Legal
Privacy Policy
Effective date: March 29, 2026
Summary
We use passwordless sign-in, process payments via Razorpay, and use AI providers to generate stories and images.
1. Introduction
CinematicTale ("we", "us", or "our") operates https://cinematictale.com. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service.
This policy is aligned with the Indian Information Technology Act, 2000 and SPDI Rules, 2011. For users in the EEA, GDPR principles are followed where applicable.
2. What's New (March 2026)
- Passwordless sign-in is now primary. We authenticate using secure email links and OAuth flows.
- No password storage by default. Most users no longer create or manage passwords in-app.
- Session handling improved. Server-side session cookies, CSRF protections, and logout invalidation were strengthened.
- Policy wording clarified. This page now clearly separates authentication cookies from analytics cookies.
3. Information We Collect
3.1 Information You Provide
- Account details: email address, display name, and provider identity (Google or email-link).
- Profile information: optional avatar and public profile details.
- Story content: prompts, generated story text, generated images, and related metadata.
- Payment information: processed by Razorpay. We do not store card numbers or UPI credentials.
3.2 Information Collected Automatically
- Usage data: pages viewed, features used, and session-level interaction events.
- Device data: browser, OS, approximate network details, and request metadata.
- Cookies/local storage: session auth state, CSRF token, and UX preferences.
- Analytics: aggregated product usage through Google Analytics and Vercel Analytics.
4. How We Use Information
- Authenticate users and protect accounts.
- Generate stories, images, and related media based on your prompts.
- Process subscriptions, top-ups, invoices, and payment reconciliation.
- Send transactional emails (sign-in links, billing, verification, support replies).
- Prevent abuse, enforce rate limits, and monitor platform reliability.
- Comply with legal and regulatory obligations.
5. Third-Party Services
We use third-party providers that may process your data only for required service functions.
Authentication, Firestore database, and storage.
Text and image generation for stories and assets.
Alternative provider for image/video generation workloads.
Payment processing for plans and credit top-ups.
Hosting, deployment infrastructure, and edge/network logs.
Rate-limit state and anti-abuse request controls.
6. Data Storage and Security
- TLS/HTTPS encryption for traffic in transit.
- Server-side session cookies and CSRF checks for authenticated API actions.
- Role-appropriate Firestore access controls and server-side validation.
- Rate limiting and webhook signature verification on sensitive endpoints.
No transmission method is fully risk-free. We continuously improve controls, monitoring, and incident response.
7. Data Retention
We retain account and story data while your account is active. On account deletion, user data is removed from active systems within a reasonable operational window, except where legal obligations require retention (for example, payment/tax records).
8. Your Rights
- Access: request a copy of your personal data.
- Correction: update profile fields from account settings.
- Deletion: delete your account and associated data.
- Portability: request export of your story data where feasible.
- Objection/Restriction: contact us for processing concerns.
For any rights request, email saurabhjadhav.devstudio@gmail.com.
10. Children's Privacy
CinematicTale is not intended for children under 13. If you believe a child has provided personal data, contact us and we will investigate and delete as appropriate.
11. Changes to This Policy
We may revise this policy periodically. Material changes will be communicated through updates on this page and, when appropriate, account-level notices.