Privacy Policy

Talescape (“we”, “us”, “our”) is operated by Aureola, based in Dortmund, Germany. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform, websites, and applications (together “Talescape”).

1. Definitions

Bard – a registered creator who publishes stories or other content on Talescape.
Dreamer – a player or reader who explores and experiences stories.
Platform – all Talescape services including the website, app, and API.
Content – any text, media, or data created, uploaded, or published by users.
Account Data – information required for registration and authentication.
Personal Data – any information relating to an identified or identifiable natural person.

2. Data Controller

Aureola
Attn: Data Protection Officer
Dortmund, Germany
Email: privacy@talescape.com

3. Overview

Talescape is an interactive storytelling platform that allows users to create, share, and experience stories.
We handle all personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

Most public pages can be used without providing personal data. Certain features (e.g., creating an account, uploading content, participating in contests) require consent to this policy.

4. What Data We Collect

4.1 Account Data

Name or display name
Email address
OAuth provider ID (Google, Discord, Steam, Twitch)
Profile picture or avatar (optional)
Preferred language and user settings

We do not store passwords when you use social logins.

4.2 Content Data

Bards: stories, chapters, dialogues, images, audio, and settings.
Dreamers: playthrough progress, achievements, reviews, and savegames.

4.3 Technical Data

IP address and approximate location (for security)
Browser and device type
Access timestamps and API requests
Session tokens (Laravel Sanctum)
Application error and crash logs

We do not use external analytics (e.g., Google Analytics).
Only minimal technical logs are stored for security and debugging.

4.4 Payment Data

Payment processing is handled by Apple, Google, Steam, or third-party processors.
We never store credit card details.
We receive only transaction metadata (amount, currency, status, ID).

5. Legal Basis for Processing

Art. 6 (1)(b) GDPR – to fulfill our contractual obligations (e.g., account creation, purchases).
Art. 6 (1)(a) GDPR – for specific consent (e.g., newsletter).
Art. 6 (1)(f) GDPR – for legitimate interests such as platform security and quality assurance.

You may withdraw consent at any time.

6. How We Use the Data

We process your data to:

Provide access to your account and stories
Display and host user-generated content
Handle purchases, saves, and reviews
Moderate and validate stories under our Content Guidelines
Communicate important updates, legal notices, or contest information
Improve performance and security

We never sell personal data or use it for behavioral advertising.

7. Automated Checks and Moderation

Talescape uses automated systems to ensure quality and community safety.
These systems may analyze uploaded text or images for:

Policy violations (e.g., explicit or illegal content)
Story structure and completeness (editor checks)
Technical or metadata errors

Automated checks do not make legal or employment-related decisions.
Their sole purpose is content validation and moderation assistance.

8. External APIs and Moderation Services

To maintain safety and compliance, Talescape may transmit limited data to external moderation APIs (for example, OpenAI Moderation API or comparable providers).
Only the relevant text or image data is processed, no personally identifying information is shared.
Data sent to these APIs is used exclusively for automated moderation and not for model training or external analytics.

All third-party services used for moderation or AI processing comply with GDPR or equivalent data protection standards.

9. Embedded Content (YouTube)

Our website and documentation may embed YouTube videos (tutorials, trailers).
When you view an embedded video:

A connection is made to YouTube LLC / Google Ireland Limited.
Your IP address and technical data may be transmitted.
Cookies or identifiers may be placed by YouTube.

We use privacy-enhanced mode (youtube-nocookie.com) whenever possible.
By playing the video, you agree to YouTube’s Privacy Policy.
Talescape does not collect additional data from video views.

10. Contests and Community Programs

If you participate in official Talescape contests or events, we may process:

Your name or display name
Contact email
Submitted story or media
Prize payment details (if applicable)

This processing is based on Art. 6 (1)(b) (contract performance) and Art. 6 (1)(a) (consent).
We use your contact information only for contest administration, prize distribution, and related communication.

11. Newsletter and Communications

If you subscribe to the Talescape newsletter, we collect and store your email address solely for sending updates about new features, contests, and announcements.
You can unsubscribe at any time via the link in each email.
Newsletter data is never shared with third parties.

12. Story Preservation (Final Decree)

To ensure long-term accessibility of creative works, Talescape may archive published stories under its Final Decree preservation program.
Archived stories are stored securely and may remain accessible for cultural or historical purposes, even after a user account is deleted.
No personal data beyond what is necessary for attribution (e.g., author name) is retained.

13. Data Sharing

We only share data where necessary to provide the service:

OAuth providers – login authentication
Payment processors – billing and payout processing
Cloud storage providers – secure hosting of media files
Moderation services – automated text/image evaluation
Legal authorities – only if required by law

All partners operate under GDPR-compliant data processing agreements.

14. Data Storage and Retention

Servers and backups are hosted within the European Union.
Personal data is retained only as long as required for service or legal compliance.
When you delete your account, all personal data and content are removed except legally required records (e.g., transactions).

15. Cookies and Local Storage

We use only essential cookies and browser storage:

Authentication and session tokens
CSRF protection
Language and theme preferences

No tracking or advertising cookies are used.

16. Security

HTTPS/TLS encryption for all communication
UUID identifiers for user and story data
Role- and policy-based access control
Token authentication (Laravel Sanctum)
Rate limiting and server-side validation
Regular software updates and backups

17. Your Rights (GDPR)

You have the right to:

Access your personal data (Art. 15)
Rectify inaccurate data (Art. 16)
Request erasure (“right to be forgotten”, Art. 17)
Restrict processing (Art. 18)
Receive your data in a portable format (Art. 20)
Object to certain processing (Art. 21)

To exercise these rights, contact privacy@talescape.com.
We may require proof of identity.

18. International Transfers

Where data leaves the EU (e.g., OAuth or moderation APIs), we ensure adequate safeguards such as Standard Contractual Clauses under Art. 46 GDPR.

19. Children’s Privacy

Talescape is intended for users aged 16 and older.
We do not knowingly process data from younger users.
If a minor’s data is identified, it will be deleted immediately upon notice.

20. Updates to This Policy

We may update this policy as our services evolve.
The latest version is always available at
https://talescape.com/legal/privacy-policy.
Changes take effect upon publication, indicated by the “Last Updated” date above.

21. Contact

Aureola / Talescape
Email: privacy@talescape.com
Website: https://talescape.com
Address: see Imprint

Talescape protects both creativity and privacy, collecting only what’s essential to bring stories to life.

October 31, 2025