Privacy Policy

 

Last Revised: February 11, 2026

 

1. Introduction and Scope

NautiStory (the Application) is operated by NautiStory Development Team. NautiStory provides a digital platform for reading fiction and places strong emphasis on protecting user privacy.

This Privacy Policy describes how we collect, use, store, and safeguard information when you access or use the Application. By using NautiStory, you acknowledge that you have read and accepted the practices described in this Policy.

 

2. Purposes and Legal Grounds for Processing

We process personal data for legitimate purposes, including:

Service Operation: Enabling account functionality, syncing reading progress across devices, and delivering personalized content recommendations.

Product Optimization: Reviewing anonymized usage patterns to improve content discovery and application performance.

Security and Compliance: Identifying fraudulent activity, abuse, or copyright violations related to user-generated content.

 

3. Categories of Information Collected

3.1 Information You Provide Voluntarily

Account Registration: Information such as username, email address, encrypted password, and optional profile preferences related to reading habits.

Third-Party Sign-In: Basic account details (for example, name and email address) when registering through Google, Apple, or Facebook.

Payment Records: Transaction history and billing-related details, processed securely by Stripe, a PCI-DSS certified payment service provider.

User Contributions: Reading bookmarks, progress markers, comments, and any stories uploaded by users, which are stored using encryption.

 

3.2 Information Collected Automatically

Device and Network Data: Device type, operating system version, IP address, and resettable advertising identifiers.

Usage Metrics: Reading behavior statistics, feature interaction data, and application crash diagnostics collected through Google Analytics for Firebase.

Cookies and Similar Technologies: Session cookies used to maintain login status and aggregated behavioral analytics collected via Amplitude.

 

4. Disclosure of Information

We share data only when necessary, including with:

 

Infrastructure Providers: Amazon Web Services (AWS) for secure cloud hosting and encrypted data storage.

Support Services: Zendesk for customer support communications, with records retained for up to 90 days.

Legal Authorities: Information may be disclosed to comply with lawful requests such as subpoenas or court orders.

Corporate Transactions: In the event of a merger or acquisition, relevant user data may be transferred, with prior notice provided at least 30 days in advance.

 

5. Cross-Border Data Transfers

User data may be stored or processed on servers located in the United States and Germany. Where required, international transfers are safeguarded through recognized legal mechanisms, including the EUU.S. Data Privacy Framework and applicable Standard Contractual Clauses (SCCs).

 

6. Data Protection Measures

We implement industry-standard security practices, such as:

Encryption Technologies: AES-256 encryption for stored user content and TLS 1.2 or higher for data transmission.

Internal Controls: Role-based access limitations for employees and periodic security assessments conducted twice per year.

Vulnerability Reporting: Independent security researchers may submit findings to contact@nautistory.com.

 

7. Your Privacy Rights

Depending on your location, you may have the right to:

Access or Export Information: Download your reading records via Settings > Privacy > Export My Data.

Update or Erase Data: Modify profile information within the app or submit deletion requests by email, which will be handled within 14 days.

Limit Analytics Usage: Adjust device-level settings to restrict advertising or analytics tracking.

 

8. Data Retention Policy

Active Accounts: Information is retained for as long as the account remains in use.

Dormant Accounts: Accounts with no activity for 24 consecutive months may be removed.

Financial Records: Payment-related information is retained for up to 7 years in accordance with tax and accounting regulations.

 

9. Changes to This Policy

If we introduce significant changes to this Privacy Policy, such as new categories of data use or sharing, we will notify users through in-app notifications or email at least 30 days before the changes become effective.

 

10. Eligibility and Age Requirements

NautiStory is not intended for use by children under the age of 13, and we do not knowingly collect personal information from individuals below this age threshold.

For users located in the European Union or the United Kingdom, the minimum age requirement is 16, unless parental or legal guardian consent is obtained in accordance with local regulations.

If we become aware that an account has been created by an underage user, we will take steps to remove the account and delete the associated data within 72 hours.

 

11. Data Controller Information

The entity responsible for data processing under applicable privacy regulations is:

NautiStory Development Team

Contact Email: contact@nautistory.com

 

12. Contact Information

For inquiries related to GDPR, CCPA, or general privacy concerns, please contact us at:

Email: contact@nautistory.com

 

13. Governing Language

The English version of this Privacy Policy shall prevail in the event of any inconsistency. Translated versions are provided solely for reference purposes.