Privacy Policy

Last updated: October 14, 2025

1. Introduction

This Privacy Policy (the "Policy") explains how Cyrolo LLC ("we", "our", "Data Controller") collects, uses, protects, transfers, and otherwise processes your personal data when you use the Amaya Stories website (amayastories.com) and/or our services.

This policy also defines your rights under Regulation (EU) 2016/679 (GDPR) and applicable United States data protection laws. It is worth reviewing before providing us with any personal information.

This Policy applies to all persons whose data we process – both visitors, customers, and other persons providing information.

2. Legal Basis and Scope

  • GDPR and applicable U.S. data protection laws form the legal basis for this policy.
  • Our service is designed for creating children's books, and we take special care in protecting the privacy of families using our platform.

Principles of Personal Data Processing

  • Lawfulness, fairness, and transparency: data is processed lawfully, fairly, and transparently in relation to the data subject.
  • Purpose limitation: data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes.
  • Data minimization: only data that is adequate, relevant, and necessary for the specified purposes is processed.
  • Accuracy: data is accurate and, where necessary, kept up to date; measures are taken to ensure that inaccurate data is deleted or corrected without delay.
  • Storage limitation: data is stored no longer than necessary for the purposes.
  • Integrity and confidentiality: data is processed ensuring appropriate security, including protection against unauthorized processing, loss, destruction, or damage.

3. Data Controller and Responsible Entities

  • Controller: Cyrolo LLC, 30 N GOULD ST STE N, Sheridan, WY 82801, United States.
  • Contact email: info@amayastories.com

4. Data Subjects and Children's Privacy

  • Data subjects: all individuals who visit our website, use our services, communicate with us, or provide information.
  • Children's Privacy: While our service creates content for children, our platform is intended for use by adults (parents, guardians, teachers). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

5. What Data We Collect

We collect only necessary data related to providing services, security, and other described purposes. Details:

Data CategoryWhat We IncludeExamples
Registration/account dataEmail; name (if obtained via Google account); user account settingsEmail address, username, preferences
Authentication dataInformation from Google OAuth (name, email)When you sign in via Google account
Payment dataTransaction dates, amounts, payment identifiers; subscription statusStripe transaction ID, payment amount, date
Story creation dataStory prompts, generated books, age range selections, theme preferencesYour story ideas, generated images, PDFs
Technical/browsing dataIP address, browser type, operating system, session durationAccess logs, error logs
Cookies and similar technologiesSession cookies, login status, preferencesAuthentication tokens, session data

6. Legal Grounds for Data Processing

GDPR and applicable laws provide several legal grounds for data processing – we choose the most appropriate depending on the situation:

  • Contract performance – when data processing is necessary to provide you with our story generation services.
  • Legal obligation – when laws require us to store certain data (e.g., accounting, tax records).
  • Legitimate interest – when we process data for our business security, proper functioning, abuse prevention, and error management.
  • Consent – when data is processed based on your freely given, clear, informed consent.

7. Third-Party Services and Data Transfer

We use trusted third-party services to provide and improve Amaya Stories:

  1. Payment Processing: Stripe processes payment information. We receive only necessary transaction data for accounting and subscription management.
  2. Authentication: Google OAuth for account authentication. Only agreed-upon data is transferred.
  3. AI Services: OpenAI and Google Gemini for image generation. We send only story prompts and age-appropriate parameters.
  4. Cloud Storage: Cloudflare R2 for storing generated PDFs and images.
  5. Hosting Infrastructure: Railway for application hosting with appropriate data protection agreements.

When data must be transferred outside the EEA, this is done with appropriate safeguards (e.g., Standard Contractual Clauses – SCC).

8. Data Retention

  • Account Data: While your account is active or until deletion upon your request.
  • Generated Books: Stored indefinitely in your account unless you delete them. You have full control to download and delete your books.
  • Payment Records: 10 years for tax and accounting compliance.
  • Technical Logs: 30-90 days, or longer if needed for security investigations.

9. Your Rights

You have the following rights regarding your personal data:

  • Right to access: Request a copy of your personal data we hold.
  • Right to correction: Request correction of inaccurate or incomplete data.
  • Right to deletion ("right to be forgotten"): Request deletion of your personal data (subject to legal retention requirements).
  • Right to restrict processing: Request limitation of how we process your data.
  • Right to data portability: Receive your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent at any time (does not affect prior processing).

To exercise your rights, contact us at info@amayastories.com

10. Data Security and Protection Measures

  • Technical measures: SSL/TLS encryption, secure server infrastructure, encrypted data storage.
  • Organizational measures: Access controls, employee training, data processing agreements with all vendors.
  • Backups: Regular backups with secure storage and disaster recovery plans.
  • Incident management: Procedures for responding to data breaches, with notification to affected users and authorities as required by law.

11. Cookies and Tracking Technologies

We use cookies to improve your experience:

  • Essential cookies: Required for login, security, and basic functionality.
  • Functional cookies: Remember your preferences and settings.
  • Analytics cookies: Help us understand how you use the site to improve it.

You can control cookies through your browser settings, but some features may not work without them.

12. Privacy Policy Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be announced on the website and via email to registered users.

13. Contact

  • Controller: Cyrolo LLC
  • Address: 30 N GOULD ST STE N, Sheridan, WY 82801, United States
  • Email: info@amayastories.com

This document was last updated on October 14, 2025