stores on your device:

• Authentication tokens
• User preferences (language, theme, font size)
• Draft content and wizard progress
• Cached content for offline access
• Onboarding status

This data remains on your device unless you delete the App.

5. Push Notifications

With your permission, we send notifications for:

• Content generation completion
• Subscription and account updates
• New features and app updates

You can disable notifications in your device settings at any time.

6. Sharing of Data

We share necessary data with:

• Supabase – Authentication and database services (UK/EU)
• AWS S3 – Media storage (encrypted)
• OpenAI – Story and narration generation (prompts and content)
• Replicate – Character image generation (character descriptions)
• Suno – Song generation (song prompts)
• Firebase – Push notification delivery
• PostHog – Anonymous analytics (feature usage, app performance)
• App Store / Google Play – Payment processing

We do not sell your personal data to third parties.

7. International Transfers

Your data may be processed in the UK, EU, and US by our service providers. We ensure appropriate safeguards are in place for all transfers.

8. Data Security

We use industry-standard security measures including:

• Encrypted data transmission (HTTPS)
• Secure authentication (Supabase Auth)
• Encrypted media storage (AWS S3)
• Rate limiting and security monitoring

9. Data Retention

• Active accounts: Data retained while account is active
• Deleted accounts: 30-day recovery period, then permanent deletion
• Server logs: 7 days (may contain IP addresses)
• Generated content: Deleted with account after 30-day period
• Uploaded images: Deleted within 24 hours of upload

10. Your Rights (UK GDPR)

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account and all associated data
• Export your data in a portable format
• Object to certain processing
• Complain to the UK Information Commissioner's Office (ICO)

To exercise these rights, email legal@fairyai.co.uk.

11. Your Rights (California Residents)

California residents have additional rights under CCPA including the right to opt-out of data sales. We do not sell your personal data.

12. Children's Privacy

• The App requires users to be 13 or older.
• We do not knowingly collect data from children under 13.
• If we discover a user is under 13, we will delete their account.

13. Account Deletion

• Delete your account via Settings → Privacy → Delete Account
• Immediate deactivation with 30-day recovery period
• After 30 days: permanent deletion of all data including media files
• Email legal@fairyai.co.uk within 30 days to recover a deleted account

14. Data Breach Notification

If a breach affecting your personal data occurs, we will notify affected users via email and the UK ICO within 72 hours as required by law.

15. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via the App or email.

16. Contact