Tales logo

Tales

Privacy Policy

PRIVACY POLICY

Effective Date: February 12, 2026

Last Updated: February 12, 2026

This Privacy Policy explains how Tales collects, uses, and protects your information.

1. Information We Collect

A. Information You Provide

When creating an account, we collect:

  • Email address (required)
  • Display name (required)
  • Optional profile information:
  • First name
  • Last name
  • Avatar
  • Reading goal

You may also provide:

  • Reviews
  • Ratings
  • Profile descriptions
  • Reports about other users

B. Authentication Data

We support:

  • Email and password login
  • Google sign-in
  • Apple sign-in

When using Google sign-in or Apple sign-in, we receive basic profile information necessary to authenticate your account.

C. Push Notifications

If enabled, we collect device push tokens to deliver notifications.

Notifications are optional and can be disabled at any time in device settings.

D. Technical Data

We use Supabase to:

  • Store account information
  • Store book metadata
  • Operate the backend

We may collect limited technical data such as:

  • Log files
  • Device type
  • Error reports

We do not track individual behavioral analytics or sell personal data.

2. How We Use Information

We use your information to:

  • Operate and maintain the app
  • Display your public content
  • Enable social features
  • Moderate community content
  • Improve performance and stability

3. Public vs Private Information

Reviews and ratings are public by default.

Profiles can be set to private and visible only to approved users.

Your email address is never publicly visible.

4. Data Storage

User and book metadata are stored securely in Supabase.

We do not store book metadata locally on user devices.

Data is transmitted over encrypted connections.

5. Third-Party Services

Tales relies on:

  • Supabase
  • Open Library
  • Google Books

These providers may process data according to their own privacy policies.

6. Account Deletion

You may delete your account at any time within the app.

Upon deletion:

  • Your profile information is removed
  • Associated content may be deleted or anonymized
  • Some limited data may be retained for legal or operational purposes.

7. Data Sharing

We do not:

  • Sell personal data
  • Share personal data for advertising

We may share information:

  • To comply with legal obligations
  • To enforce our Terms

8. Security

We implement reasonable safeguards to protect user information.

However, no method of transmission or storage is completely secure.

9. Children’s Privacy

Tales is not intended for children under 13.

If we learn that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically.

If material changes are made, we may notify users within the app.

11. Contact

For privacy-related inquiries:

Email: owen.stokescawley@gmail.com

12. EEA/UK Privacy Rights (GDPR Notice)

If you are located in the European Economic Area (EEA) or the United Kingdom, the data controller for your personal data is Owen Stokes-Cawley (contact: owen.stokescawley@gmail.com).

Lawful bases for processing. We process personal data under the following legal bases:

Contract: to provide the app and its features (account, social features, storing your library, etc.).

Legitimate interests: to keep Tales secure, prevent abuse, and maintain service reliability (for example, basic logging and moderation).

Consent: where required (for example, enabling push notifications on your device).

Your rights. Subject to applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent (where processing is based on consent)

To exercise these rights, contact owen.stokescawley@gmail.com. You also have the right to lodge a complaint with your local data protection authority.

International transfers. Tales is US-focused, and your data may be processed outside the EEA/UK (for example, by our service providers). Where required, we rely on appropriate safeguards for international transfers (such as standard contractual clauses).

Retention. We keep personal data only as long as needed to operate Tales and for legitimate business or legal purposes. If you delete your account, we remove or anonymize personal data unless we must retain some information for legal or security reasons.

That’s “GDPR-ready” without overpromising (and it aligns with the GDPR notice expectations around what info you disclose).