Privacy Policy

Last updated: 19 May 2026

1. Who We Are

This Privacy Policy describes how Narrative Systems ("we", "us", "our") handles personal data when you use Fabletide ("the Service"). For the purposes of UK GDPR, EU GDPR, and the Saudi Personal Data Protection Law (PDPL), Narrative Systems acts as the controller of personal data described below.

Contact for privacy enquiries: fabletide_support@pointtosource.com.

2. Data We Collect

We collect only what is needed to operate accounts, generate stories, and bill paid plans.

From you, when you create an account

Username (display name)
Email address
Password (stored only as a salted PBKDF2 hash; we cannot read or recover your plaintext password)
Optional parental controls settings (age band, allowed genres)

When you sign in with Google

If you choose to sign in (or create an account) with Google rather than email and password, the Google Sign-In service shares a limited set of profile data with us so we can identify your account. From Google we receive:

Your Google account email address, and whether Google has verified it
Your Google account’s stable identifier (the sub claim) — a unique string that does not change even if you later change your email at Google
Your full name, given name, and family name as set on your Google account
A URL pointing to your Google profile picture, if you have one set

Of the above, we persistently store your email address, the Google stable identifier, the email-verified flag, your given name (as your first name) and family name (as your last name), and a display name derived from your given name. Your profile picture URL passes through during sign-in but is not saved to your Fabletide account.

We request only the openid, email, and profile scopes from Google. We do not ask for access to your Gmail, Drive, Calendar, Contacts, or any other Google service. If your Google account email matches a Fabletide account you previously created with a password, the two are linked automatically so you can continue to sign in either way.

When you use the Service

Story prompts you submit (character names, descriptions, locations, choice picks)
Stories, illustrations, and narration generated for your account
Story metadata (creation time, last activity, retention status, monthly usage counter)
Session tokens for staying logged in (random opaque tokens, not derived from your password)

When you pay

A PayPal payer ID and subscription / order ID, your tier, billing cycle, subscription status, and current period end
The country of the buyer (used to calculate the correct VAT or sales-tax rate)

We do not collect or store your card number, security code (CVV), card expiry date, or billing address. Those are held by PayPal as your payment processor. PayPal’s own privacy notice covers their handling of that data.

Narrative Systems is the seller of record for purchases on the Service. Where required by law, we share buyer-country and transaction data with our tax-compliance service to calculate, collect, and remit applicable VAT or sales tax to the relevant tax authority.

Automatically

Standard server logs (IP address, user-agent, timestamps, requested paths) for security and debugging, retained for up to 30 days.
Cloudflare-level traffic data (CDN, DDoS protection, edge caching) - see Third-Party Processors below.

We do not use advertising trackers, fingerprinting, or marketing analytics SDKs.

3. Why We Use Your Data

To create and maintain your account, keep you signed in, and remember your settings.
To generate stories, illustrations, and narration in response to your prompts.
To enforce tier quotas, retention rules, and parental controls.
To process subscriptions and credit-pack purchases, and to handle refunds.
To send transactional email (welcome, password reset, payment receipts, subscription notices).
To detect, prevent, and respond to abuse, fraud, and security incidents.
To comply with legal obligations.

4. Legal Bases (UK / EU GDPR)

We rely on the following legal bases for processing personal data:

Contract: processing necessary to provide the Service you signed up for.
Legitimate interests: security, fraud prevention, abuse detection, and basic operational logging - balanced against your rights and freedoms.
Legal obligation: to comply with tax, accounting, and law-enforcement requirements applicable to us.
Consent: where we ask for it explicitly (for example, optional features). You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Children’s Data

The Service is designed for children aged 5 to 12, used together with a parent or guardian. Accounts must be created by a parent or legal guardian; the parent is the account holder for legal purposes. We minimise children’s data by design:

We do not ask children for their real names, addresses, photographs of their faces, or schools.
Story prompts may include a chosen character name and description; these are processed by AI providers but are not used for advertising or profiling.
Parental controls allow the account holder to restrict age bands and genres.
Guardrails provide content which is age-appropriate, restricting the use of profanity by both the user and the story generation system.
We do not knowingly collect personal data from a child without parental consent. If you believe we have done so, contact us and we will delete it.

6. Third-Party Processors

We share personal data with the processors below, only to the extent needed for them to perform their service to us. Each processor is bound by a data-processing agreement.

Processor	Purpose	Categories of data
Cloudflare	CDN, edge caching, DNS, DDoS protection, Pages hosting for the public site	IP address, user-agent, request metadata, cached static assets
ngrok	Encrypted tunnel from the public CDN to our self-hosted backend	Request metadata in transit; no persistent storage
n8n (self-hosted)	Backend workflow engine on private infrastructure (auth, story orchestration, payment hooks)	Account data, story content, subscription metadata
PayPal	Payment processing for subscriptions and one-off purchases; subscription billing engine; chargeback resolution	Buyer email, billing address, card / bank / PayPal-balance funding source (all held by PayPal, not by us); we receive only the payer ID, subscription / order ID, amount, and currency
Tax-compliance service (e.g. Quaderno)	Calculation of correct VAT / sales-tax rate per buyer country; filing of UK VAT, EU VAT-OSS, and US state-level sales-tax returns on our behalf	Transaction amount, buyer country, transaction ID, our seller details
eforw.com	Email forwarding for our support and contact addresses	Email content sent to or from `@pointtosource.com` addresses
AI providers	Text, image, and audio generation	The prompts you submit (character names, descriptions, choices) and the resulting generated content. Inputs may be retained by the AI provider per their own retention policies.

We may add or change processors as the Service evolves. Material changes will be reflected in this page and, for paid users, communicated by email.

7. International Transfers

Some processors listed above are based in the United States, the United Kingdom, the European Economic Area, or the Gulf region, and your personal data may be transferred to and processed in those regions. Where required by UK / EU GDPR, transfers rely on Standard Contractual Clauses or equivalent safeguards under the receiving country’s adequacy regime.

8. Data Retention

How long we keep different categories of data

Account data: retained while your account is active, and for up to 30 days after deletion to allow you to recover the account if deleted in error.
Story content: retained per the retention rules of your tier (Demo: not stored; Storyteller: 14 days; Story Spinner: 30 days; Story Sorcerer / Legend: permanent until you delete).
Payment records: retained for at least the period required by tax and accounting law (typically up to 7 years in jurisdictions where we are obliged to do so), then deleted or anonymised.
Server logs: up to 30 days for security and debugging, then deleted.

Deleting some of your data without closing your account

You do not have to close your whole account to remove specific items. The following granular controls are available from within Fabletide:

Delete an individual saved story: open the Story Book, tap the menu on the story you want to remove, and choose Delete. The story, its branches, illustrations, and narration audio are wiped from your account immediately.
Delete a saved character: open the character roster and remove a character. The character entry and its face and body images are wiped immediately.
Reset parental-control preferences: from the Parent Dashboard → Controls tab, change your age bands or genre selections. Earlier values are overwritten.

For other data not covered by the in-app controls (for example, a single line of a specific story prompt, or a specific server log entry), email fabletide_support@pointtosource.com from the email address registered to your account. We will respond within one month, as set out in section 10.

Some categories of data cannot be deleted on request because we are obliged to retain them (for example, payment and tax records). Where a legal obligation prevents deletion, we will tell you which category is affected and how long the obligation runs.

9. How to Delete Your Fabletide Account

You can request deletion of your Fabletide account at any time. Two routes are available.

From inside the app

Sign in to Fabletide on the website (fabletide.kids) or in the mobile app.
Open the Parent Dashboard from the top navigation.
Switch to the Account tab.
Tap Delete account.
Re-enter your account password and type DELETE in capitals to confirm.

By email

If you can no longer sign in (forgotten password, lost access to email, etc.), email fabletide_support@pointtosource.com from the address registered to the account, stating that you wish to delete it. We will verify ownership and process the request within five working days.

What happens after you request deletion

Immediately: your account is flagged as pending deletion. You are signed out of all devices and the website, and further sign-ins are blocked.
Within 30 days: the following are permanently wiped from our systems:
- Saved stories, story branches, choices, and replay history
- Generated illustrations and narration audio
- Saved characters and their face and body images
- Parental controls settings, age bands, and genre preferences
- Session tokens, device registrations, and parental-dashboard biometric opt-ins
- Username and password hash from the active user table
Recovery during the 30-day grace: if you change your mind, email fabletide_support@pointtosource.com within 30 days of the request. We will reinstate the account untouched. After 30 days, recovery is not possible.

What is kept after deletion, and for how long

Payment and tax records: retained for the period required by applicable tax and accounting law (typically up to 7 years in jurisdictions where we are obliged to do so), then deleted or anonymised. We retain only the transaction-level data described in section 6 (payer ID, subscription or order ID, amount, currency, country); we never held your card details, so there is nothing to delete on that front.
Audit and dispute-response record: a tombstone row in an internal audit table is kept for 7 years. It carries the minimum identifying information needed to answer a chargeback dispute, a tax-authority audit, or a regulator query that arrives after the account has otherwise been deleted: your former user ID, the email address registered to the account, your tier at the time of deletion, your subscription status at the time of deletion, and an archive of the payment events tied to that account. It does not contain story content, illustrations, audio, characters, parental controls, prompts, or the password hash. After 7 years this audit row is hard-deleted on the same retention schedule as the underlying payment records.
Server logs: standard request logs continue to be retained for up to 30 days after deletion, then deleted on the normal log-rotation cycle.

10. Your Rights

If you are in the UK, EEA, KSA, or another jurisdiction with comparable rights, you have the right to:

Access the personal data we hold about you
Have inaccurate data corrected
Request deletion of your data, subject to our retention obligations
Receive a copy of your data in a portable format
Object to processing based on legitimate interests
Withdraw consent where we rely on consent
Lodge a complaint with your local data-protection authority (in the UK: the ICO; in the EU: your national authority; in KSA: the Saudi Data & AI Authority)

To exercise any of these rights, email fabletide_support@pointtosource.com. We will respond within one month.

11. Cookies and Local Storage

The Service uses browser localStorage to keep you signed in (a session token), cache the static catalogue of generated stories you own, and remember UI preferences. We do not use third-party advertising or analytics cookies. Cloudflare may set short-lived cookies for security and bot mitigation; these are essential to operating the Service.

12. Fabletide Mobile App

The Fabletide mobile app (Android and iOS) handles a few things differently from the website. This section covers those differences. Everything in the sections above — what data we collect, why we use it, who processes it, your rights — applies to the app as well unless contradicted here.

12.1 What the app stores on your device

To work without a network connection and to remember your session between launches, the app saves the following inside its own private sandbox on your phone or tablet:

Your sign-in token, stored in the operating system’s secure store (Android Keystore-backed encrypted preferences, or iOS Keychain). This lets you stay signed in without re-typing your password each time.
Saved stories you have finished, including the story text for each part, episode titles, images, and audio narration. These are kept so a finished story can be re-read or re-listened-to without an internet connection.
A short-lived cache of images and audio for stories you are currently creating or have recently opened. The phone’s operating system is free to delete this cache at any time when storage is low.
UI preferences: theme choice (light / dark / follow system), whether biometric sign-in is enabled, whether the loading-screen music is muted.
Locally derived parental-controls state, fetched from the server and cached so the app can enforce age-band, genre, daily limit, and time-window restrictions without a round-trip on every action.

This data is private to the app. It is not visible to other apps and it does not leave your device unless you explicitly choose to share something (for example, by exporting a story as a PDF and sharing it via your phone’s share sheet).

12.2 Permissions the app does not request

The app does not request, and cannot read, your photos, contacts, microphone, camera, gallery, or shared device storage. We never write to the public Downloads folder or any other shared location. Because all our local storage lives in the app’s private sandbox, Android and iOS do not require — and we do not surface — a storage permission prompt.

The permissions the app does request are: biometric (Face / fingerprint) for the optional parent-dashboard unlock and sign-in shortcut, and a foreground-service notification for keeping story narration playing on the lock screen while the phone is asleep.

12.3 Managing what the app has stored

You can review and remove the per-story downloads at any time from Parent Dashboard → Account → Downloaded stories. Tapping “Remove” on a story deletes its words, images, and audio from this device; the story can be re-downloaded by opening it again while online (so long as it has not been deleted from your account).

To clear everything the app has saved locally in one step, use your phone’s system settings: Android → Settings → Apps → Fabletide → Storage → Clear data, or iOS → Settings → Fabletide → Reset. Uninstalling the app removes all locally stored data automatically.

Deleting your Fabletide account (as described in Section 9) also clears the device-side data the next time the app is opened and detects the account is gone.

12.4 In-app purchases and subscriptions

On the mobile app, paid plans and credit packs are processed by Apple (App Store / StoreKit) or Google (Google Play Billing) rather than by PayPal. We receive a purchase-verification token from the platform that confirms the transaction; we do not see your payment details. Existing subscribers who originally signed up on the website continue to be billed via PayPal and can manage their subscription on the website.

12.5 Crash reports and diagnostics

The mobile app may include limited on-device diagnostic logging (e.g. story-flow checkpoints, asset-fetch outcomes) that is only visible to the app itself and never transmitted off the device unless you choose to share a support log with us. We do not currently bundle a third-party crash or analytics SDK. If we add one in the future, we will update this section before enabling it.

13. Security

We take reasonable technical and organisational measures to protect your data, including: passwords stored only as salted PBKDF2 hashes, payment data delegated to PayPal / Apple / Google (so we never see card numbers, expiry dates, or CVVs), HTTPS in transit, separation of public CDN from private backend, and access controls on the backend workflow engine. On mobile, sign-in tokens are stored in the operating system’s secure store rather than plain preferences. No system is perfectly secure, and we cannot guarantee absolute security.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be flagged in the application or by email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact

Privacy questions or rights requests: fabletide_support@pointtosource.com.