October 31, 2025

Privacy Policy

Talescape (“we”, “us”, “our”) is operated by Aureola, based in Dortmund, Germany. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform, websites, and applications (together “Talescape”).

1. Definitions

  • Bard – a registered creator who publishes stories or other content on Talescape.
  • Dreamer – a player or reader who explores and experiences stories.
  • Platform – all Talescape services including the website, app, and API.
  • Content – any text, media, or data created, uploaded, or published by users.
  • Account Data – information required for registration and authentication.
  • Personal Data – any information relating to an identified or identifiable natural person.

2. Data Controller

Aureola
Attn: Data Protection Officer
Dortmund, Germany
Email: privacy@talescape.com

3. Overview

Talescape is an interactive storytelling platform that allows users to create, share, and experience stories.
We handle all personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

Most public pages can be used without providing personal data. Certain features (e.g., creating an account, uploading content, participating in contests) require consent to this policy.

4. What Data We Collect

4.1 Account Data

  • Name or display name
  • Email address
  • OAuth provider ID (Google, Discord, Steam, Twitch)
  • Profile picture or avatar (optional)
  • Preferred language and user settings

We do not store passwords when you use social logins.

4.2 Content Data

Bards: stories, chapters, dialogues, images, audio, and settings.
Dreamers: playthrough progress, achievements, reviews, and savegames.

4.3 Technical Data

  • IP address and approximate location (for security)
  • Browser and device type
  • Access timestamps and API requests
  • Session tokens (Laravel Sanctum)
  • Application error and crash logs

We do not use external analytics (e.g., Google Analytics).
Only minimal technical logs are stored for security and debugging.

4.4 Payment Data

Payment processing is handled by Apple, Google, Steam, or third-party processors.
We never store credit card details.
We receive only transaction metadata (amount, currency, status, ID).

5. Legal Basis for Processing

  • Art. 6 (1)(b) GDPR – to fulfill our contractual obligations (e.g., account creation, purchases).
  • Art. 6 (1)(a) GDPR – for specific consent (e.g., newsletter).
  • Art. 6 (1)(f) GDPR – for legitimate interests such as platform security and quality assurance.

You may withdraw consent at any time.

6. How We Use the Data

We process your data to:

  • Provide access to your account and stories
  • Display and host user-generated content
  • Handle purchases, saves, and reviews
  • Moderate and validate stories under our Content Guidelines
  • Communicate important updates, legal notices, or contest information
  • Improve performance and security

We never sell personal data or use it for behavioral advertising.

7. Automated Checks and Moderation

Talescape uses automated systems to ensure quality and community safety.
These systems may analyze uploaded text or images for:

  • Policy violations (e.g., explicit or illegal content)
  • Story structure and completeness (editor checks)
  • Technical or metadata errors

Automated checks do not make legal or employment-related decisions.
Their sole purpose is content validation and moderation assistance.

8. External APIs and Moderation Services

To maintain safety and compliance, Talescape may transmit limited data to external moderation APIs (for example, OpenAI Moderation API or comparable providers).
Only the relevant text or image data is processed, no personally identifying information is shared.
Data sent to these APIs is used exclusively for automated moderation and not for model training or external analytics.

All third-party services used for moderation or AI processing comply with GDPR or equivalent data protection standards.

9. YouTube Videos

Our website and documentation may include YouTube videos, for example tutorials, trailers, or other product-related media.

If a YouTube video is displayed or played on our site, personal data may be transmitted to YouTube LLC and Google Ireland Limited, including:

  • Your IP address
  • Browser and device information
  • Referrer URL
  • Usage data such as whether and when a video was started
  • Cookies or similar identifiers set by YouTube/Google

This processing takes place solely in connection with the embedded YouTube content. Talescape does not receive detailed personal viewer profiles from YouTube and does not use video views for its own analytics or advertising.

We use YouTube’s privacy-enhanced mode (youtube-nocookie.com) whenever possible. Even in this mode, a connection to YouTube or Google servers may still be established once the video is loaded or played.

The integration of YouTube videos is based on our legitimate interest in providing helpful audiovisual content and presenting our services in a user-friendly way pursuant to Art. 6 (1)(f) GDPR. Where required, we will rely on your consent before loading third-party media.

For more information on how YouTube and Google process personal data, please refer to Google’s Privacy Policy.

10. Contests and Community Programs

If you participate in official Talescape contests or events, we may process:

  • Your name or display name
  • Contact email
  • Submitted story or media
  • Prize payment details (if applicable)

This processing is based on Art. 6 (1)(b) (contract performance) and Art. 6 (1)(a) (consent).
We use your contact information only for contest administration, prize distribution, and related communication.

11. Contact Forms and Closed Beta Registration

If you contact us through a form on our website, we process the information you provide to handle your request, respond to your message, and, where applicable, manage your application for programs such as the Talescape closed beta.

Depending on the form, this may include:

  • Your name or display name
  • Email address
  • The content of your message or application
  • Technical metadata required for submission security, such as the submission time and IP address

When you register interest in the closed beta, we use this information solely to review your application, communicate with you about participation, and organize access to the beta program. Submission data is not used for unrelated marketing purposes.

To protect our forms against spam and abuse, we may use technical safeguards such as honeypot fields or similar validation mechanisms.

The processing of contact form submissions is based on Art. 6 (1)(b) GDPR where your request relates to pre-contractual or contractual communication, and otherwise on Art. 6 (1)(f) GDPR based on our legitimate interest in handling inquiries and operating secure communication channels.

12. Newsletter and Communications

If you subscribe to the Talescape newsletter, we collect and store your email address solely for sending updates about new features, contests, and announcements.
You can unsubscribe at any time via the link in each email.
Newsletter data is never shared with third parties.

13. Story Preservation (Final Decree)

To ensure long-term accessibility of creative works, Talescape may archive published stories under its Final Decree preservation program.
Archived stories are stored securely and may remain accessible for cultural or historical purposes, even after a user account is deleted.
No personal data beyond what is necessary for attribution (e.g., author name) is retained.

14. Data Sharing

We only share data where necessary to provide the service:

  • OAuth providers – login authentication
  • Payment processors – billing and payout processing
  • Cloud storage providers – secure hosting of media files
  • Moderation services – automated text/image evaluation
  • Legal authorities – only if required by law

All partners operate under GDPR-compliant data processing agreements.

15. Data Storage and Retention

  • Servers and backups are hosted within the European Union.
  • Personal data is retained only as long as required for service or legal compliance.
  • When you delete your account, all personal data and content are removed except legally required records (e.g., transactions).

16. Cookies and Local Storage

We use only essential cookies and browser storage:

  • Authentication and session tokens
  • CSRF protection
  • Language and theme preferences

No tracking or advertising cookies are used.

17. Security

  • HTTPS/TLS encryption for all communication
  • UUID identifiers for user and story data
  • Role- and policy-based access control
  • Token authentication (Laravel Sanctum)
  • Rate limiting and server-side validation
  • Regular software updates and backups

18. Your Rights (GDPR)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Request erasure (“right to be forgotten”, Art. 17)
  • Restrict processing (Art. 18)
  • Receive your data in a portable format (Art. 20)
  • Object to certain processing (Art. 21)

To exercise these rights, contact privacy@talescape.com.
We may require proof of identity.

19. International Transfers

Where data leaves the EU (e.g., OAuth or moderation APIs), we ensure adequate safeguards such as Standard Contractual Clauses under Art. 46 GDPR.

20. Children’s Privacy

Talescape is intended for users aged 16 and older.
We do not knowingly process data from younger users.
If a minor’s data is identified, it will be deleted immediately upon notice.

21. Updates to This Policy

We may update this policy as our services evolve.
The latest version is always available at
https://talescape.com/legal/privacy-policy.
Changes take effect upon publication, indicated by the “Last Updated” date above.

22. Contact

Aureola / Talescape
Email: privacy@talescape.com
Website: https://talescape.com
Address: see Imprint

Talescape protects both creativity and privacy, collecting only what’s essential to bring stories to life.