Privacy Policy

We are committed to protecting your privacy and personal data. This policy explains how we collect, use, and safeguard your information in compliance with GDPR, CCPA, and other applicable privacy laws.

Effective Date: August 18, 2025 | Last Updated: August 18, 2025

Your Rights by Location

🇪🇺 European Union (GDPR): Enhanced rights including data portability, erasure, and objection to processing
🇺🇸 California (CCPA): Rights to know, delete, opt-out, and non-discrimination
🇨🇦 Canada (PIPEDA): Rights to access, correct, and withdraw consent for personal information
🌍 Other Jurisdictions: Local privacy rights as applicable under your country's laws

Information We Collect

  • Personal Data: Email address, display name, subscription preferences, and authentication information when you create an account.
  • Reading Data: Reading progress, bookmarks, favorite stories, time spent reading, and story preferences to enhance your personalized experience.
  • Technical Data: IP address, browser type, device information, operating system, and usage patterns for security and optimization.
  • Analytics Data: We use Google Analytics 4 and Firebase Analytics to collect aggregated usage statistics and improve our platform.
  • Payment Data: Payment information is processed by Stripe (PCI DSS compliant). We store only subscription status and billing history, never payment card details.
  • Cookies and Similar Technologies: We use essential, analytics, and advertising cookies as detailed in our Cookie Policy.

Legal Basis for Processing (GDPR)

  • Contractual Necessity: Processing account and subscription data to provide our storytelling platform services.
  • Legitimate Interest: Analytics, security monitoring, and platform improvements that benefit all users.
  • Consent: Marketing communications, non-essential cookies, and personalized advertising (where applicable).
  • Legal Obligation: Compliance with tax laws, data protection regulations, and valid legal requests.
  • EU users can withdraw consent at any time through account settings or by contacting our Data Protection Officer.

How We Use Your Information

  • Service Provision: Deliver our interactive storytelling platform, manage accounts, and process subscriptions.
  • Personalization: Track reading progress, save preferences, and provide personalized story recommendations.
  • Communication: Send account notifications, subscription updates, and optional marketing communications.
  • Analytics: Understand platform usage, identify popular content, and improve user experience through aggregated data analysis.
  • Security: Protect against fraud, unauthorized access, and ensure platform security through monitoring and access controls.
  • Legal Compliance: Meet tax obligations, respond to legal requests, and comply with applicable regulations.
  • Business Operations: Customer support, billing management, and legitimate business purposes.

Information Sharing and Disclosure

  • Service Providers: We share data with essential partners including Google (Firebase/Analytics), Stripe (payments), and Vercel (hosting) under strict data processing agreements.
  • Advertising Partners: Google AdSense processes data to display relevant ads to free tier users. Premium subscribers enjoy ad-free experience.
  • Legal Requirements: We may disclose information when required by law, court order, or to protect rights and safety of users and the platform.
  • Business Transfers: In case of merger, acquisition, or sale, user data may be transferred as part of business assets with equivalent privacy protections.
  • Consent-Based Sharing: Any other sharing requires explicit user consent, which can be withdrawn at any time.
  • We never sell personal data to third parties for marketing purposes.

International Data Transfers

  • Data Processing Locations: Our services operate primarily in the United States with some processing in the European Economic Area.
  • EU-US Adequacy: We rely on approved transfer mechanisms including Standard Contractual Clauses and adequacy decisions where applicable.
  • Safeguards: All international transfers include appropriate technical and organizational measures to protect your data.
  • Third-Party Compliance: Our service providers (Google, Stripe) maintain appropriate certifications and safeguards for international data transfers.
  • Your Rights: EU users retain all GDPR rights regardless of where data is processed.

Your Privacy Rights

GDPR Rights (EU Users)

  • Right of Access: Request information about personal data we hold and receive a copy of your data.
  • Right to Rectification: Correct or update inaccurate or incomplete personal information.
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data when no longer necessary for original purpose.
  • Right to Restrict Processing: Limit how we process your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format or transfer to another service.
  • Right to Object: Object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent: Withdraw consent for any consent-based processing at any time.

CCPA Rights (California Users)

  • Right to Know: Information about personal information collected, used, disclosed, or sold in the past 12 months.
  • Right to Delete: Request deletion of personal information, subject to certain exceptions.
  • Right to Opt-Out: California residents can opt-out of the sale of personal information (we don't sell personal information).
  • Right to Non-Discrimination: Equal service and pricing regardless of exercising privacy rights.

Data Retention

  • Account Data: Retained while your account is active and for up to 3 years after account closure for legal and business purposes.
  • Reading Data: Progress and bookmarks retained for account lifetime and 1 year after closure to enable account recovery.
  • Analytics Data: Aggregated analytics retained for up to 7 years for business analysis and improvement.
  • Payment Records: Billing history retained for 7 years to comply with tax and financial regulations.
  • Legal Holds: Data may be retained longer when required by legal obligations or ongoing legal proceedings.
  • Automated Deletion: We implement automated deletion schedules to ensure data is not retained longer than necessary.

Data Security

  • Encryption: All data transmission uses TLS encryption and data at rest is encrypted using industry-standard protocols.
  • Access Controls: Employee access to personal data is limited, monitored, and requires business justification.
  • Infrastructure Security: We use Google Firebase and Vercel, both SOC 2 Type 2 certified with robust security measures.
  • Regular Audits: Security practices are regularly reviewed and updated to address emerging threats.
  • Incident Response: We have procedures to detect, respond to, and notify users of security incidents as required by law.
  • Privacy by Design: Security and privacy considerations are built into all system designs and updates.

Cookies and Tracking

  • Essential Cookies: Required for login, security, and basic platform functionality (no consent required).
  • Analytics Cookies: Google Analytics cookies to understand usage patterns and improve user experience.
  • Advertising Cookies: Google AdSense cookies for relevant ad display to free tier users.
  • Preference Cookies: Store theme settings, reading preferences, and user interface customizations.
  • Third-Party Cookies: Some cookies are set by our service providers (Google, Stripe) per their privacy policies.
  • Cookie Management: Use our cookie consent banner or browser settings to control non-essential cookies.

Children's Privacy

  • Age Requirement: Morgierra is intended for users aged 13 and older (16+ in EU).
  • No Intentional Collection: We do not knowingly collect personal information from children under the required age.
  • Parental Notification: If we learn we have collected information from a child, we will delete it promptly and notify parents where possible.
  • Parental Rights: Parents may contact us to review, update, or delete their child's information.
  • Enhanced Protections: Any users under 18 receive additional privacy protections as required by applicable laws.

Changes to This Policy

  • Update Notifications: Material changes will be announced via email and prominent platform notices at least 30 days in advance.
  • Version Control: Each version includes an effective date and summary of changes for transparency.
  • Continued Use: Continued use after changes become effective constitutes acceptance, unless withdrawal required by law.
  • Archive Access: Previous versions of this policy are available upon request for transparency.
  • Regular Reviews: This policy is reviewed annually and updated to reflect legal changes and business practices.

Exercise Your Privacy Rights

Contact Information

Privacy Officer: privacy@morgierra.com
General Support: customerservice@lionandwolfgames.com
Data Protection Officer (EU): dpo@lionandwolfgames.com
Response Time: 30 days (GDPR), 45 days (CCPA)

Supervisory Authorities

EU Users: Contact your local data protection authority
California Users: California Attorney General's Office
Canada Users: Office of the Privacy Commissioner of Canada
Lion & Wolf Games LLC | Morgierra Privacy Team
This policy complies with GDPR, CCPA, PIPEDA, and other applicable privacy laws