FeaturesHow It WorksPricingFAQ

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: April 1, 2026

§ 1. Data Controller

The data controller is [OWNER_NAME], conducting business under the name [COMPANY_NAME], [COMPANY_ADDRESS], NIP (tax ID): [NIP], REGON: [REGON] (hereinafter: "Controller").

Contact for data protection matters:

  1. email: contact@fablele.com
  2. post: [COMPANY_ADDRESS]

The Controller has not appointed a Data Protection Officer.

§ 2. What Data We Collect

2.1. Account Data

When you register, we collect:

  1. your email address,
  2. your password (stored exclusively in encrypted form — bcrypt hash).

We do not collect names, postal addresses, phone numbers or identity document details.

2.2. User Content

When using the Application, you create and store:

  1. universes (names, descriptions, parameters),
  2. characters (names, appearance and trait descriptions),
  3. stories (titles, plots, page text),
  4. AI-generated illustrations.

This content may contain personal data of third parties (e.g. names of children for whom stories are created). The Controller processes this data solely for the purpose of providing the Service and does not analyse its content.

2.3. Technical and Analytics Data

We automatically collect:

  1. IP address,
  2. browser type and version,
  3. operating system,
  4. data about your interactions with the Application (pages visited, elements clicked, time spent on pages),
  5. device identifiers.

Analytics data is collected using PostHog (see section 5).

2.4. Payment Data

Payments are processed by Paddle (see section 5), which acts as the Merchant of Record. The Controller does not collect or store credit card numbers, bank account numbers or other payment details. The Controller receives from Paddle only transaction confirmations (transaction ID, amount, date, purchased product).

2.5. Data Transmitted to AI Providers

In order to generate content and illustrations, the following data is transmitted to AI model providers:

  1. character descriptions,
  2. story plots and parameters,
  3. universe parameters,
  4. art style instructions.

This data is transmitted solely for the purpose of fulfilling the generation request and is not used for training AI models.

§ 3. Purposes and Legal Bases

3.1. Performance of the Agreement (Article 6(1)(b) GDPR)

We process account data and user content for the purpose of:

  1. creating and maintaining your Account,
  2. enabling you to create universes, characters and stories,
  3. generating content and illustrations using AI,
  4. sharing stories via public links (when you choose to share them),
  5. processing payments and managing Credits,
  6. sending transactional messages (account verification, password reset, purchase confirmations).

3.2. Legitimate Interest of the Controller (Article 6(1)(f) GDPR)

We process technical data for the purpose of:

  1. ensuring the security of the Application and protection against abuse,
  2. diagnosing technical issues,
  3. monitoring the performance and availability of the Application,
  4. monitoring AI operations (costs, token usage, latency) using Langfuse.

3.3. Consent (Article 6(1)(a) GDPR)

On the basis of your consent, we process data for the purpose of:

  1. analytics and improvement of the Application (PostHog analytics cookies),
  2. sending marketing communications and newsletters.

You may withdraw your consent at any time (see section 8). Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

3.4. Legal Obligations (Article 6(1)(c) GDPR)

We process data to the extent necessary to fulfil legal obligations, in particular:

  1. maintaining tax and accounting records,
  2. fulfilling users' rights under the GDPR,
  3. responding to requests from public authorities.

§ 4. AI and Data Processing

  1. The Application uses AI models provided through the OpenRouter platform and Google models (Gemini) to generate story text and illustrations.
  2. Data transmitted to AI providers includes only the content necessary to generate the requested result (character descriptions, plots, art style parameters). Your email address, password and other identifying data are not transmitted to AI providers.
  3. Data transmitted to AI providers is not used for training AI models.
  4. Generated content (text and illustrations) is stored on the Controller's servers (AWS, EU region) and associated with your Account.
  5. The Controller uses Langfuse to monitor AI operations (tracking token usage, costs, latency and response quality). Langfuse may process fragments of prompts submitted to AI models.

§ 5. Third-Party Data Sharing

The Controller uses the following data processors (sub-processors):

  1. Amazon Web Services (AWS), EU region (Frankfurt, eu-central-1) — Application hosting, file storage (S3), email delivery (SES), content delivery network (CloudFront).
  2. MongoDB Atlas, EU region (Frankfurt, eu-central-1) — database storing account data and user content.
  3. OpenRouter (USA) — intermediary providing access to AI models; user data (character descriptions, plots) is transmitted for the purpose of content generation.
  4. Google / Gemini (USA/global) — AI model provider for text and illustration generation.
  5. PostHog (USA, cloud) — analytics tool collecting data about user interactions with the Application.
  6. Meta Platforms Ireland Ltd. (Ireland) — provider of Meta Pixel and the Conversions API used to measure advertising campaign performance on Facebook and Instagram, build remarketing audiences and report conversions (e.g. waitlist signups). Meta Pixel and CAPI are only activated after the user grants analytics cookie consent.
  7. Langfuse (Germany, cloud) — AI operations monitoring tool (tracking prompts, tokens, costs).
  8. Paddle (United Kingdom) — payment processor acting as Merchant of Record; Paddle is an independent data controller for payment data. Paddle's privacy policy is available at paddle.com.

The Controller may share personal data with public authorities where required by law.

§ 6. International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA) to the following entities:

  1. OpenRouter (USA) — on the basis of Standard Contractual Clauses (SCCs) adopted by the European Commission.
  2. Google (USA) — on the basis of the European Commission's adequacy decision under the EU-US Data Privacy Framework or Standard Contractual Clauses.
  3. PostHog (USA) — on the basis of Standard Contractual Clauses (SCCs).
  4. Paddle (United Kingdom) — on the basis of the European Commission's adequacy decision for the United Kingdom.

In each case, the Controller applies appropriate safeguards in accordance with Chapter V of the GDPR.

§ 7. Data Retention

  1. Account data and user content — for the duration of the Account. After Account deletion, data is archived for 30 days and then permanently deleted.
  2. Analytics data (PostHog) — for a period of 12 months from the date of collection.
  3. AI operations data (Langfuse) — for a period of 90 days from the date of collection.
  4. Payment transaction data — for the period required by tax and accounting legislation (5 years from the end of the tax year in which the transaction was made).
  5. Marketing consents — until consent is withdrawn.
  6. Security logs — for a period of 90 days.

§ 8. Your Rights

Under the GDPR, you have the following rights:

  1. Right of access — you may obtain information about what data we process and receive a copy of it.
  2. Right to rectification — you may request the correction of inaccurate or the completion of incomplete data.
  3. Right to erasure ("right to be forgotten") — you may request the deletion of your data. You can do this yourself by deleting your Account in the Application.
  4. Right to restriction of processing — you may request the restriction of processing in certain circumstances.
  5. Right to data portability — you may download your data in JSON format (data export function in the Application).
  6. Right to object — you may object to the processing of your data based on the Controller's legitimate interest.
  7. Right to withdraw consent — you may withdraw your consent to data processing (e.g. analytics, marketing) at any time without affecting the lawfulness of prior processing.
  8. Right to lodge a complaint — you have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl.

To exercise any of the above rights, please contact the Controller at: contact@fablele.com. The Controller shall respond without undue delay, and no later than 30 days from receipt of the request.

§ 9. Cookies

  1. The Application uses the following categories of cookies:
    1. Essential — required for the proper functioning of the Application (authentication, session maintenance). These do not require consent.
    2. Functional — remember your preferences (language, colour theme). These do not require consent.
    3. Analytics — collect data about how you use the Application (PostHog) and measure the effectiveness of advertising campaigns on Meta platforms (Meta Pixel). These require your consent.
  2. You may manage your cookie preferences at any time using the cookie settings available in the Application.
  3. Disabling essential cookies may prevent you from using the Application properly.

§ 10. Children's Privacy

  1. The Application is intended for persons aged 13 and over. Persons under 18 should obtain the consent of their legal guardian before registering an Account.
  2. The Controller does not knowingly collect personal data directly from children under 13 years of age.
  3. Content created in the Application (stories, characters) may contain children's data (e.g. names), but this data is entered and managed exclusively by an adult user or a user aged 13 or over with parental consent.
  4. If the Controller becomes aware that it is processing the data of a child under 13 without the consent of a legal guardian, it will promptly delete such data.

§ 11. UK Provisions

  1. This section applies to users who are habitually resident in the United Kingdom.
  2. The personal data of UK residents is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The legal bases and user rights described in this Policy apply correspondingly under UK law.
  3. Transfers of personal data of UK residents outside the United Kingdom are carried out on the basis of appropriate safeguards under the UK GDPR, including the International Data Transfer Agreement (IDTA) or the UK Addendum to Standard Contractual Clauses.
  4. UK residents have the right to lodge a complaint with the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, ico.org.uk.

§ 12. Changes to This Policy

  1. The Controller reserves the right to amend this Privacy Policy to reflect changes in the law, changes in data processing practices or changes in the Application's functionalities.
  2. Users will be informed of material changes to this Privacy Policy by email or by a notification in the Application, with at least 14 days' advance notice.
  3. Continued use of the Application after the amended Privacy Policy takes effect constitutes acceptance of the changes.

§ 13. Contact

If you have questions about this Privacy Policy or the processing of your personal data, please contact us:

  1. email: contact@fablele.com
  2. post: [COMPANY_NAME], [COMPANY_ADDRESS]

This Privacy Policy is available in Polish and English. In the event of any discrepancy between the language versions, the Polish version shall prevail.