...
...

Privacy Policy

Effective: February 15, 2026

Data Controller

epixtory is the data controller for your personal information. You can reach us at hello@epixtory.com with privacy questions.

What We Collect

Account data

When you create an account, we collect your email address and, if you use Google sign-in, basic profile information provided by Google (name, profile photo). You may optionally provide a display name, username, bio, and avatar.

Content data

Stories you create, including scene content, scripts, variables, and metadata, are stored on our servers. Reader progress (save data, bookmarks, notes) is stored per-story.

Usage data

We collect basic request logs (IP address, user agent, timestamps) for security and operational purposes. We do not use tracking pixels or third-party analytics at this time.

How We Store Your Data

All data is stored in Supabase, a hosted PostgreSQL service with row-level security. Data is encrypted in transit (TLS) and at rest. Authentication tokens are managed by Supabase Auth.

Cookies & Local Storage

We use cookies exclusively for authentication (Supabase auth tokens). We use browser localStorage for user preferences like theme selection and background animation settings. See our Cookie Policy for the complete list.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Third Parties

We share data with the following services, strictly for platform operation:

  • Supabase — database hosting, authentication, file storage
  • Google OAuth — if you choose to sign in with Google, Google receives a standard OAuth request; we receive your email and basic profile info in return

We do not sell, rent, or trade your personal data to anyone. We do not share data with advertisers or data brokers.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to certain types of processing

To exercise any of these rights, contact us at hello@epixtory.com or use the contact form. We'll respond within 30 days.

Data Retention

Your account data is retained as long as your account is active. If you delete your account, we'll remove your personal data within 30 days. Some data may be retained longer if required by law or for legitimate security purposes (e.g., abuse prevention logs).

Children's Privacy

epixtory is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us and we'll delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we'll let you know through the Platform or email. The "Effective" date at the top of this page indicates when it was last revised.

Contact

Questions? Reach us at hello@epixtory.com or use our contact form.